Why are SMEs a key target for attackers?
While ransomware groups are mostly targeting big organisations, SMEs are increasingly becoming a target. A common technique is the “spray and pray” attack, which involves ransomware groups scanning the internet looking for vulnerabilities they can exploit. Although the tactic has been around awhile, it is more likely to affect SMEs than enterprises, as they may hit hundreds or even thousands of smaller organisations that don’t have the staff to keep all their security up to date. Ideally, businesses need a 24/7 SOC, but these require at least six people to staff, and many SMEs won’t even have that many employees. Rather than constantly monitor security, SMEs may instead hire someone on a one-off project basis to set up their website and security, and then forget about it - leaving their systems vulnerable, and making them an easier target for attackers.
How can MSPs become trusted cyber security partners to the SME community?
MSPs have the skills and technology to deliver enterprise-grade security to smaller organisations. Not only can they provide the necessary staff, but also the software that wouldn’t necessarily be affordable or feasible for a smaller organisation. For example, an MSP can bring in full endpoint detection and protection, a 24/7 SOC, and they can get enterprise-level licensing at a much cheaper price than an SME could secure. Ultimately, MSPs can bring enterprise-level security solutions that SMEs would not be able to put in place on their own.
Why do MSPs confront an intensifying threat landscape?
We’ve seen a shift over the last few years as MSPs are increasingly targeted by threat actors. For cyber criminals, it’s all about the payoff. The appeal of an MSP is that they hold the keys to potentially hundreds of clients and as a result compromising their system is effectively compromising hundreds of others at the same time.
What top steps should every MSP take to bolster their security
One of the biggest things MSPs can do to bolster their security is to encourage good cyber hygiene amongst their staff. Over a third of all compromises are due to password spraying: a method where attackers take a list of common passwords and try them for a large number of users, instead of trying to brute force their way past one password. Password hygiene is still a huge problem. It’s a relatively easy thing to fix - but users still haven’t quite figured it out!
I always recommend using a password manager application, which automatically generates a long and unique password for every login users have. This not only creates passwords that are trickier to break, but also helps stop the ongoing problem of password reuse. Ultimately, it doesn’t matter how secure a system is if users are deploying the same password for some forum on the internet run by a hobbyist without proper security. If that site gets compromised, the user’s password could end up on the internet.
There are additional ways to protect your accounts. Implementing multi factor authentication can stop attackers from getting into your system, even if armed with your password and username.
It’s also important to train your staff on how to avoid sophisticated phishing attacks. Threat actors can get scarily specific in their phishing emails, finding personal details from social media and using it to seem legitimate. I once knew a CSO who received a fake email from his child’s school on the day an incident had occurred there, detailing specific and genuine details. Avoiding sophisticated phishing attacks such as these requires constant vigilance from staff, which in turn requires ongoing training.
What should you look for in a good cyber security partner?
There are two main things I would look for. Firstly, how do they respond when somebody finds bugs in their systems? In this situation, some organisations can become defensive and even threaten legal action. This suggests they don’t have very good security practises - and they probably know it. On the other hand, there are organisations with bug bounty programs that are really appreciative of people reporting vulnerabilities. Some even offer incentives to help find them, transparency and a willingness to improve.
The other thing to look out for is their range of products. It’s important to make sure they have everything you need. Usually I’d say you need a company who can provide endpoint detection, network detection, 24/7 SOC services, and has an incident response team. You don’t want to end up managing multiple organisations because the first couldn’t meet all of your needs - a good cyber security partner does it all.