Anti-malware solutions can’t completely shoulder the burden of protecting a managed services provider’s (MSP) customers from cyberattacks. Examples abound of antivirus solutions faltering when trying to prevent <insert your chosen very bad thing here>. Cybercriminals have become so much better at slipping malware past defenses to the point where many MSPs now have to perform clean-up activities for their clients, such as restoring data and rebuilding endpoints.
In fact, a recent study from SolarWinds MSP found that, “87 percent of IT executives consider their cybersecurity readiness robust, despite 71 percent reporting at least one breach in the past 12 months.”1 Between IT execs’ overconfidence in their defenses and the tangible evidence of those defenses often failing, organizations should constantly look for more ways to deliver security more effectively.
As the General Data Protection Regulation (GDPR) enforcement date (May 25, 2018) draws closer, anxiety for many MSPs runs high as they’re faced with what seems like increasingly sophisticated and plentiful cyberthreats. A ransomware attack or data breach may need to be reported under GDPR, and failure to report may bring supervisory action in the form of fines and sanctions—something that will make MSPs’ customers unhappy. It’s time for MSPs to consider what additional solutions can help defend their customers from security incidents.
According to the Executive Summary of the SANS 2016 Threat Landscape Survey, the greatest perpetrators of security incidents are end users, especially when using email or visiting websites.2
This warrants an investment in a mail filtering and protection solution to address the vast majority of cases of “attackers getting into endpoints.” This preventive technology attempts to block malware sent via email. These solutions often include features like antivirus engines, spam protection, domain blacklisting, attachment handling, and more, to help prevent email threats from breaking through. Of course, mail filtering and protection solutions aren’t bulletproof—particularly against well-targeted and stealthy malware—so it’s important to use them within the context of a full, well-rounded layered security strategy.
Even though we’re discussing security within the context of an EU law, MSPs may want to take cues from the Australian authorities’ recommendations to help shore up their defenses against cyberattacks and help achieve robust GDPR readiness for their customers. For instance, the Australian Department of Defence lists out four important cyberthreat mitigation strategies. Their website states, “The Australian Signals Directorate (ASD) assesses that implementing the Top 4 will mitigate at least 85% of the intrusion techniques that the Australian Cyber Security Centre responds to.”
The number one mitigation technique suggested by the ASD is “Application Whitelisting,” which refers to a program that prevents users (or malicious actors) from installing software that isn’t included on an approved software list. Application whitelisting tools have been included by Microsoft® in Windows® since Windows Server® 2008 and Windows 7. MSPs that don’t take advantage of this technology miss a great opportunity to provide another robust security layer to clients—for free. AppLocker®, the whitelisting tool provided by Microsoft, even includes a “Rules Generation Wizard” to ease deployment.
Application whitelisting—whether Microsoft AppLocker or a third-party program—can help prevent a Trojan program or ransomware payload from executing on the endpoint. Rather than relying on virus definitions (in the traditional sense), heuristics, or behaviour-based rules, the whitelisting program will prevent any unauthorized program from running. This adds an additional, and extremely effective, defense in the fight against malware attacks.
You may have to spend some time experimenting to get the most out of a free tool like AppLocker. The best times to roll out this security tool are during onboarding, endpoint upgrades, an endpoint refresh project, or an office-wide Windows 10 upgrade. Regardless, it’s an extremely important—and effective—layer of defense in the fight against cybercriminals.
With GDPR’s implementation date on the horizon, MSPs will have greater responsibilities than ever in the data security realm. Failure to protect clients’ data could lead to large fines—for both MSPs and their clients. While there’s no silver bullet technology for GDPR readiness, email protection and application whitelisting can be important weapons to help against data breaches.
1. “New SolarWinds MSP Security Survey Highlights Overconfidence, Lack of Preparedness by IT Execs to Combat Ransomware and Other Attacks,” SolarWinds MSP. https://www.solarwindsmsp.com/about-us/press/press-releases/new-solarwinds-msp-security-survey-highlights-overconfidence-lack (accessed October 2017).
2. “Top 4 Strategies to Mitigate Cyber Intrusions: Mandatory Requirement Explained,” Australian Government Department of Defense. https://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm (accessed October 2017).
This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how the EU General Data Protection Regulation (GDPR) may apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies to your organization, and how best to ensure compliance. SolarWinds MSP makes no warranty, express or implied, or assumes any legal liability or responsibility for the information contained herein, including the accuracy, completeness, or usefulness of any information.
© 2018 SolarWinds MSP UK Ltd. All rights reserved.