https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
Banking Technology
    • Newsletter
  • Home
  • Technologies
    • Back
    • Analytics
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
  • Intelligence
    • Back
    • Content Resources
    • From the Industry
    • Galleries
    • Our Sponsors
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • Think Tank
  • Awards
    • Back
    • Circle of Excellence
    • Digi Awards
    • MSP 501 Rankings
    • Talkin’ Cloud 100
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Editorial Calendar
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
  • Home
  • Technologies
    • Back
    • Analytics
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
  • Intelligence
    • Back
    • Content Resources
    • From the Industry
    • Galleries
    • Our Sponsors
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • Think Tank
  • Awards
    • Back
    • Circle of Excellence
    • Digi Awards
    • MSP 501 Rankings
    • Talkin’ Cloud 100
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Editorial Calendar
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Report: ‘Unofficial’ Ports & Database Services Biggest Cyberattack Targets for SMBs

  • Written by Kris Blackmon
  • September 25, 2017
A new report drills down into the areas of biggest vulnerabilities in small businesses' networks.

If there were any doubts as to the magnitude to which cyberattacks impact IT service providers, the rash of high-profile attacks in the first half of 2017 should have definitively erased them. From Russian hacks to WannaCry to NotPetya, the slew of ransomware and other cyberattacks leading to data breaches has brought cybersecurity to the forefront of everyone’s minds, whether or not they work in IT.

However, as channel partners are well aware, there is more to the cybersecurity story than attacks that make the headlines. A new report by Calyptix Security that analyzes threat intelligence data collected exclusively from small business networks in North America. Threat Intelligence Report: 24 Hours of Inbound Attacks on Small Networks reviewed intrusion detection alerts captured from about 800 network security devices at small businesses across the U.S. and Canada 

Ben Yarbrough, CEO of Calyptix, says he wanted the study to drill down to network security data from the smallest networks – those ranging from about 5 to 100 endpoints. Intrusion detection alerts were collected from security appliances at these networks for a single 24-hour period in August 2017 for the report.

“Cyber security research tends to either ignore small businesses or roll them into a larger group, such as ‘networks with fewer than 500 endpoints.’ But is a network with 400 devices really a small business environment? We don’t think so, and that’s why we feel this report is critical,” said Yarbrough.

The report confirms that small businesses are frequent targets of cyberattacks and offers specific insights as to where channel partners need to be focusing their energies when devising a comprehensive security solution for their SMB clients. For example, the study outlines in detail exactly which services attackers use the most to gain entry into businesses’ systems, preferred targets by geographic region and the industries most favored by hackers.

Here are the top six takeaways for partners: 

  1. The threat is real and small businesses cannot hide in obscurity on the internet. Small business networks are under constant threat and reconnaissance by focused attackers with interest in very specific systems. Top targets at small businesses include Microsoft SQL database, remote access by Microsoft RDP or SSH, VoIP telephone systems, any enabled web content or access, remote management tools, UPS power systems, Windows update systems, Windows file shares and FTP.
  2. Attackers would not purse any of these systems unless occasionally successful. This reality suggests there remains significant fertile ground for MSPs to educate and serve small business owners.
  3. MSPs should utilize every available tool to minimize exposure of their own systems as well as their clients from unauthorized access, including VPNs, restricting management access, account lockouts, and enhanced authentication measures.
  4. Given the scale of attacks and reconnaissance, MSPs should always operate IDS/IPS systems in a protective mode (e.g. block traffic).
  5. MSP’s should not establish any publicly facing system (e.g. internet exposed) without deliberate consideration and planning, including network segmentation, vigilant patching and maintenance as well as monitoring, especially for unauthorized or unusual access.
  6. MSPs should exercise caution with cloud service providers to ensure cloud based systems implement reasonable access controls, timely maintenance and ongoing monitored.

As is almost always the case, the client is the biggest source of vulnerabilities (and cybersecurity headaches), and partners need to make sure to build governance guidelines into their service agreements in order to save both their clients from attack and themselves from liability.

