The worldwide cost of cybercrime reached $600 billion in 2017, according to a recent study. This estimate takes into account factors such as the theft of intellectual property, disruptions in service and production, online fraud, financial manipulation, and the cost of securing IT networks.
Accenture estimates that cybersecurity costs organizations an average of $11.7 million yearly. The situation is dire and doesn’t appear to be getting any better, especially since cybersecurity skills are in short supply. A cybersecurity skills shortage is currently estimated at 300,000 in the United States and expected to reach 3.5 million globally come 2021.
Organizations large and small are all vulnerable to cyber attacks, but many don’t have the skills or technology to properly protect themselves. Increasingly, companies look to third parties such as MSPs to deliver the security they need. As cyber threats grow in volume and potential for damage, MSPs must keep themselves up to date on cyber threats and cybercrime trends to best protect their customers and, in turn, educate their customers about the types of attacks they are prone to and, if possible, run simulations to test how prepared and protected their businesses are. It’s not just about having the right tools; every level of a customer’s business, from the receptionist up to the CEO, must know what not to do in order to minimize intrusions.
Cyber threats are always evolving as hackers find new ways to break into networks to steal and monetize valuable data. The emergence of IoT (Internet of Things) technologies, for instance, adds opportunities for cybercriminals to strike as more devices get connected to the Internet. As new threats emerge, some of the most prevalent have been wreaking havoc for years – ransomware, email schemes and software vulnerabilities. Such threats demand special attention from MSPs to ensure customers understand them and take the necessary protective measures.
Ransomware, which locks users out of their computers by encrypting data and files, cost victims $5 billion in 2017. To regain access to their data, users are forced to pay ransom, ranging from a few hundred dollars to tens of thousands in some cases. Ransomware is so prevalent that it has become an industry in its own right in the form of ransomware as a service (RaaS), making it possible for cybercriminals with limited technical prowess to order an attack on their chosen through the Dark Web.
Combatting ransomware takes a combination of measures, including endpoint protection, patch management, regular data backups and user education.
One of the most effective ways cyber attackers break into networks is by tricking email users into clicking infected attachments and URLs that, once accessed, download malware into their computers, which can then quickly spread across a network. Email phishing scams have become more and more sophisticated. Some emails look as if they are from a friend, coworker or family member to trick the recipient into clicking a URL or attachment.
Email filters help stop phishing attacks by flagging suspicious messages but it’s impossible to eradicate email threats without educating users. MSPs should work with customers to teach users to recognize and avoid email threats.
Another attack vector commonly used to deliver ransomware is software vulnerabilities. This was the method employed by the WannaCry and Petya ransomware attacks of 2017, which crossed country borders and continents to spread infection. Vulnerabilities typically are errors in coding and configuration in applications, websites and files that hackers exploit to deliver malware.
Vendors issue security patches periodically to address vulnerabilities, but the onus is on users to apply those patches and keep systems up to date. MSPs should get clients to agree to policies requiring that all patches be applied in a timely manner.
As 2018 wears on, cyber threats are bound to break new records as the onslaught of cybercrime continues. MSPs must stay on their toes to ensure their customers have the right combination of technology, best practices and user education to avoid adding to the ever-increasing cybercrime statistics. One way to start is by performing the vSphere 6.5 readiness assessment on your customers’ IT using our cloud-based DCIM software, EcoStruxure™ IT, to determine what they need for a successful upgrade and if it’s even needed. Click here to learn more about the VSphere 6.5 Readiness Assessment.