If there were any doubts as to the magnitude to which cyberattacks impact IT service providers, the rash of high-profile attacks in the first half of 2017 should have definitively erased them. From Russian hacks to WannaCry to NotPetya, the slew of ransomware and other cyberattacks leading to data breaches has brought cybersecurity to the forefront of everyone's minds, whether or not they work in IT.
However, as channel partners are well aware, there is more to the cybersecurity story than attacks that make the headlines. A new report by Calyptix Security that analyzes threat intelligence data collected exclusively from small business networks in North America. Threat Intelligence Report: 24 Hours of Inbound Attacks on Small Networks reviewed intrusion detection alerts captured from about 800 network security devices at small businesses across the U.S. and Canada
Ben Yarbrough, CEO of Calyptix, says he wanted the study to drill down to network security data from the smallest networks – those ranging from about 5 to 100 endpoints. Intrusion detection alerts were collected from security appliances at these networks for a single 24-hour period in August 2017 for the report.
“Cyber security research tends to either ignore small businesses or roll them into a larger group, such as ‘networks with fewer than 500 endpoints.’ But is a network with 400 devices really a small business environment? We don’t think so, and that’s why we feel this report is critical,” said Yarbrough.
The report confirms that small businesses are frequent targets of cyberattacks and offers specific insights as to where channel partners need to be focusing their energies when devising a comprehensive security solution for their SMB clients. For example, the study outlines in detail exactly which services attackers use the most to gain entry into businesses' systems, preferred targets by geographic region and the industries most favored by hackers.
Here are the top six takeaways for partners:
- The threat is real and small businesses cannot hide in obscurity on the internet. Small business networks are under constant threat and reconnaissance by focused attackers with interest in very specific systems. Top targets at small businesses include Microsoft SQL database, remote access by Microsoft RDP or SSH, VoIP telephone systems, any enabled web content or access, remote management tools, UPS power systems, Windows update systems, Windows file shares and FTP.
- Attackers would not purse any of these systems unless occasionally successful. This reality suggests there remains significant fertile ground for MSPs to educate and serve small business owners.
- MSPs should utilize every available tool to minimize exposure of their own systems as well as their clients from unauthorized access, including VPNs, restricting management access, account lockouts, and enhanced authentication measures.
- Given the scale of attacks and reconnaissance, MSPs should always operate IDS/IPS systems in a protective mode (e.g. block traffic).
- MSP’s should not establish any publicly facing system (e.g. internet exposed) without deliberate consideration and planning, including network segmentation, vigilant patching and maintenance as well as monitoring, especially for unauthorized or unusual access.
- MSPs should exercise caution with cloud service providers to ensure cloud based systems implement reasonable access controls, timely maintenance and ongoing monitored.
As is almost always the case, the client is the biggest source of vulnerabilities (and cybersecurity headaches), and partners need to make sure to build governance guidelines into their service agreements in order to save both their clients from attack and themselves from liability.
"IT professionals need to protect themselves from neglectful clients. You must operate under clear guidelines that outline where your responsibilities start and end," says Adam Sutton, Director of Marketing for Calyptix. "This not only clarifies the value you offer to clients, it also sets clear boundaries that protect you from responsibility if a data breach occurs. This is important for IT service providers in all industries, and especially those who operate in heavily regulated industries such as healthcare and banking."