As 2022 approaches, skyrocketing ransomware threats and extortion demands show no sign of slowing down. Average ransomware demands surged by 518% in the first half of 2021 compared to 2020, while payments climbed by 82% in the same period, according to Infosecurity Magazine. Crippling ransomware attacks caused an average business downtime of six days with costs in the millions.
Cyber criminals actively target SMBs who often lack the resources to fortify defenses against malware like ransomware. In 2022, MSPs can play an even more crucial role in safeguarding small-to-medium-size businesses (SMBs) against ransomware.
This article will provide insights into how MSPs can protect their own house, and their customers, against ransomware with a layered approach to cybersecurity.
Multi-Prong Assaults Require a Multi-Layered Strategy
Netsurion’s security analysts often detect ransomware as part of a multi-faceted assault. Deployed by cyber criminals using leaked or stolen login credentials, these attacks appear like valid users on the network. Ransomware tactics often include a “low and slow” approach that evades detection from siloed tools that lack 24/7 visibility.
REvil, Conti, and Darkside are just a few examples of criminal gangs that successfully use a ransomware tactic called double extortion. In 2022, organizations will continue to uncover exploitation by these well-funded ransomware gangs who adapt and morph their proven techniques. Ransomware-as-a-service (RaaS) enables less sophisticated attackers to scale up to disrupt unsuspecting victims. Proactive prevention is needed upfront to block as many threats as possible, and rapidly detect and remediate everything else.
What Would Your Layered Approach Look Like?
Imagine trying to keep up with the constant shower of threats, including what happens when they do get in – which will occur. A layered approach to cybersecurity provides redundancy in case of security control failure or a future vulnerability is uncovered. Defense-in-Depth security protects against a wide range of threats to cover all the bases. The optimal balance of people, process, and technology can safeguard your customers as well as your own operations. Use a 4-step approach to predict, prevent, detect, and respond (PPDR) to ransomware.
- Predict future attacks before they happen: You can’t protect what you cannot see. To be more proactive and stop pre-attacks earlier, add holistic visibility to each customer’s infrastructure, assets, and attack surface. Threat intelligence is one way to learn more about cybersecurity gangs and their real-world attacker tactics, techniques, and procedures (TTPs). Vulnerability management that encompasses regular scanning pinpoints security gaps before cyber criminals exploit them – providing much-needed time to resolve without attackers lurking.
- Prevent unknown threats: Your legacy anti-virus (AV) and signature-based tools can prevent known attacks but are largely ineffective against unknown and Zero-day attacks. While ransomware prevention may seem like wishful thinking, cybersecurity preparedness and a multi-layered approach overcome merely reacting to breaches instead of predicting and preventing threats. Endpoint protection and mobile security are two ways to stop attacks in real-time before they execute and cause harm. A prevention-first approach dramatically reduces false positives and focuses more of your time on higher-value areas like patching, threat hunting, and hardening customer defenses.
- Detect threats before harm is done: Identify threats in your customer’s infrastructure immediately before ransomware damage occurs. Speed up detection with single-pane-of-glass visibility backed by cybersecurity experts who augment your team. Multiple layers of defense provide extended detection and response (XDR) capability encompassing SIEM, endpoint detection and response, and intrusion detection.
- Respond rapidly to remediate fully: Detection of a ransomware attack takes 175 days on average. A 24/7 SOC (security operations center) uses machine learning and automated playbooks to quickly identify the root cause of security incidents. An integrated platform with comprehensive visibility provides additional threat context to get your customers back to business faster with full recovery.
Defense-in-depth security helps you prepare for and prioritize the most dangerous threats, both known and unknown.
MSP Benefits of Defense-In-Depth
As you prepare for the new year, now’s the time to evaluate your product and service portfolio in response to rising ransomware. MSP advantages include:
- Speeding time-to-market with a more holistic cybersecurity solution
- Moving beyond yesterday’s tools to managed services that drive recurring revenue
- Facilitating new opportunities for up-sell and deeper customer engagement
Expertise plus technology safeguards your entire attack surface across servers, network devices, cloud assets, and endpoints. Learn more about attack surface protection in this ransomware eBook.
Author Paula Rhea, CISSP, is product marketing manager, Netsurion. which develops the EventTracker Managed Threat Protection platform for MSSP and MSP partners. Read more Netsurion guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.