Ransomware Threat Puts Spotlight on Backup

Companies of every size have realized the importance of business resilience because of a wide variety of disruptions—from cyber-attacks and natural disasters to geopolitical upheaval. They have also evolved their use of the cloud to accommodate remote work using cloud-based applications and other cloud-based services. These companies must also protect systems, applications and data in the cloud, including Software-as-a-Service (SaaS) apps like Microsoft 365.

And because MSPs are often part of the mix of resiliency and security services, they will need cloud-based backup and recovery solutions that are equipped to meet these complex challenges.

Backup is critical for business continuity

Having a robust backup solution is critical for business continuity. Any disruption can potentially be very costly with data and applications spread around different on-premises locations and in the cloud. But the biggest selling point for backup right now is ransomware.

According to the Verizon Business 2022 Data Breach Investigations Report, ransomware breaches increased 13 percent in one year, greater than the past five years combined. By locking up data and apps, cybercriminals can cripple a business. Even if the company can foil the criminals or pay the ransom, there is no guarantee of a smooth restoration. Traditional on-premises backup solutions are no longer sufficient, given their vulnerability and the growth of cloud-based data.

The best defense against cybersecurity breaches is a holistic approach that leverages all sorts of defensive technology to identify and mitigate potential attacks. But at the end of the day, if you have a complete backup of your data available for restoration, then even a successful ransomware attack won’t be fatal. Unfortunately, many firms often manage backup and recovery on autopilot, assuming that their once per day/week/month backup process is sufficient. Ransomware has raised the stakes and made backup a business-critical activity.

Wide-ranging benefits for MSPs and their customers

MSPs should focus on several key benefits of selling cloud-based backup solutions.

Cloud backup is more predictable. Every customer faces cyber threats, so MSPs need a backup infrastructure that can meet their needs regarding availability, scalability, accessibility, and affordability. The cloud checks all those boxes, much more so than individual instances of on-premises solutions.

The cloud is safer. Cloud solutions provide better data durability and can also offer immutable encrypted copies of backups with air-gapped access through secure interfaces.

Cloud-based backup is economical. Unlike on-premises solutions that require costly hardware and support, the cloud enables consumption-based pricing. That makes it easier to incorporate cloud services into existing offerings and pricing schemes.

Cloud solutions simplify backing up everything—on-premises data, SaaS application data, and anything currently stored in the cloud.

For the MSP, there are also a number of vital benefits:

  • Because cloud solutions are more cost-effective and less labor/hardware intensive, they are more profitable.
  • It’s easier to centrally monitor and manage backups across the client base using the cloud and to address recovery operations remotely.
  • Cloud-based solutions with on-premises options offer the flexibility to meet varying customer requirements for backup and recovery. As a result, the MSP is better positioned to provide whatever services the client needs.

Protection against evolving threats

A simple-to-use, reliable cloud backup helps MSPs deliver better service to their customers, no matter the source of disruption. In the case of ransomware, cloud-based backup offers additional insurance against this rapidly expanding threat. That means clients can more quickly recover data and reduce disruption while avoiding the potential cost of paying a ransom or incurring additional expenses for undoing the damage.

As part of a well-rounded security offering, backup is a critical service that will help protect clients and provide additional value that will increase customer loyalty. 

Want to learn more? Download the e-book, Conversational Cloud Backups for MSPs.

Nathan Bradbury is Senior Manager of Systems Engineering for Barracuda MSP, a provider of security and data protection solutions for managed services providers.

Addressing the Mass Exodus from the Workplace

In case you haven’t heard, one of the unexpected consequences of the COVID-19 pandemic and associated economic disruption has been a massive number of people quitting their jobs. Dubbed the “Great Resignation,” this mass exodus in the workforce has led to labor shortages in many sectors along with rising salaries.

Some of this activity is directly related to the pandemic—workers in the service industry that have been displaced by shutdowns but buffered by pandemic assistance payments, have been able to delay their re-entry to the workforce and look for different or better jobs. However, in other sectors, these resignations seem to be driven by a general mass re-assessment of work by employees that have been working from home or have been furloughed. 

According to Fortune, the quit rate has hit an all-time high, although this trend has not affected every sector equally.

All this turnover exacerbates an already big workforce gap in the cybersecurity sector. The U.S. Commerce Department estimates there are about 464,000 U.S. cyber job openings, but not enough new, qualified workers to fill them, according to an article in the Washington Post. Moreover, with cyber-attacks increasing significantly during the pandemic, the need for qualified cybersecurity staff continues to grow.

Staff turnover has also generated new vulnerabilities, as many companies find that former employees have left with company data or may still have access to password-protected applications or networks.

For MSPs, this creates opportunities for business growth while also posing some hiring challenges. 

MSPs that provide security services have already seen first-hand how small and mid-sized businesses have struggled to face new cyber threats with an IT staff that has been stretched thin. Unfortunately, current employment trends are only going to make that problem worse.

While large companies may be able to handle their security needs internally, other companies will increasingly turn to vendors to provide automated security tools and services like XDR (Extended Detection and Response) and MDR (Managed Detection and Response). As a result, SMBs will need a managed services provider that can help them utilize these tools and educate their staff. 

MSPs can also help companies with a high degree of staff turnover to better lock down their infrastructure during the onboarding/offboarding process.

MSPs are also going to face their own hiring challenges. Like their clients, they will be competing for a shrinking pool of qualified candidates. There are few opportunities to expand the field of potential new hires that could be beneficial moving forward.

For example, companies could institute training programs to help create a home-grown team of cybersecurity experts from different departments within the organization. Likewise, MSPs can help their employees learn new skills to address this rapidly expanding market opportunity.

