Log4j: 4 MSP Best Practices for Protecting Customers

Businesses and cybersecurity professionals received an unwanted holiday gift of sorts at the end of December in the form of a critical remote code vulnerability in Log4j, a Java logging framework used in a wide array of software and systems. While a patch has been issued, cybercriminals have already launched attacks taking advantage of this extensive vulnerability.

VMware confirmed Log4Shell (a software vulnerability in Log4j) exploitation attempts early in January. By most accounts, 2021 was a banner year for cyberattacks, and Log4j made it even worse. Earlier this month, Microsoft noted that the vulnerability was being used to install a new ransomware attack (NightSky) exploiting systems running VMware Horizon. The digital branch of the UK National Health Service (NHS) reported similar activity.

For managed service providers (MSPs) with security offerings, that means a likely uptick in calls from organizations that need help protecting themselves from this new threat, or (more likely) companies that have already experienced a security incident or breach and need help cleaning up the mess.

While the technical fixes to protect against this vulnerability are relatively straightforward, many companies (particularly smaller ones) do not have the know-how or staff to effectively patch every system that requires an update or even identify where they may be vulnerable. In addition, those who have already experienced a data breach or ransomware attack will need some immediate help in restoring their data and applications, along with an assessment of how to protect themselves better in the future.

Security-centric MSPs are likely growing weary from reminding clients and prospects how important it is to implement modern security solutions and application management tools.

However, each new wave of vulnerabilities and attacks provides an opportunity to demonstrate value to existing clients and potentially sell security solutions to companies that find themselves in a cybersecurity emergency. There are a few things to keep in mind when responding to this crisis to help your company take care of existing clients while laying the proper groundwork to attract new business.

Respond quickly and with compassion. In these circumstances, it may be tempting to deliver a standard lecture to panicked customers about how their recent security breach could have been prevented. However, it’s more helpful in the short term for the customer (and long-term for your MSP business) to save the lecture and the sales pitch for later and get down to the business of putting out the current fire.

That said, make sure to do a post-crisis debriefing. An MSP can use this process to introduce security solutions that can help prevent the next crisis.

MSPs should have a crisis response plan in place. Before an MSP can help its customers, it needs to establish an all-hands-on-deck plan first to ensure its network, endpoints, applications (especially apps used to remotely connect to clients’ networks) and data aren’t vulnerable to attack. Only then can the MSP proceed to determine the security patches/solutions that are available and deploy them as quickly as possible. Centralized and automated application and incident management platforms make this easier, but organizing a crisis response team with an established action plan in advance is critical.

Be a proactive communicator. A security-savvy MSP will hear about new attacks and vulnerabilities well in advance of their clients. Proactive communication will help clients identify potential problems and get ahead of these threats as they emerge.

Each new threat is a teachable moment. A vulnerability with such a widespread attack surface as Log4Shell can help MSPs demonstrate to clients that cybersecurity is too vast a challenge to tackle on their own. These teachable moments (pardon the cliché) also help affirm the security-centric MSP’s tremendous value in responding to attacks and protecting customers against future attacks.

By being prepared to respond quickly and calmly in an emergency, MSPs can demonstrate their value and create numerous opportunities for future business—and hopefully have a more peaceful holiday break this year.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

 This guest blog is part of a Channel Futures sponsorship.