The COVID-19 pandemic has made home working the ‘new normal’ for many and created new opportunities for the technology sector. Another group that has taken advantage of the COVID-19 pandemic is that of the cybercriminal.
Incidents of cyberattack - an issue at the best of times - have resulted in unprecedented levels of data and financial loss, remote working offering cybercriminals new ways of scamming employees. This year has seen a 400% increase in cyberattacks that target remote desktops, while email-borne cyberattacks, saw a 667% increase in COVID-19-related email scams during March 2020.
The challenge of remote, cloud-based working, has meant that cybersecurity software spend increased by 41% in April 2020, and continued to increase during May and beyond.
Now is the time for a Managed Service Provider (MSP) to make the most of this surge in cybersecurity threats and redress the balance through the delivery of best-of-breed managed security solutions …
What cybersecurity opportunities are there for MSPs?
Cloud computing enables anywhere, anytime working, and has enabled business as usual to continue with remote working for many organisations.
Cloud solutions have created a disparate and extended work ecosystem. Remote workers can connect using both personal and business devices, to create, share, and collaborate on documents and other data, which can often contain sensitive and proprietary information. Cloud technologies such as Microsoft 365, for example, are ubiquitous across the corporate network; Microsoft 365 now has around 1.2 billion users worldwide. A lot of data flows through these platforms, with a lot of devices and people accessing that data.
Security gaps can include:
Remote workers may use personal devices that do not follow corporate security policy requirements to access cloud-based data. A survey from Checkpoint found that almost half of the 400 organisations interviewed saw Shadow IT - technology used by a department or employee without the knowledge of the IT or security group - as one of the major challenges of a secure remote workforce.
Data and cloud security
During the first half of 2020, 27 billion data records were exposed. Data leaks can often be traced to the misuse/misconfiguration of cloud apps and uncontrolled devices that open security gaps. Ransomware is another serious threat to the protection of data and documents. A 2020 Sophos report found that over half the organisations surveyed had been victims of a ransomware attack.
A report from Blackberry states that mobile devices “bridge the gap between a (security) target’s professional and personal lives”. As such, mobile devices are often the first point of entry in to corporate resources. Mobile security is proving to be “very challenging” according to a report from Cisco “2020 CISO Benchmark Report”. Mobile devices are a key target for cybercriminals who use them to hide malicious apps as well as for “SMShing campaigns” (mobile message phishing) to steal login credentials.
What security tools can an MSP bring to the table?
Cybercriminals may have taken advantage of remote working, but an MSP is perfectly positioned to deliver effective security solutions using affordable and consistent pricing models. There are opportunities for an MSP across many of the key areas of cybersecurity that fit the MSP delivery model:
Endpoint security solutions include Bring Your Own Device (BYOD) protection to manage endpoint security and mitigate security risks across the expanded network. Many solutions use advanced technologies such as AI-based behavioural detection engines to prevent zero-day attacks, malware, ransomware, and other emerging and persistent cyber-threats. Some of the more advanced solutions, such as those from Acronis, also include secure backup and recovery, essential features for ransomware mitigation.
Data protection regulations have become increasingly stringent in recent years as a response to the onslaught of data-related cyberattacks. Laws such as the EU’s GDPR and the UK’s DPA2018 also add layers of complexity to the handling of personal data. MSPs are in a great position to offer not only the technology to help protect data, but consultancy services to deliver these offerings.
Phishing emails are increasingly sophisticated and even security-aware individuals can be tricked. Managed email security solutions, such as email scanning and spam prevention solve many email security issues for enterprises of all size and across all sectors.
Research from Google found that 1 in 100 online ads contained malware. Malicious software may also be hidden in a website using an ‘exploit kit’. Web-borne cyberthreats can be mitigated using managed web filtering solutions. Web/URL filtering, like those from Acronis, perform checks on websites for malware and phishing.
From MSP to MSSP
The remote working environment has opened up opportunities for cybercriminals to exploit. But this has led to opportunities for MSPs who can offer solutions to close security gaps. An MSP that offers managed security services (MSSP) is stepping into a lucrative market, with a recent McKinsey report on security budgets supporting this view by stating:
“crisis-inspired security measures will remain top budget priorities in the third and fourth quarters of 2020,” and with “significant increase in 2021”:
Now is the time for an MSP to take advantage of the rise in cyber-threats and close off the gaps using best-of-breed security tools.