There could also be an expansion of diversity in the hiring base¬—that includes reaching out to a wide variety of educational institutes and hiring employees with a more diverse set of backgrounds and technical skills that may be applicable in cybersecurity. This has the additional benefit of bringing a fresh perspective to security challenges that could help improve responses to these rapidly evolving threats.

Many of the employees who have recently resigned positions were mid-career professionals. According to the Harvard Business Review, there was a 20 percent increase in resignations by people between 30 and 45. In addition, hundreds of thousands of women also left the workforce over the past year. These former employees are typically looking for new opportunities for growth that they could not find in their previous positions.

This is a vast pool of potential employees with a professional background that can leverage their soft skills in cybersecurity positions, according to Forbes

Savvy MSPs can seize this moment. Help clients weather workforce upheaval by providing the automated software and managed services they need to keep data and applications safe, even when they may be short-staffed in the IT department. MSPs can also help grow the pool of available cybersecurity talent by investing in their employees and hiring/training professionals from non-traditional backgrounds. 

It isn’t clear how long the volatile labor market will last, but MSPs can now take advantage of the opportunity to grow their businesses and workforces.

Nathan Bradbury is Senior Manager of Systems Engineering for Barracuda MSP, a provider of security and data protection solutions for managed services providers.

Best Practices for Combating Spear Phishing

As we head into 2020, it’s clear that cybercriminals will continue using spear-phishing attacks as a go-to tactic for attacking victims. In these breaches, attackers heavily research their targets and craft carefully designed messages, usually impersonating a trusted colleague, website, or business. The attacks are designed to steal login credentials, financial data, and other information that can be used for other crimes.

Spear phishing commonly helps enable business email compromise (BEC) attacks. While BEC attacks are still a small percentage of spear phishing attacks overall, they have caused more than $26 billion in losses over four years, according to the FBI.

In a November 2019 report, “Spear Phishing: Top Threats and Trends,” Barracuda analyzed more than 1.5 million spear-phishing emails and identified common trends and types of attacks.

In this research, we identified four common types of spear-phishing attacks:

Brand Impersonation: This type of spear-phishing, designed to impersonate well-known companies and business applications, makes up nearly half of all attacks. They are the most popular type of attack because they are well designed as an entry point to harvest credentials and carry out account takeover. 

Scams: These attacks are designed to capture private, sensitive, and personally identifiable information, such as bank accounts, credit card information, and Social Security numbers. Attackers trick victims into disclosing the information and then use it to either defraud them, steal their identities, or both. Attacks are executed using a variety of hooks, such as lottery winnings, unclaimed packages, donation solicitations, and other tactics. 

Business Email Compromise: Also known as CEO fraud, whaling, and wire-transfer fraud, business email compromise only makes up a small percentage of spear-phishing attacks but it causes substantial losses. Scammers impersonate an employee in the organization, a partner, vendor, or other trusted person in an email requesting a wire transfer or personally identifiable information.

Blackmail: Most blackmail scams are sextortion attacks. Cybercriminals claim to have a compromising video, images, or other content allegedly recorded on the victim’s computer and threaten to share it with all their email contacts unless they pay up.

Business Email Compromise is Costly

The Barracuda research focuses primarily on BEC attacks, because of their high cost. In these attacks, cybercriminals mimic typical business behavior in these operations, with most BEC attacks taking place on weekdays. The majority (85 percent) of BEC attacks are crafted to look like urgent requests meant to illicit an immediate response. As a result, three out of ten spear-phishing emails are successful in fooling employees if they impersonate HR or IT department personnel.

Because these attacks typically don’t include malicious links or attachments, they are often undetected by traditional email security tools. The attacks also rely on successful social engineering tactics.

In the past year , these types of spear-phishing attacks have cost an average financial loss of $270,000 per incident.

According to the report, business email compromise attacks have high click rates. One in ten spear-phishing emails successfully tricks a user into clicking. That number triples when the individual or department being impersonated is within the recipient’s organization. The survey also indicates that respondents believe the cost of these attacks is increasing, including financial impacts such as business interruption, reduced productivity, data loss, regulatory fines, and brand damage. One recent business email compromise scam cost a media conglomerate $29 million. 

Stopping Spear-Phishing Attacks

Barracuda has identified several ways that companies can help protect their data and financial information from these types of BEC and spear-phishing attacks.

Educate Users: Train your customers’ employees on how to recognize employee impersonation. Be sure to point out that phishing attacks don’t always need to have a URL or an attachment, and remind them to double-check email addresses and to pay attention to unusual requests.

Create Robust Internal Policies: Establish policies and protocols that require additional safeguards for wire transfers and other financial transactions. Prohibit email requests for purchases and other monetary transactions. Ensure multiple people are involved in the approval process.

Enforce DMARC Authentication:  Set up DMARC authentication to protect against attackers spoofing your email domain in their impersonation attacks.

Leverage Machine Learning: Don’t rely solely on traditional email security technologies, as most business email compromise attacks are designed to bypass security gateways. Machine learning technologies can analyze internal emails and learn an  individual’s regular communication pattern. Using this data, artificial intelligence can spot anomalies to predict and detect attacks, that might otherwise go undetected.

Respond Quickly: Train your customers’ employees on how to recognize and report an attack. From there, you can use intelligence tools to perform threat hunting and deploy an automated incident response solution that identifies the scope of attacks and quickly removes malicious messages before any damage occurs.

To learn more, download the research report here.

Nathan Bradbury is Manager of Systems Engineering for Barracuda MSP, a provider of security and data protection solutions for managed services providers.

Request My Demo