Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business SolarWinds MSP Survey: Companies still failing on the security basics
MSP Business

SolarWinds MSP Survey: Companies still failing on the security basics

By Ian Thornton-Trump
16 May, 2017

In early 2017, SolarWinds® MSP investigated the cybersecurity preparedness, experiences, and failings of 400 SMEs and enterprises, split equally across the US and the UK. Now that the results are in, my anxiety level regarding the state of Internet security has never been higher. I’m also a bit disappointed we (as in the industry) have not made more progress, when it comes to securing our customers.

At one moment, our networks are secure because we are patching diligently and then the next day stuff is exploding all around us. Is there really anything we can do? The answer is yes; there is a lot we can do. 

Picking through the cyber wreckage
wikileaks.jpgThe news of the WannaCry ransomware attacks targeting companies around the world this last weekend is just the latest in a long line of cyber carnage that has been happening. If the past few months are any indicator the damage inflicted on businesses by cyberattacks will escalate, and as this weekend proves it can all happen very, very quickly. It would appear the bad guys have broken through the front lines and are pushing the cyber defenders to the limit. The new SolarWinds MSP survey provides us with insight and perspective around why and how this is happening.

Let’s recap some of the big stories from the past few weeks:

  • Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack. These patches include one for a Microsoft Word zero-day exploit. This exploit has proved equally popular with cyber criminals dropping ransomware, banking Trojans and targeting Ukrainian rebels with malware. Apparently, the hard part of this story is that this zero-day exploit has been around since security firms identified attacks as far back as November 2016, with most firms pointing to the Dridex banking Trojan as the major payload.
     
  • WikiLeaks and Shadowbroker zero-day exploits. Between the “Vault 7” disclosures from Wikileaks and the Shadowbokers zero-day exploits for everything from Windows XP to Windows Server 2012, cybercriminals have (for free) a whole new arsenal of government-made malware to throw at us. If things were not particularly good for Defenders in Q1, Defenders in Q2 are going to have to step up their game even further.

zeroday.jpgSo, the question is how do you tackle the problem of zero-day exploits? Well it’s a combination of your existing best practices—which you are already doing, right?—and securing what’s being targeted. Many of the exploits dumped by Shadowbrokers assume access to Server Message Block (SMB) and the ability to make an SMB connection over TCIP. The recommended best practices are to disable SMBv1 and make sure you are blocking outbound and inbound UDP ports 137 and 138, as well as TCP port 139 and 445 at the firewall. Since one of the exploits targets Kerberos, we know Kerberos clients need to send UDP and TCP packets on port 88, so blocking that at the firewall would give you a win. Since security researchers have managed to get their hands on the payloads, you can expect antivirus vendors to be issuing updates pronto.

Much needed perspective
The new SolarWinds MSP survey provides some much needed perspective and insight into why we’re in this predicament. There are some really startling revelations within the survey, and my view is that it shows the business arena is ripe with opportunities for Managed Service Providers (MSPs) and IT providers to deliver more security services—even simple things like Patch Management as a Service (PMaaS), user awareness training, and Backup as a Service (BaaS).

This series of stats really hit home for me:

“87% of organizations have complete trust in their security techniques and technology, and 59% believe they are less vulnerable than 12 months previous. However, 71% of those same organizations have been breached in the same period.” 

Statistically the belief that “it will never happen to us” simply doesn’t add up. 

The survey offers more insights and data around the kind of security technologies being used, and reveals an updated cost for data breaches. Given the revelations of the past few months, it’s an important read. The bad guys have more tools to break into networks now, which means MSPs and IT providers are going to have a lot of victim customers demanding security services.

Ian trump is global security strategist for SolarWinds MSP. You can follow Ian on Twitter at @phat_hobbit

We've tailored the report to reflect your side of the industry, so…

  • If you're a managed service provider, click here to download the full report 
  • If you're an IT Pro, you should download this version 

 

Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.

You can follow Ian on Twitter® at @phat_hobbit.

 

Click here, to find out more about how SolarWinds MSP can help you protect your customers.

 

Watch the webinars

Check out Ian Thornton-Trump's webinars on the survey below. 

UK

You might also like...
MSP Business

The do's and don'ts of DIY pen testing

Cybersecurity

Top 10 Cyberattack Vectors and Mitigation Tips: Part 1

Best Practices

Two Factor Authentication (2FA) 101: What it is, why it matters for cybersecurity

MSP Business

Operation Cloud Hopper-A wake-up call for MSPs and IT service providers

MSP Business

Are companies spending their IT Security Budget on the wrong things?

MSP Business

Using managed antivirus solutions in your MSP

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • Internet of Things (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Business Risk (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.