By all accounts 2104 was the worst year for IT security breaches. The bad news is that 2015 is expected to be even worse. Lone wolf and malicious hacking groups, organized crime and even hostile foreign governments are becoming more sophisticated in breaking into information systems.

Elliot Markowitz

March 13, 2015

2 Min Read
MSPs Weigh in on Top IT Security Concerns

By all accounts 2104 was the worst year for IT security breaches. The bad news is that 2015 is expected to be even worse. Lone wolf and malicious hacking groups, organized crime and even hostile foreign governments are becoming more sophisticated in breaking into information systems.

They are growing more powerful and once they have a target in their sites, sometimes it is too late to stop them.

That said, managed service providers (MSPs) need to keep IT security front and center in the minds of their customers. A system is only as strong as its weakest link. And as more devices flood the workplace—both personal and business—the likelihood of being hacked becomes greater.

While all MSPs I spoke with agree that security is Job 1, they all have seen different vulnerabilities from their customer base. Below are the top areas where they see security breaches happen:

Oli Thordarson, CEO, Alvaka Networks, Irvine, California

  1. Ransomware: Employees clicking on a suspicious file or link

  2. Failure to do lockouts so employees have access to certain systems

  3. Failure to patch and stay updated. “It can be argued that good patching is more important than a firewall for protection. We see too many breaches as a result of failure to follow a good patching policy,” he said.

  4. Theft: Mobile devices are especially vulnerable, but laptops and even PCs get stolen and the system is breached before the company even knows the device is gone.

Raffi Jamgotchain, CEO and founder, Triada Networks, Norwood, New Jersey

  1. Phishing

  2. Spam/malicious emails

  3. Open remote access

  4. Default passwords

  5. Misconfigured equipment

  6. Non-email social engineer (i.e., vishing)

Bobby Kuzma, CISSP, principal consultant, Scary Black Bag, Lakeland, Florida

  1. Password reuse

  2. Drive-by downloads from compromised websites

  3. Phishing emails

  4. Lateral attacks from guest access

  5. Lack of network awareness

  6. Missing third-party updates

  7. Lack of internal defense and segmentation

  8. No exfiltration controls

  9. Router compromise

  10. Unauthorized software on machines

These should serve as a checklist for all MSPs to make sure their customers IT systems are as secure as possible. Ignoring any one of these areas can lead to disaster.

Knock 'em alive!

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Elliot Markowitz

Elliot Markowitz is a veteran in channel publishing. He served as an editor at CRN for 11 years, was editorial director of webcasts and events at Ziff Davis, and also built the webcast group as editorial director at Nielsen Business Media. He's served in senior leadership roles across several channel brands.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like