By Jeffrey Crystal and Ben Nowacky

Jeffrey Crystal

Ben Nowacky

It’s reported that hackers attack every 39 seconds, which averages 2,244 times a day. Based on this, you have either already been attacked, are being attacked right now or you’re about to be attacked.

If that’s not enough to get your attention, consider these statistics:

Clearly, the frequency and severity of cyberattacks are on the rise. Of particular concern is the increasing number of attacks directly targeted at managed service providers (MSPs) and their customers. What’s worse, the attackers often leverage MSPs’ own automation and remote-control tools to directly access and compromise their customers.

Security is a shared responsibility between vendors and partners, and it is imperative that partners also exercise best practices in securing their platforms, tools and devices to minimize risk to themselves and their customers.

Critical Security Practices

In this article, we highlight some critical security practices that should be incorporated into your standard operating procedure (SOP) checklists. This list shouldn’t be considered comprehensive, but instead suggest mitigations for the risks and threat vectors we see most often.

Ensuring password security: Increasingly bad actors are leveraging network monitoring and key-logging software to observe their intended victims for some time, capturing critical administrative passwords and familiarizing themselves with the target environment ahead of their attacks. Due to the skilled and patient nature of these attacks, it’s no longer enough to rely simply on strong passwords. Reusing a single password across multiple customers or environments is particularly dangerous, as once compromised, you’re potentially exposing multiple customers.

A common vulnerability in all too many environments is the presence of default passwords left in place on firewalls, IPMI interfaces and other areas. Default passwords allow attackers to gain dangerous access and privileges within the network. Always make sure default passwords have been replaced to deny this avenue of attack against your systems.

Mitigating ransomware and data destruction: By far the most common attacks involve the use of ransomware (e.g., CryptoLocker) software against your servers and workstations. Once encrypted, your data and systems are held hostage by a ransom demand, and paying the attackers provides no guarantee of recovery. In fact, even if payment results in the release of your systems, it’s almost certain the attackers have left root kits, back doors, and even time bombs, so they can strike again in the future. Only a …

… complete recovery of all compromised systems, from a backup prior to the intrusion, can truly guarantee your systems are no longer under control of the hackers.

Increasingly, attackers are going the extra mile to destroy your data. There’s even the possibility they retain a copy off-site to hold in ransom, which leaves you with nothing left to recover from. Backup and disaster recovery (BDR) systems are a high-priority target of such attackers, destroying backups and even hard-wiping disk storage underneath backup systems to deny you any chance of recovery.

Avoiding exploits of RMM and other tools: Several high-profile attacks are accomplished by improperly gaining access to popular remote monitoring and management (RMM) tools, then exposing hundreds of servers and thousands of workstations across multiple customers, to simultaneously attack with the click of a mouse. Partners must secure such tools to keep malicious attackers from potentially destroying your customer data. Be mindful that the client systems you’re controlling remotely may not be compromised, and attackers may be watching your every keystroke and mouse click.

Protecting Client IT Security: While it is always possible to be the victim of a zero-day attack, most security intrusions are the result of weak passwords, phishing attacks (human engineering of any kind) and well-known security vulnerabilities and malware that might have been prevented. Keep the following points in mind to protect your clients.

Recommendations for Cybersecurity Framework

The National Institute of Standards and Technology released a framework for improving your Critical Infrastructure Cybersecurity. The framework uses business drivers to guide cybersecurity activities and consider cybersecurity risks as part of your organization’s risk management processes. The framework offers a flexible way to address cybersecurity, including the effect cybersecurity has on physical, cyber and people dimensions. It’s applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyberphysical systems (CPS), or connected devices more generally, including the Internet of Things (IoT).

It’s clear that in this escalating threat environment, backup should be your last line of defense against such attacks. Your ability to recover is dependent on the vendor you choose, their security framework and their ability to recover your client’s data.

Find a vendor that takes a multilayer approach to mitigating these risks, while also applying best practices in its operations, including authentication, patching, secure software development, penetration testing and overall corporate and network security.

Jeffrey Crystal is product manager at Axcient, where he is working toward convergence with the X360 portfolio. He joined Axcient when it acquired his former company Replibit, and previously was a senior engineer with a small IT services company providing managed services and helping to develop and pilot managed backup for about 200 SMB customers. You can follow him at LinkedIn or @Axcient on Twitter. 

Ben Nowacky is senior vice president of product at Axcient, where he guides organizations in creating high-performance, scalable teams that cross-cut both product and development. You can follow him on LinkedIn or @Axcient on Twitter.