Six Ways IT Service Providers Can Protect Their Clients from Ransomware

By 2020, remote workers will account for 72 per cent of the U.S. workforce, according to an International Data Corp. forecast.

That can present a challenge for IT service providers (ITSPs), who are being tasked with performing more security and recovery tasks on a wider range of computing devices in more locations than ever before. The issue is multi-fold and includes:

  • Proliferation of devices (smartphones, tablets and other devices)
  • Wider number of worker locations
  • Closer integration of devices into a company's back-office systems
  • Continuing threats from ransomware

Ransomware has frequently been in the headlines recently, and with good reason. In the first quarter of 2017, reports of mobile ransomware increased 250 per cent over the same quarter in 2016, according to security firm, Kaspersky. Global damage costs from ransomware are expected to top $5 billion in 2017, up from just $325 million in 2015.

Among ITSP clients, data security is the No. 1 priority, according to the Autotask Metrics That Matter 2017 ITSP survey, cited by 44 per cent of respondents. In the past several years, the percentage of revenue that ITSPs derive from security has skyrocketed from six per cent in 2013 to 44 percent currently.

Companies increasingly are turning to their ITSPs for help to protect the company, its employees and its digital assets against ransomware.

New cyber threats pose new security realities

When thinking about cybersecurity, it's not just about if a business will be attacked, it's

about when a business will be attacked. Infection methods have become more sophisticated, and

phishing scams look more realistic than ever. Two of the more recent ransomware attacks serve as valuable evidence.

In May 2017, a phishing scam posed as a Google Docs request. When people clicked a link

within the email, the hacker was able to access all their emails and contacts, as well as send and delete emails within accounts. The attack compromised more than one million Gmail accounts.

Why was this attack so successful? Because people immediately trusted the emails they received. By leveraging the powerful brand recognition that Google has, the creators of this attack was able to catch people off guard and, in turn, infect more devices.

But perhaps the most destructive ransomware that we have seen this year is WannaCry, which has worm-like capabilities. While most ransomware typically limits infection to the device that clicked and installed it, malware like WannaCry can spread across a network and replicate itself onto other devices. Once WannaCry infects a device, it finds and encrypts files, displays a “ransom note” and demands bitcoin payment from infected users.

In the first few days after the WannaCry virus was widely reported, it had spread to 150 countries, impacting 10,000 organizations, 200,000 individuals and 400,000 machines. A few days later, a new variant of WannaCry emerged, infecting 3,600 computers an hour.

These occurrences reaffirm that cybercriminals are more clever than ever, their targets are larger and their attack methods are more aggressive. IT service providers need to be prepared to help their clients should ransomware infect their devices and, most of all, ITSPs must be equipped to minimize or prevent critical business data from being stolen.

How to prepare your clients

Much like biological viruses, there are many ransomware threats circulating the web. Some are well known, while some are new and others are not yet known. With each occurrence, the sophistication of these viruses is increasing in a multitude of ways, including how they spread and encrypt data.

What this means for ITSPs is that there is no single-prong approach for protecting clients—or their business—from ransomware. Being able to mitigate or prevent attacks is to have an agile, multi-layered approach that can adapt as new and increasingly hostile threats emerge. A best-in-class approach consists of six layers:

Patching. The most basic layer of protection is to monitor and patch all computers and applications as soon as patches are released. The latest patches can close all known OS security vulnerabilities. Patching provides the most basic layer of protection to operating systems, especially once a security flaw is uncovered. When clients have the latest patches, they can ensure their operating systems are running at peak performance and that all system vulnerabilities are addressed.

Anti-virus and network monitoring. People are being targeted through more sources than ever—email, ad networks, mobile applications and devices. Anti-virus and network monitoring examines all files and traffic, filtering them against all known threats. Keeping virus definition files current is critical to ensuring these systems are running at peak performance.

Backup and disaster recovery. There is sometimes a gap between when a threat is first introduced and when a vendor is notified and develops a remedy. Making a full-system backup protects back-office systems when an attack occurs and provides a recovery option for unknown threats and even the most catastrophic failures.

Endpoint backup. Although there's a layer of protection on back-office systems, backup and recovery of data for these devices are still needed. These devices create, share and store business data, and if a cybercriminal captures this proprietary and sensitive information, it can have a significant impact on business productivity and profitability. Enabling real-time data backup on these endpoints can prevent business-critical information from being compromised.

Secure file sync and share. Allow employees to collaborate securely from any location and using any device—even their smartphones and tablets. Grant access and editing controls for specific documents, such as Word documents, Excel spreadsheets and PowerPoint presentations, and allow employees to recover documents that are maliciously or accidentally deleted.

Education and awareness. IT service providers must educate clients and their employees about cybersecurity risks, new ransomware strains and best practices for spotting phishing attempts, suspicious emails and other security risks. Empowering them to be proactive and encouraging them to report questionable content using rewards and incentives will help increase awareness and decrease overall risk.

Although larger companies are more attractive to cybercriminals, no company is safe. The issue of data security and the potential for ransomware and other types of cyberattacks should be top of mind for all ITSPs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.