Linux operating systems power more than 90% of the world’s public cloud workload, from government web servers to smart manufacturing technologies. But as organizations continue to shift operations to the cloud, cybercriminals are following suit and directing their attention to Linux-based cyberattacks.
With a reputation for providing more robust security than rival operating systems, Linux can give users a false sense of security. Consequently, IT and security teams often deprioritize security measures that prevent cybercriminals from gaining unauthorized network access. The simple reality is that no operating system is bulletproof, which is evident when you look at the 650% increase in malware targeting Linux in H1 2022 compared to the previous year.
So, to effectively defend customers’ cloud environments against sophisticated attackers, managed service providers (MSPs) need to stay current in best security practices for Linux and guide customers through the deployment of end-to-end security measures.
What makes Linux such an attractive target?
Organizations across industries rely on Linux operating systems to run mission-critical applications, web servers and cloud infrastructure. In recent years, many businesses have also adopted “smart” technologies that run on Linux, including countless Internet of Things (IoT) devices. But many of the servers and network devices powered by Linux face external networks and handle high volumes of traffic, creating a larger attack surface and more opportunities for bad actors to gain access.
Additionally, the inherent sense of security associated with Linux causes IT and security teams to place critical measures like patching and resolving misconfigurations on the backburner. This is a mistake because like any operating system, an improper Linux configuration can lead to vulnerabilities and security gaps.
Combined, these factors make Linux an enticing target for attackers. More organizations operate in Linux-based cloud environments than ever before, and the deprioritization of security measures leaves fewer hoops for cybercriminals to jump through to gain access. So, it’s no surprise that adversaries developed nearly 1.7 million new malware programs targeting Linux in H1 2022 alone.
How to protect customers’ Linux-based operations against growing threats
Linux security should be top of mind for MSPs, from initial deployment to ongoing maintenance. Whether you act as a consultant, help monitor for threats or are in charge of security operations, you play an important role in defending customers against Linux-based cyberattacks.
With that in mind, here are three tactics you need to include in your toolkit:
Attacks on Linux often stem from misconfigurations and poor administration, which means security is a top priority when planning for and deploying the operating system. As you help customers prepare for a Linux deployment, consider access controls, plans for system backups, and determine how frequently you will update the system. You should also identify which security functions you can automate for faster threat detection.
In addition to maintaining cybersecurity hygiene, you can help customers determine which protection tools are the right fit for their distribution and business needs. In many cases, customers will require additional threat hunting services to monitor and respond to threats once these tools are installed.
The most important thing you can do is to act now. Don’t wait until your customers are under siege by cybercriminals to help secure their operations. While downtime from deploying protective measures may feel inconvenient at first, remember that you’ll incur much more downtime trying to recover from a data breach than you would implementing proactive security measures in the first place.
Scott Barlow is VP, Global MSP & Cloud Alliances, at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