“IT professionals need to protect themselves from neglectful clients. You must operate under clear guidelines that outline where your responsibilities start and end,” says Adam Sutton, Director of Marketing for Calyptix. “This not only clarifies the value you offer to clients, it also sets clear boundaries that protect you from responsibility if a data breach occurs. This is important for IT service providers in all industries, and especially those who operate in heavily regulated industries such as healthcare and banking.”

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Technologies

Related


  • Security Roundup
    Security Roundup: Google's GDPR Fine, KnowBe4, Cybint, Digital Training
    Google became the first major tech company to be penalized under the GDPR.
  • security
    Double Your Revenue with Backup and DRaaS
    If there were any doubts as to the magnitude to which cyberattacks impact IT service providers, the rash of high-profile attacks in the first half of 2017 should have definitively erased them. From Russian hacks to WannaCry to NotPetya, the slew of ransomware and other cyberattacks leading to data breaches has brought cybersecurity to the forefront of everyone’s minds, […]
  • Bundle of sticks
    SolarWinds Debuts Flow Tool Bundle
    New tools from SolarWinds target challenges of distributed environments.
  • Difference
    Nonprofit Takes On Cybersecurity Skills Shortage
    Courses also are available for a fee to non-members and the general public.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • IBM’s Rometty Describes Enterprise-Driven Digital Reinvention
  • Kenna Security Rolls Out Partner Program Updates
  • Password Horror Stories
  • Beyond PCs: Lenovo Makes Big Data Center Strides with Partners

From the Industry


Sponsor Content

A 2019 Update on RDP Ransomware

February 14, 2019
Sponsor Content

This Valentine’s Day, Give the Gift of IT Education

February 14, 2019
Sponsor Content

XO Is in the Air

February 11, 2019
view all

Galleries


MSPs On … Struggles with the Skills Shortage

February 15, 2019
view all

Webinars


Sponsor Content

Double Your Revenue with Backup and DRaaS

February 12, 2019
Sponsor Content

UCaaS 101: Building a Unified Communications as a Service Practice

December 4, 2018
view all

White Papers


Sponsor Content

A Business Owner’s Guide to Cybersecurity

February 6, 2019
Sponsor Content

The Seven Types of Power Problems

February 6, 2019
Sponsor Content

The Lean MSP

January 29, 2019
view all

Videos


Sponsor Content

Video: Ivanti Unified IT: Automate Service Requests

January 14, 2019
Sponsor Content

Linksys Cloud Manager Tutorial – Dashboard Overview

January 13, 2019
Sponsor Content

Linksys Cloud Manager Tutorial – How to Set Up a Network, Access Points, and SSID

January 13, 2019
view all

Twitter


ChannelFutures

Distributed liability is a thing, says @KathyDWinger, ahead of her #CPExpo talk. #MSSP goo.gl/fb/9oNNv7

February 18, 2019
ChannelFutures

.@AventisSystems offers advice on customized hardware and #software solutions. goo.gl/fb/4LtR9g

February 18, 2019
ChannelFutures

#Cybersecurity strategy is switching back from defense to offense. @cylanceinc @threatquotient @ioactive goo.gl/fb/GD8aHw

February 18, 2019
ChannelFutures

.@CenturyLinkBiz embraces new stricter @awscloud #MSP partner requirements. goo.gl/fb/WwDzco

February 15, 2019
ChannelFutures

.@ISC2 announces new #cybersecurity continuing education program. goo.gl/fb/nWbJY1

February 15, 2019
ChannelFutures

We asked 7 #MSP501 partners about their frustrations with finding good talent. @BowmanWilliams goo.gl/fb/fyzLLj

February 15, 2019
ChannelFutures

.@LenovoDC sees a strong year ahead for partners with a hard focus on #storage. goo.gl/fb/xvtYKp

February 15, 2019
ChannelFutures

.@Nvidia brings virtual #GPU workstation as a service to #Azure Marketplace, also planned for #WVD. goo.gl/fb/SpCCBx

February 15, 2019

MSSP Insider

Newsletters and Updates

Sign up for the Doyle Report, Channel Futures Update, MSP 501 Update and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

Channel Futures

© Channel Futures 2019. All rights reserved.

  • About Us
  • Contact Us

Related Links

  • Privacy Policy
  • Terms of Service

Follow us

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X