By 2020, remote workers will account for 72 percent of the U.S. workforce, according to an International Data Corporation (IDC) forecast.
That can present a challenge for IT service providers (ITSPs), who are being tasked with performing more security and recovery tasks on a wider range of computing devices in more locations than ever before. The issue is multi–fold and includes:
Proliferation of devices (smartphones, tablets and other devices)
Wider number of worker locations
Closer integration of devices into a company’s back-office systems
Continuing threats from ransomware
Ransomware has frequently been in the headlines recently, and with good reason. In the first quarter of 2017, reports of mobile ransomware increased 250 percent over the same quarter in 2016, according to security firm, Kaspersky. Global damage costs from ransomware are expected to top $5 billion in 2017, up from just $325 million in 2015 according to Cybersecurity Ventures.
Among ITSP clients, data security is the No. 1 priority, according to the Autotask Metrics That Matter™ 2017 ITSP benchmarking survey, cited by 44 percent of respondents. In the past several years, security as a priority has skyrocketed from six per cent in 2013 to 44 per cent currently.
Companies increasingly are turning to their ITSPs for help to protect the company, its employees and its digital assets against ransomware.
New Cyber Threats Pose New Security Realities
When thinking about cybersecurity, it’s not just about if a business will be attacked, it’s about when a business will be attacked. Infection methods have become more sophisticated, and phishing scams look more realistic than ever. Two of the more recent ransomware attacks serve as valuable evidence.
In May 2017, a phishing scam posed as a Google Docs request. When people clicked a link within the email, the hacker was able to access all their emails and contacts, as well as send and delete emails within accounts. The attack compromised more than one million Gmail accounts.
PayPal accounts were also targeted with a highly sophisticated phishing scam that asked people to take a selfie while holding credit cards and a form of identification. Why were these attacks so successful? Because people immediately trusted the emails they received. By leveraging the logos and powerful brand recognition that Google and PayPal have, the creators of these attacks were able to catch people off guard and, in turn, infect more devices.
But perhaps the most destructive ransomware that we have seen this year is WannaCry, which has worm-like capabilities. While most ransomware typically limits infection to the device that clicked and installed it, malware like WannaCry can spread across a network and replicate itself onto other devices. Once WannaCry infects a device, it finds and encrypts files, displays a “ransom note” and demands bitcoin payment from infected users.
In the first few days after the WannaCry virus was widely reported, it had spread to 150 countries, impacting 10,000 organisations, 200,000 individuals and 400,000 machines. A few days later, a new variant of WannaCry emerged, infecting 3,600 computers an hour.
These occurrences reaffirm that cybercriminals are more clever than ever, their targets are larger and their attack methods are more aggressive. IT service providers need to be prepared to help their clients should ransomware infect their devices and, most of all, ITSPs must be equipped to minimise or prevent critical business data from being stolen.
How to Prepare your Clients
Much like biological viruses, there are many ransomware threats circulating the web. Some are well-known, while some are new and others are not yet known. With each occurrence, the sophistication of these viruses is increasing in a multitude of ways, including how they spread and encrypt data.
What this means for ITSPs is that there is no single-prong approach for protecting clients—or their business—from ransomware. Being able to mitigate or prevent attacks is to have an agile, multi-layered approach that can adapt as new and increasingly hostile threats emerge. A best-in-class approach consists of six layers:
Patching. The most basic layer of protection is to monitor and patch all computers and applications as soon as patches are released. The latest patches can close all known OS security vulnerabilities. Patching provides the most basic layer of protection to operating systems, especially once a security flaw is uncovered. When clients have the latest patches, they can ensure their operating systems are running at peak performance and that all system vulnerabilities are addressed.
Anti-virus and network monitoring. People are being targeted through more sources than ever—email, ad networks, mobile applications and devices. Anti-virus and network monitoring examines all files and traffic, filtering them against all known threats. Keeping virus definition files current is critical to ensuring these systems are running at peak performance.
Backup and disaster recovery. There is sometimes a gap between when a threat is first introduced and when a vendor is notified and develops a remedy. Making a full-system backup protects back-office systems when an attack occurs and provides a recovery option for unknown threats and even the most catastrophic failures.
Endpoint backup. Although there’s a layer of protection on back-office systems, backup and recovery of data for these devices are still needed. These devices create, share and store business data, and if a cybercriminal captures this proprietary and sensitive information, it can have a significant impact on business productivity and profitability. Enabling real-time data backup on these endpoints can prevent business-critical information from being compromised.
Secure file sync and share. Allow employees to collaborate securely from any location and using any device—even their smartphones and tablets. Grant access and editing controls for specific documents, such as Word documents, Excel spreadsheets and PowerPoint presentations, and allow employees to recover documents that are maliciously or accidentally deleted.
Education and awareness. IT service providers must educate clients and their employees about cybersecurity risks, new ransomware strains and best practices for spotting phishing attempts, suspicious emails and other security risks. Empowering them to be proactive and encouraging them to report questionable content using rewards and incentives will help increase awareness and decrease overall risk.
Although larger companies are more attractive to cybercriminals, no company is safe. The issue of data security and the potential for ransomware and other types of cyberattacks should be top of mind for all ITSPs.