On the heels of the U.S., U.K., Australia, and Canadian Cybersecurity advisories’ recent warning of an expected increase in attacks on managed service providers (MSPs), it has never been more important for MSPs to proactively address their ransomware attack preparedness. The warning might not come as a surprise to most—there has been an 81% surge since the onset of the pandemic—yet many MSPs remain unprepared.
Ransomware attacks have widespread implications, as one attack on an MSP may open the door to follow-up attacks. What’s more, MSPs can be a critical part of an organization’s value chain and, as a result, are strategic targets for bad actors. If an MSP becomes the victim of an attack, the impact can spread to vendors, partners, customers, and the MSP’s entire supply chain.
As the connector between vendors and customers, it is critical that MSPs quickly retrieve any compromised data so that vendor and customer operations continue running smoothly, in addition to their own. With this in mind, there are three major steps MSPs can follow to keep their critical data protected in the face of growing threats.
Step 1: Create a base layer of protection
There are several technologies and security measures that MSPs can implement as the base layer for their ransomware protection and recovery strategy.
- Multifactor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more types of evidence (or factors) during the login process. The factors are often something the user knows, something they have, or something they are.
- Data encryption encodes information so that only authorized parties can decipher its value or meaning. When you encrypt data, you protect it from malicious actors—anyone who tries to access the data must have an encryption key that you create.
- An immutable backup file contains data that is fixed, unchangeable, and undeletable. Having an immutable backup is critical for organizations that need to ensure they have a copy of recoverable data that remains secure from unforeseen and undesirable accidents or incidents.
Combined, deploying these three tactics creates a basic foundation to safeguard an MSP’s data in case of an attack, ensuring that data is only accessible to authorized users, yet recoverable when a malicious actor inevitably gets in.
Step 2: Ensure consistent monitoring to indicate when a ransomware attack could be underway
Consistent monitoring can be implemented using anomaly detection, which is the ability to identify unexpected events that occur outside the organization’s normal data activity. Understanding changes to the data environment’s normal processes and activities can act as an early warning system to alert when intervention may be needed to address potential attacks.
Anomaly detection and monitoring technologies are especially important as data environments continue to evolve in complexity and structure, notably with the rise of multiclouds. In fact, only 58% of senior IT decision makers believe they can confidently and accurately state the number of cloud services their organization is using. This leaves considerable vulnerabilities to MSPs’ critical data if multiple cloud environments are not under appropriate surveillance. Today, anomaly detection uses AI technology to continually improve its understanding of healthy operation parameters—even in multicloud environments—which can detect unexpected activity, such as network activity spikes, the time it takes to perform a periodic backup, or a change in deduplication ratio.
Step 3: Implement a trusted backup platform
Finally, MSP data managers should implement trusted backup platforms that can automate and orchestrate a complete cross-site or multicloud restoration. This ensures business-critical data is never at risk of being lost, stolen, or corrupted, and can be recovered at the click of a button.
The 3-2-1 backup rule is the tried-and-true approach to ensure a recoverable set of data in the event of an attack. Following this method means having three copies of data, saved to two different types of media, with one set located off-site. Sixty-six percent of senior IT executives, however, do not follow this process, leaving vulnerabilities to an organization’s data protection. Yet in every case, having a strong backup plan that helps recover data is much better than having to pay for a hacker to return it.
As MSPs look to up their data protection strategies to ensure their ransomware preparedness, they should also work closely with their vendors to stay up to date on the latest strategies and technology. To do so, partners should regularly engage in roadmap discussions on a quarterly or six-month basis to ensure they are leveraging the latest product updates. By keeping these three steps in mind, MSPs—and their vendors and customers—will be better equipped to manage and protect their critical business data, ensuring a cyber-resilient future.
MIKE WALKEY, in his role as senior vice president, global channels and alliances for Veritas Technologies, is responsible for overseeing the company’s global ecosystem of partners and alliances. Since joining the company, Walkey has worked closely with Veritas’ partners to design new programs to drive profitability by offering the company’s market-leading data protection and management solutions that address the biggest concerns facing enterprise customers today – the threat of ransomware and managing multicloud complexity.
