How can managed service providers protect their clients against ransomware
One of the greatest fears of a Managed Service Provider is the possibility of a malware attack on their servers. A loss or theft of data or a loss of service could put an end to their business.
The best approach to mitigating the risk of a malware attack is two pronged. The first prong is that of Cyber Security which concentrates on prevention. It`s a lot easier to defend against malware if you can stop it entering your systems in the first place. The second prong is that of IT Security – malware detection and removal. It has been said that the only secure system is one that has not been hacked yet, so no matter how hard you try, at some point the barbarians will get inside the gates and you must be able to detect and remove them.
Most service providers focus strongly on implementing the latest and best IT Security measures, to ensure that they provide the best protection against the many risks out there. The broader aspects of Cyber Security are continually on their mind.
Remember that Cyber Security and IT Security are not one-off exercises. Malware developers and hackers of all types are continually refining existing threats and inventing new ones. It must be part of a business continuity programme, with regular and frequent assessments of new and existing threats and transmission methods and countermeasures against them.
A recent, but deadly threat is ransomware. Simply put, malware is introduced to a system which encrypts the user’s systems and data, making it inaccessible. The user is requested to make a payment, after which they will be provided with a decryption key, allowing them to recover their data. Don’t pay or pay too late and you lose your data.
Ransomware used to be restricted to large corporations, presumably because they were more likely to pay large sums of money to recover their systems. The FBI estimate that just over $200Million was paid out in the first quarter of 2016 alone. They expect it to become a billion dollar business very quickly. As corporate prevention and detection methods improved, ransomware developers quickly realised that home users, with their family pictures and videos were equally likely to pay up. The much larger volumes of potential targets made up for the lower ransom fees.
How then should managed service providers protect their businesses against cyber threats, particularly ransomware?
The first step is to try to stop it coming in at all, and when it does, have industrial strength detection and removal software.
Ransomware attacks mostly arrive as a Trojan embedded in a legitimate file. Typical transmission vectors are Infected email attachments. The favourite types seem to be Microsoft office or PDF files and image files. IT Security measures must therefore include a scan of all incoming email for themselves and all clients and blocking of all dubious emails with suspect attachments.
Other vectors are that of adware and emails asking the user to click on an Internet link. Some websites include adware in their site, which unknown to them can be hijacked and include a ransomware trojan. Email links can take a user to an infected site.
It is therefore imperative that all antivirus and adware protection software is kept up to date, both the application itself and the signature files identifying malware. Most browsers have ad-blocking add-ons that also need to be kept up to date. If the services that the managed service provider supply include applications like browsers, email and Internet access , then any contract with a client must include the right for the service provider to take such actions to protect systems and data. Most clients will readily agree.
If a business is hit, paying the ransom does not always work. Businesses can be tempted to carry out the recovery themselves. Recovery from a ransomware attack can take some time and be a complicated technical process.
It is often best to go back to bare bones systems and bring back systems and data from the latest clean backup. A properly implemented, backup regime, regularly tested is a vital component of the Cyber Security defences.
Managed service providers need industrial strength detection and prevention systems, a working backup system, and policies and procedures to prevent and reduce the effects of not just ransomware, but all cyberattacks.