Gartner Inc. points out that 88% of companies have moved employees to remote working as a result of the Covid-19 pandemic. The rapid nature of the requirement for this change in working conditions was one of the biggest challenges facing companies the world over. Fortunately, technology came to the rescue with tech, such as video conferencing, helping businesses to transition to remote work. Tech vendors, such as Microsoft, stepped up to the challenge, but cybercriminals have also been agile in their response to the opportunity created by the need for remote working. Now is the time for the MSP to look ahead, and identify the security tools that will give the best protection to their customers as they continue to meet pandemic restrictions and in a post-Covid world.
The pattern of remote working established as a result of the pandemic looks set to continue into the future. A recent study by PwC into remote working, shows over two-thirds of companies expecting staff to continue working remotely, at least part-time even when restrictions are lifted.
As we’ve dealt with lockdown in the past year, we’ve been gaining a clearer picture of the cybersecurity landscape, Cisco noting that since the onset of the pandemic, 71% of security professionals have seen an increase in security threats or attacks, and with certain key areas shaping to become trends. These trends can be used to inform an MSP roadmap to help deliver timely, effective, and relevant managed cybersecurity solutions.
Insecure endpoints and ransomware
A 2020 MSP channel survey by Datto on ransomware found that during 2020, 91% of ransomware attacks targeted Windows PCs. The survey also highlights that 25% of MSPs have reported ransomware attacks on customers’ SaaS applications. The way forward according to the Datto report is to use managed endpoint protection and backup solutions. MSPs should expect that endpoint protection must remain a top priority for customers. However, MSPs must look for the most appropriate holistic solutions to meet this challenge. A focus on ransomware mitigation must include backup, anti-malware, and disaster recovery provision. These ransomware mitigation strategies are key to dealing with this trend.
Insecure home networks
With many employees working from home, a business must ensure that the home network is as secure as the office network. The security policies used to protect the corporate network need to incorporate provision for the complexities created by the need for working across multiple satellite home offices, and requires a proactive approach to security. An MSP can supply the technology and services to make sure employee home networks are secure, delivering technology and support covering configuration help, remote desktop management, employee behavioural monitoring, data loss prevention, optional VPN, and disaster recovery for if the worst does happen.
Phishing attacks continue to plague organisations with email weaponised to deliver malware and malicious links. Because email remains such a vital communication tool for a remote working situation, the likelihood is that cybercriminals will continue to use emails as a means to deliver malicious content. The Verizon Data Breach Investigation Report, which tracks attack vectors, shows that phishing consistently comes out as being the main vector for malware and data exposure. The Datto MSP report concurs, stating that phishing emails remain the “number one attack vector”. An MSP can help reduce the threat from phishing using managed email and URL filtering solutions, and as cybercriminals continue to adjust their tactics to circumvent security protection, incorporating solutions that use artificial intelligence (AI) and the AI subset machine learning, will ensure that an MSP stays ahead of the agile nature of these threats.
Poor security hygiene
New devices (including BYOD), new ways of working, the use of online meeting platforms, and cloud collaboration, all add up to creating potential new ways for cybercriminals to exploit. Research from Proofpoint has found that in 99% of cybersecurity attacks, human input is required at some point for the attack to succeed. It's, therefore, more important than ever to train employees in the principles and application of good security hygiene. Informed employees are less likely to expose data by being accidental insiders.
The need for a sophisticated security toolkit and managed services
Today’s requirement to prevent, detect, and respond to and help mitigate the effects of cyberattack requires a sophisticated toolkit. Businesses can find this potentially costly, with a high level of skill needed to configure and use the tools correctly, and meaning that businesses on their own are often unable to provide an adequate level of protection. This is where MSPs can really deliver, offering a state-of-the-art managed security service, designed to fit the needs of remote work for businesses of any type or size, offering security solutions specifically designed to work with their individual setup and customers. These solutions should include the protection of endpoints, data, and cloud services. Secure backup and disaster recovery services are also an integral element of a holistic managed service offering. Taking a 360-degree view of the cyberthreat landscape is essential in a playing field where cybercriminals are agile and continuing to develop new ways in which to attack.
The current need for remote and flexible working looks set to continue while restrictions remain in place as well as post-pandemic. This puts the MSP in the perfect position to offer managed security services. An MSP that delivers cost-effective, smart cybersecurity solutions will keep a competitive edge, able to meet the shifts in the cybersecurity landscape.