MSPs Weigh in on Top IT Security Concerns
By all accounts 2104 was the worst year for IT security breaches. The bad news is that 2015 is expected to be even worse. Lone wolf and malicious hacking groups, organized crime and even hostile foreign governments are becoming more sophisticated in breaking into information systems.
By all accounts 2104 was the worst year for IT security breaches. The bad news is that 2015 is expected to be even worse. Lone wolf and malicious hacking groups, organized crime and even hostile foreign governments are becoming more sophisticated in breaking into information systems.
They are growing more powerful and once they have a target in their sites, sometimes it is too late to stop them.
That said, managed service providers (MSPs) need to keep IT security front and center in the minds of their customers. A system is only as strong as its weakest link. And as more devices flood the workplace—both personal and business—the likelihood of being hacked becomes greater.
While all MSPs I spoke with agree that security is Job 1, they all have seen different vulnerabilities from their customer base. Below are the top areas where they see security breaches happen:
Oli Thordarson, CEO, Alvaka Networks, Irvine, California
- Ransomware: Employees clicking on a suspicious file or link
- Failure to do lockouts so employees have access to certain systems
- Failure to patch and stay updated. “It can be argued that good patching is more important than a firewall for protection. We see too many breaches as a result of failure to follow a good patching policy,” he said.
- Theft: Mobile devices are especially vulnerable, but laptops and even PCs get stolen and the system is breached before the company even knows the device is gone.
Raffi Jamgotchain, CEO and founder, Triada Networks, Norwood, New Jersey
- Phishing
- Spam/malicious emails
- Open remote access
- Default passwords
- Misconfigured equipment
- Non-email social engineer (i.e., vishing)
Bobby Kuzma, CISSP, principal consultant, Scary Black Bag, Lakeland, Florida
- Password reuse
- Drive-by downloads from compromised websites
- Phishing emails
- Lateral attacks from guest access
- Lack of network awareness
- Missing third-party updates
- Lack of internal defense and segmentation
- No exfiltration controls
- Router compromise
- Unauthorized software on machines
These should serve as a checklist for all MSPs to make sure their customers IT systems are as secure as possible. Ignoring any one of these areas can lead to disaster.
Knock 'em alive!
As platforms, software,
As platforms, software, devices, and vendors proliferate, enterprise IT security will remain an ongoing challenge. As the MSPs indicated, there are many different ways security breaches happen. There are many layers of security in preventing cyber attacks. As this article explains, the best security practices will result when enterprise security execs begin thinking like the cyber criminals that are targeting their systems – bit.ly/18Ei0rD
Jeff Rutherford commenting on behalf of IDG and KPMG
Dead on Jeff. SPs must always
Dead on Jeff. SPs must always be on guard. To stop a crook, you have to think like a crook. Thanks for your feedback.