Recent insight from data protection vendor Datto puts MSPs on notices to secure their own environments to protect both their business and that of their customers.
The use of “island hopping” by attackers to leverage one organization’s network to gain access to another has been growing in popularity and sophistication. According to Datto’s director of channel development, Eric Torres, who spoke recently at the Xchange 2020 conference, MSPs are under greater attack today due to their direct and unlimited access to customer networks. “The rate of attacks is also growing, from one attack about 18 months ago to five attacks just this week alone,” said Torres.
Cybercriminals are very aware of the relationship between MSPs and their customers. We’ve even seen attacks where MSP-specific tools are disabled in order to avoid detection or have used an MSP tool to gain access. In essence, MSPs need to begin to look inward at their own security stance, policies, and behaviors to improve the security of their network as a means of ensuring the security of their customer’s networks.
Many of these attacks on MSP networks begin with a phishing attack, attempting to gain a foothold within the MSP’s network and allowing attackers the opportunity to laterally move, perform diligence tasks, exfiltrate data, and hold data for ransom. According to Datto, 85% of MSPs report their SMB customers experiencing ransomware attacks within the last 12 months.
Even MSPs need to make certain their employees have a security mindset; the security of your customers may very well depend on it. Putting employees through Security Awareness Training can significantly reduce the likelihood that employees will interact with a malicious phishing email – thus, reducing the threat footprint within both the MSP and customer organizations.
The only way we’ll see the exponential rise in attacks on MSPs be reduced is when attackers find themselves unsuccessful in gaining access and move onto other softer targets. Leveraging Security Awareness Training is a step towards making this a reality.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
