The 2021 headlines were dominated throughout the year by ransomware attacks that devastated businesses in every industry.
Some of these landmark attacks included the strikes on the Colonial Pipeline, meatpacking company JBS Foods, the National Basketball Association, insurer CNA, Kaseya, and other organizations. They affected global supply chains, prevented customers from accessing critical services, and caused significant damage to the organizations involved.
These attacks came together to create what the recent 2022 Verizon Data Breach Investigations Report (VDBR) called an “unprecedented year in cybersecurity history.”
The VDBR analyzed 23,896 security incidents throughout the year, 5,212 of which were confirmed breaches. A significant portion of those attacks were categorized as ransomware, which proved to be a 13% rise year over year and led to the headlines we all saw splashed across the newspapers nearly daily throughout the year. This was a record year-over-year increase in ransomware attacks, greater than the past five years combined.
For managed services providers (MSPs), this rising ransomware trend poses a new challenge that their clients must face and a new opportunity to prove the value of their services as trusted advisors. While there are signs that these attacks are slowing down, it’s essential that MSPs educate themselves on the changing threat landscape and the steps they can take to mitigate that risk for their clients and their organizations.
Driving a Rapid Increase in Ransomware
Several factors are driving the increase in ransomware across the globe. First, ransomware has proven incredibly lucrative for attackers as they seek to monetize by compromising organizations and stealing their data. According to recent research, the average cost of ransomware was $1.4 million in 2021 — a hefty sum for any size of business.
The VDBR also attributed the rise in ransomware and other types of cybersecurity attacks to other factors, such as an increase in organized crime, attributing 4 out of 5 breaches to various criminal syndicates. Additionally, the report cited heightened geopolitical tensions as another driving cause of the rise in ransomware, as well as an overall increase in the sophistication, visibility, and awareness of nation-state attacks.
Other risk factors included human error and social engineering attacks. Human error led to nearly 82% of breaches analyzed, and 25% resulted from social engineering. These two trends emphasize the importance of educating the end users as a critical factor in mitigating cybersecurity risk.
Finally, the VDBR called out a rise in supply chain attacks — where attackers leverage weaknesses in an organization’s supply chain to compromise the organization — as a rising risk factor that increased the overall threat landscape. The VDBR categorized 62% of system intrusions as coming through an organization’s supply chain, such as a third-party partner or software provider. This is another factor that could have increased the spread of ransomware throughout the year.
MSPs are Also Under Attack
When it comes to ransomware, it’s not just the customer who is being assaulted — it’s the MSPs, too. Major ransomware attacks in 2021 hit MSP providers, including Kaseya, affecting over 40 MSPs through its VSA remote monitoring and management software. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued guidance to MSPs to respond immediately to this attack and protect themselves and their customers from ransomware.
And unfortunately, the rise in ransomware attacks is not a new trend for MSPs, with the number of cyberattacks jumping nearly 70% in 2021 over the previous year, according to one report, with an average of 1,068 recorded attacks per week. Government and communications were the only two sectors at higher risk than MSPs.
A ransomware attack can cripple an MSP’s systems and infrastructure, preventing it from servicing its clients. Attackers can leverage the MSP as a supply chain to get to its clients — a worst-case outcome for any MSP. Therefore, MSPs should ensure that they are carefully evaluating all these threat areas and taking above-and-beyond measures to protect their organization from attack, including many of the elements listed below. In doing so, they can act as an example to their customers and prevent themselves from serving as a vector of attack to their valued clients.
Further reading Stay safe from ransomware with MSP360
Mitigating Risk from Rising Ransomware Attacks
With attacks on the rise, MSPs are responsible for taking action for themselves and their clients. When it comes to risk mitigation, part of the solution is technology. These technologies can include implementing multi-factor authentication across the organization, limiting access to privileged accounts, prioritizing patching, and implementing endpoint protections such as anti-virus — to name just a few. In addition, an MSP can ensure they are continuously monitoring the customer environment and flagging any potentially suspicious activity.
In addition to technology, it’s also crucial that MSPs address the human element, which was a factor in nearly 82% of all breaches last year, according to the VDBR. MSPs should consider implementing cybersecurity education initiatives for their customers, including providing training on cybersecurity best practices, building strong passwords, identifying potential phishing attacks, and other areas. In doing this, MSPs can empower employees to be part of the solution for their customer organizations. An MSP can also consider charging extra service fees for this type of offering, potentially opening up new revenue streams for the organization.
Finally, an MSP can help its clients prepare for the worst-case scenario in which a successful ransomware attack gets through its customers' protections. In responding to an attack, speed is vital. Preparing and practicing for these events can significantly limit their impact and overall cost to the organization. These preparations can include having regularly tested backups that are segregated from the rest of the environment to ensure a quick recovery and running incident response drills so client leaders know who to call and what to do in the event of an attack.
It’s important to note that the ransomware threat is also constantly evolving. In each of the areas mentioned, the measures required to mitigate the risk will constantly evolve as the threat actors develop their tactics and the defender vendors come out with new technologies to combat them. MSPs need constantly to evaluate their strategies based on the current situation and educate themselves on new ways they can develop their practices to better support their clients. In doing so, they can continue to help their clients face the latest threats.
With ransomware attacks on the rise, MSPs face a crucial crossroads where they have the opportunity to prove their value as a trusted advisor to customers and help them meet this daunting global threat. If they can step up to the plate, they can make a lasting impression on current and potential customers and ensure they stick around for many years to come.
- Cloud and local backups protection
- Backup and recovery operations
- How to use backup software to centralize backup operations
About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.