A multi-layered security approach can protect client data and systems from escalating ransomware attacks.
In September, MGM Resorts faced system outages (affecting hotel room keycard systems and slot machines) and service disruptions at its Las Vegas properties. Caesars Entertainment also reported suffering a data breach that revealed its loyalty program members’ Social Security and driver’s license numbers. Caesars paid half of a $30 million ransom demanded by attackers in exchange for promising not to release the stolen data.
While these big casino ransomware incidents are high-profile, most attacks are against small and midsized businesses where business disruptions and ransom payments can be significant enough to bankrupt victims.
The first ransomware attack happened in 1989 when a disgruntled scientist sent out a trojan on floppy discs to lock up data on computers used by AIDS researchers. Things have steadily gotten worse in recent decades.
According to a recent Barracuda survey, 73 percent of respondents had experienced a ransomware attack. Of those, 63 percent were hit more than once because they had failed to take the necessary steps to close the security gaps that allowed the first attack. Attack frequency is also increasing, with ransomware incidents more than doubling in some industries between 2022 and 2023. Many of these attacks are against healthcare organizations, municipalities, school systems, utilities, and other companies that, while not large, may be more likely to pay a ransom because of how critical their systems are.
So, what can MSPs do to help protect tier clients from these expensive, disruptive attacks? Unfortunately, there is no silver bullet. Guarding against ransomware requires diligence and a multilayered security approach.
Mitigating Attack Damage
At the heart of nearly all successful ransomware attacks is human error, which accounts for more than 80 percent of these incidents, according to several surveys. When unaware employees fall victim to well-constructed social engineering attacks, attackers can quickly steal credentials and gain access to sensitive systems.
While you cannot eliminate human error, you can mitigate the severity of these attacks by educating clients and their employees about essential cybersecurity hygiene, best password management practices, and how to spot and report phishing emails. Companies also need proactive monitoring and threat detection through regular security assessments and establishing a 24/7 security operations center (SOC) that can identify emerging threats and respond quickly.
Setting up a SOC is expensive but mandatory to protect against ransomware. Fortunately, outsourced SOC options are now available that can help MSPs provide these critical services to clients without incurring prohibitive costs. This type of monitoring can help mitigate the damage of these attacks through early detection. In many cases, the threat actors in these attacks are active on the network for as long as 180 days before anyone notices.
There are several best practices that MSPs can help their clients deploy to provide comprehensive protection against ransomware:
- Asset inventory: Cataloging all hardware, software, and cloud assets in an organization to establish a robust security infrastructure. This foundational step helps in designing concentric rings of security, creating multiple defense layers to safeguard critical assets. A well-maintained asset inventory enhances incident response, ensures compliance, and optimizes resource allocation for better operational efficiency.
- Establish endpoint protection with 24/7 monitoring. Modern endpoint solutions look at behavior at the endpoint, which provides good first-layer protection.
- Update security patches. Unpatched systems can provide easy access to cybercriminals. Clients need to understand their assets and what needs to be protected. Automated patch management solutions can help keep the entire environment up to date.
- Block malicious IP addresses. Using geo-blocking and other restrictions can help harden systems against attack.
- Maintain a strong password policy. This requires balancing security with user convenience, but regular password updates can mitigate many attacks. Stolen credentials are worthless if they are changed regularly.
- Multi Factor Authentication: MFA is a security mechanism that requires users to provide two or more forms of identity verification before granting access to a system. These factors can include something you know like a password, something you have like a smartphone or security token, and something you are like a fingerprint or other biometric data. By requiring multiple forms of identification, MFA significantly enhances security by making it more difficult for attackers to gain unauthorized access, even if they manage to compromise one of the authentication factors.
- Provide security awareness training. Many options are available for running simulated attacks and measuring employee responses. Barracuda, for example, provides a managed security awareness training service and simulation tools. Staff need to be aware of how to spot a malicious email, and there should be clear policies around credentials, payment and invoicing processes, and other activities so that social engineering attacks are less likely to succeed.
- Establish a data protection strategy. This means offering a solid backup solution and ensuring the backup is secure and everyone understands how restoration processes will work in the event of an attack. Clients should have an incident response plan and regularly run drills to test it.
- Least privilege: Providing individuals or systems with the minimal levels of access or permissions needed to accomplish their tasks. This proactive measure minimizes potential damage in the event of a security breach, as malicious actors or processes are limited in what they can access. Implementation requires a thorough analysis of what access rights are necessary for each user or system component, along with regular reviews and adjustments to maintain a tight security posture.
Good cyber hygiene, robust backup and recovery systems, endpoint security, 24/7 monitoring, strong password policies, and automated detection and response can help MSP clients avoid having their businesses disrupted by these attacks and help avoid paying ransoms. MSPs that can provide this multilayered security approach will have a competitive advantage as the ransomware problem continues to grow. To get the conversation started, download the Barracuda eBook on Conversational Managed Security Services for MSPs.
Adam Khan is Vice President, Global Security Operations for Barracuda.