Changing Facade of Cybersecurity: Top Threat Trends for MSPs to Watch
As the threat landscape gets murkier, it is imperative that MSPs stay abreast of current threat trends to help spark conversations with their SMB clients about the need for implementing smarter cybersecurity solutions.
We believe one of the best approaches for combatting evolving threat trends is deploying predictive protection–for preventing threats before they happen–and investing in ongoing cybersecurity training for employees.
To help drill in that message, being aware of threat trends like the rise of polymorphic malware–which means signature-based solutions won’t detect advanced malware–will only aid MSPs.
While new threat trends will keep emerging, Webroot’s 2019 Threat Report Mid-Year Update does a deep dive on the current trends–based on data collected within the Webroot Platform and as seen by the Webroot Threat Research Team–that can help MSPs steer cybersecurity conversations in the right direction.
The Current Threat Trend Scenario
Here are some of the top threat trends uncovered by Webroot that you need to keep in mind when engaging with SMBs about their cybersecurity needs:
- Nearly one in three phishing sites use HTTPS. Malicious actors are increasingly using HTTPS to create a sense of legitimacy because they know users worldwide have been trained to look at the padlock icon and HTTPS in the address bar as symbols of security. Obtaining a security certificate like TLS/SSL has become incredibly easy, and, by doing so, cybercriminals can easily take advantage of users’ trust.
- One in four malicious URLs are hosted on trusted domains. Cybercriminals are also hijacking pages on legitimate sites to host malicious content because it’s more difficult for security measures to block URLs on these domains and it won’t stir suspicion among end users.
- 95% of the malware is unique to a single PC. Nearly all of today’s threats are polymorphic, meaning that malware constantly changes its identifiable features to evade detection.
- Malware targeting Windows 7 systems has risen 71%. Malicious actors are particularly targeting older operating systems in the hopes of exploiting unpatched vulnerabilities.
- One in 50 URLs are malicious. This might seem insignificant at first, but if you consider the number of links people click, or websites they visit each day, you will begin to perceive the risk. Nearly a third of office workers click more than 25 work-related links per day, according to a Webroot report.
Time for SMBs to Be Cyber-smart about Their Security Investments
When talking to SMBs about implementing advanced cybersecurity solutions, here are some key areas you should focus on:
- Don’t overlook threat intelligence. Invest in preemptive measures like signing up for actively updated threat intelligence to help predict future attacks, raise awareness of new attack types and even flag emails from high-risk areas.
- Advanced endpoint protection. Installing and keeping antivirus software up to date and backing up critical business data are still part of basic cyber hygiene. But today’s sophisticated threats call for employing cloud-driven endpoint protection that harnesses the power of machine learning to detect and protect against evolving threats.
- Deploying DNS protection. As DNS attacks gain momentum–with businesses reporting a 57% increase in downtime due to such attacks–DNS-level protection has become a business imperative. DNS security solutions provide content filtering at the DNS layer and full network visibility, as well as automatically block dangerous connection requests from phishing and malware sites.
- Provide security awareness training. Providing end user education is key to IT security. Simulated phishing campaigns can not only help you gauge end user phishing awareness, but also help raise their cyber awareness. Keep in mind that continuous learning is key to success when it comes to such trainings.
This guest blog is part of a Channel Futures sponsorship.