Ransomware Support Is Core Value Driver for MSSPs

Ayesha Prakash

As ransomware attacks grow increasingly targeted, it’s more important than ever for managed service providers to critically evaluate how they’re protecting customers from this evolving threat. This is especially true following reports that the actors behind the ransomware attacks on 23 local city governments may have accessed their victims by compromising third-party IT software managed by an external service provider. This underscores the reality that under-resourced government agencies and small private-sector companies with small-to-nonexistent IT departments often rely on MSSPs as a major line of defense.

Small, local government agencies with limited resources often outsource most if not all aspects of IT operations to MSPs; the same can be said of many nonprofits and low-tech businesses. These organizations are focused on their core activities — keeping cities running, serving local communities and providing goods and services. Consequently, these organizations may lack adequate cybersecurity protections due to a lack of awareness or resources.

Prevention is key when it comes to dealing with ransomware, but unforeseen contingencies can still arise despite defenders’ best efforts so organizations must also be ready to spring into action in the event of a ransomware attack. By delivering proactive defense measures alongside the resources needed to prepare for and effectively respond to incidents, MSPs can not only protect themselves and their customers from costly reputational damage, they also can reap the benefits of being able to position themselves as a comprehensive, managed solution for defending against ransomware threats.

Proactive Cyber Defense

MSPs can gain a competitive edge by empowering customers with the tools, capabilities, and intelligence needed to reduce the likelihood and potential impact of a ransomware attack. For starters, MSPs can support the remote data backup of critical assets on external servers, thus providing a critical lifeline for helping customers restore access to these assets in the event of a ransomware attack.

But to help customers prevent ransomware attacks from occurring in the first place, MSPs must also deliver meaningful vulnerability management support. There’s no blanket solution for effective vulnerability management, and customers need contextualized intelligence to determine which security patches to prioritize. As such, automated tools can never deliver truly effective cyber defense and must be supplemented with access to the data and insight needed to inform an appropriate course of action.

Ransomware Education and Planning

Empowering customers with strong cyber defenses is essential, but there’s no foolproof way to prevent a ransomware attack with absolute certainty. And since the impact of a ransomware attack on operations and revenue is compounded the longer it goes unmitigated, having the knowledge and predefined response procedures needed to act quickly and effectively during an attack can reap considerable returns in terms of harm reduction.

A comprehensive incident-response plan should outline procedures for verifying that a ransomware attack has occurred, assessing which assets have been exposed and to what extent, preventing further exposure, and include a decision-making framework for determining how to go about retrieving affected assets. Unless an organization just so happens to have an in-house ransomware guru, ransomware response planning should involve workshops, practice exercises and other professional services led by external experts experienced in dealing with these events.

Threat-Actor Engagement

By working with external advisers to proactively prepare a ransomware incident-response plan, IT staff can rest assured knowing they won’t be running around like chickens with their heads cut off in the immediate aftermath of an attack. But this doesn’t necessarily mean they’re equipped to independently deal with a ransomware incident from start to finish.

When responding to a ransomware incident affecting critical data or systems, teams are faced with …