However, while this trend certainly is bad news, there’s a lot on your side as an IT consultant or service provider. For starters, you’re not alone in dealing with these issues. So much of cybercrime crosses the boundaries between the corporate and national security worlds that government agencies often release free information to help organizations prevent attacks. As Gill mentioned in his blog, it’s worth getting on the mailing lists for some of these agencies so you’re aware when there’s a potential threat that could directly affect you. For example, you can sign up for US-CERT alerts from the Cybersecurity and Infrastructure Security Agency by going to their site, scrolling to the bottom of the page, and subscribing to the alerts.
Additionally, the fact that these attacks are widespread means security vendors innovate frequently to deal with these issues. While the bad guys have their incentives, our industry constantly adapts to changing circumstances and rises to the challenge. MSPs can do the same.
So how do you do your part? When it comes to working with your customers, you want to make sure you’re giving them full, layered security where you can. This includes:
• Endpoint detection and response
This may be one of the more important suggestions here—endpoint detection and response (EDR) needs to play a central role in your security stack. While some customers may drag their feet and stick with antivirus, shifting them to EDR really is in their best interest to help prevent these sophisticated attacks. EDR solutions can look for anomalies in endpoint behavior that could be deemed suspicious. For example, if something on the endpoint starts mass deleting files, it can flag that, alert your team, or even take action on your behalf. With more sophisticated attacks designed to bypass antivirus, adaptive, AI-driven protection may soon become mandatory. It’s worth strongly recommending EDR in the current threat environment (especially as we can expect this trend to only get worse).
• Email protection
Email protection also must be part of any layered security approach. A lot of attacks, particularly multistage, sophisticated cyberthreats, often start with an email. Someone opens an email, downloads an attached document, and the attack launches. Because of this, you don’t want to roll the dice by sticking with native email security—adding an additional, dedicated email security product can help you leverage threat intelligence and machine learning to help protect against potential threats.
• Cloud backup
With the ever-present threat of ransomware, you’ll want to have cloud backups off site. Even if you have an EDR solution that can roll back ransomware, you’ll still want cloud backups in in the event of a site loss due to a natural disaster or for insider threats such as mass deletion of files. It always helps to have a backup.
• Patching
We mentioned earlier how you’re not alone. Most software vendors work tirelessly to both prevent security flaws and, when they crop up, find and fix them. That’s why it’s crucial to do your own part and patch vulnerabilities when updates come available.
The shady business of cybercrime
Unfortunately, cybercrime is big business. As long as cybercriminals have strong financial incentives, they’ll continue finding new ways to compromise organizations. However, if you update your security controls to adapt to this new environment, you can substantially reduce your risk.
As mentioned in the post, one of the most important tools for dealing with this threat environment is endpoint detection and response. SolarWinds® Endpoint Detection and Response uses artificial threat intelligence and behavioral analysis to flag and even respond to suspicious endpoint behaviors when they arise. This means that if a new, unseen threat crops up, SolarWinds EDR can alert you even if the wider security community isn’t yet aware of the threat. Learn more about SolarWinds EDR today.
