[GUEST BLOG | 4 MIN READ] Netsurion empowers organizations to successfully predict, prevent, detect, and respond to cybersecurity threats with the EventTracker SIEM platform. EventTracker unifies machine learning, behavior analytics, and security orchestration, and has been recognized for 11 straight years by Gartner on the Magic Quadrant for SIEM. EventTracker is available in multiple tiers and deployment options built for any size company or budget. More and more organizations are seeking SIEM-as-a-Service to realize optimal security results. EventTracker SIEMphonic is a Co-Managed SIEM service complete with 24/7 global Security Operations Center (SOC), powered by threat intelligence.
What would you think is a greater threat, an outside attack or someone from the inside – often times not intentionally trying to do harm?
This is an ongoing debate, but we can say that insider threats are harder to prevent because in most cases there is no ill intent. Cyber criminals are not using traditional attack methods to invade business systems and infrastructures. This means you can’t use traditional cybersecurity defenses to stop them. Not all risks come from external sources, many are internal and companies are starting to take note of the high risk this imposes. We see the outsider threat cases on the news, but not the insider cases, which is also creating a false sense of security when it comes to a “Trojan Horse.” Many businesses that work with Managed Service Providers (MSPs) and MSPs themselves are facing internal risks. With cyber attacks at an all-time high, MSPs need to be vigilant protecting both themselves and their customers.
These four tips will help ensure you are on the right path to protecting your livelihood and your customers as well.
1) Don’t forget about yourself
As an MSP, your risk of being breached is just as high, if not higher, than your customers. Hackers have found that if they gain access to an MSP’s system, they now have easier access to all of their customers’ systems and information. Recently, the U.S. Department of Homeland Security (DHS) warned MSPs, Cloud Services Providers (CSPs), and Managed Security Service Providers (MSSPs) to remain vigilant as cyber gangsters are exploiting them to creep unnoticed into their customers’ networks. Hackers are attacking service providers as the weak link in a supply chain. The DHS strongly advises service providers to take the proper measures and lock down their systems.
The report from DHS highlighted instances of phishing attacks on MSPs targeting three main areas: stolen credentials, misused admin tools, and signature-based malware faults. Once attackers had breached the service provider’s system, they used common admin tools to access their customers’ networks. This in particular shows the ineffectiveness of Remote Desktop Protocol (RDP) and the need for a tightly-controlled Remote Management Tool (RMM). Remember, if a hacker can hack your systems, they can easily gain access to your customer's systems.
2) Go back-to-basics
Patching your programs is an important step. Due to testing and scheduling, most companies take more than 100 days to roll out patches, which is far too long to ensure systems remain uncompromised.
Just patching Windows isn’t enough. In addition to rolling out patches in a timely manner, it is also advised to patch individual programs. Some of the most targeted programs are Java and Adobe Acrobat Reader. If you can’t ensure every application is updated and patched on your customer’s systems, you need to plan to monitor for breaches that leverage common applications.
3) Don’t forget the little guy
Keep your small-to medium-sized business (SMB) customers protected just as thoroughly as your larger customers. Your SMB customers could be your most vulnerable. SMBs often feel they are not a target because they are small and can go unnoticed by hackers. They couldn’t be more wrong. A breach is virtually inevitable for SMBs. Ponemon calls out that 81% of SMBs report that exploits and malware have evaded their anti-virus solutions. In addition, Verizon DBIR reports that 58% of all malware attack victims are small businesses.
Traditionally, hackers target the end users as the weakest link. Every end user needs to be trained by their employer to be vigilant for phishing attacks and other threats. As their MSP, you have to plan for their end users to make mistakes. Remind your SMB customers that training their employees is necessary to help prevent cyber threats and breaches.
4) Traditional defenses are a thing of the past
According to Ponemon, 77% of successful attacks in 2017 utilized “file-less” techniques that bypassed traditional perimeter defenses. It is predicted that one third of all attacks in 2018 will use “file-less” techniques. Firewall, anti-virus software, and email security aren’t enough to evade modern day cyber threats. So, what has changed? A survey of IT professionals indicates two factors are at play: the increasing complexity of the threat landscape and expensive security technologies to combat new threats.
The threat landscape of today demands focus on detection, response, prediction, and continuous monitoring. This means a successful deployment of technologies is dependent on the human element. MSPs are turning to co-sourcing staff that has experience with Security Information and Event Management (SIEM) technology to ensure they are properly protecting themselves and their customers. No matter what technology you deploy, it is important to have a game plan for detecting when perimeter defenses are breached.
Want to learn more from industry veterans about how to best protect yourself and your customers?
Join Passportal and EventTracker on December 13 at 1 p.m. EST (12 p.m. CST) for a Cybersecurity War Stories webinar. Hear first-hand from Dan Wensley, President of Passportal, and A.N. Ananth, co-founder and CEO of EventTracker, a Netsurion Company. They will highlight case studies of “named” breaches, what the victim should have done differently, and how SIEM technology could have helped stop the breach.