Ransomware still remains the most common cyber threat to SMBs, with 60% of MSPs reporting that their SMB clients have been hit as of Q3 2020, Datto reveals.
More than 1,000 MSPs weighed in on the impact COVID-19 has had on the security posture of SMBs, along with other notable trends driving ransomware breaches.
The impact of such attacks keeps growing: the average cost of downtime is now 94% greater than in 2019, and nearly six times higher than it was in 2018 increasing from $46,800 to $274,200 over the past two years, according to Datto’s research. Phishing, poor user practices, and lack of end user security training continue to be the main causes of successful ransomware attacks.
The survey also revealed the following:
- MSPs a target: 95% of MSPs state their own businesses are more at risk. Likely due to increasing sophistication and complexity of ransomware attacks, almost half (46%) of MSPs now partner with specialized Managed Security Service Providers (MSSPs) for IT security assistance – to protect both their clients and their own businesses.
- SMBs spend more on security: 50% of MSPs said their clients had increased their budgets for IT security in 2020, perhaps indicating awareness of the ransomware threat is growing.
- Average cost of downtime continues to overshadow actual ransom amount: Downtime costs related to ransomware are now nearly 50X greater than the ransom requested.
- Business continuity and disaster recovery (BCDR) remains the number one solution for combating ransomware, with 91% of MSPs reporting that clients with BCDR solutions in place are less likely to experience significant downtime during an attack. Employee training and endpoint detection and response platforms ranked second and third in tackling ransomware.
The impact of COVID-19 on ransomware and the cost of security disruptions
During the pandemic, the move to remote working and the accelerated adoption of cloud applications have increased security risks for businesses. More than half (59%) of MSPs said remote work due to COVID-19 resulted in increased ransomware attacks, and 52% of MSPs reported that shifting client workloads to the cloud increased security vulnerabilities.
As a result, SMBs need to take precautions to avoid the costly disruptions that occur in the aftermath of an attack. The survey also determined that healthcare was the most vulnerable industry during the pandemic (59%).
“Now more than ever organizations need to be vigilant in their approach to cybersecurity, especially in the healthcare industry as it’s managing and handling the most sensitive (and for criminals the most valuable) private data,” said Travis Lass, President of XLCON.
“The majority of our clients are small healthcare clinics, with no in-house IT. As ransomware attacks continue to increase, it’s critical we do everything we can to support them by arming them with best-in-class technology that will fend off malicious attackers looking to take advantage of the already fragile state of the healthcare industry.”
Top three ways ransomware is attacking entities
- Phishing emails. 54% of MSPs report these as the most successful ransomware attack vector. The social engineering tactics used to deceive victims have become very sophisticated, making it vital for SMBs to offer extensive and consistent end user security education that goes beyond the basics of identifying phishing attacks.
- Software-as-a-Service (SaaS) applications. Nearly one in four MSPs reported ransomware attacks on clients’ SaaS applications, with Microsoft being hit the hardest at 64%. These attacks mean that SMBs must consider the vulnerability of their cloud applications when planning their IT security measures and budgets.
- Windows endpoint systems applications. These are the most targeted by hackers, with 91% of ransomware attacks targeting Windows PCs this year.
“Reducing the risk of cyberattacks requires a multi-layered approach rather than a single product – awareness, education, expertise, and purpose-built solutions all play a key role.
“The survey highlights how MSPs are taking the extra step to partner with MSSPs that can offer more security-focused experience, along with a more widespread use of security measures like SSO and 2FA – these are critical strategies businesses and municipalities need to adopt to protect themselves from cyber threats now and in the future.”
78% of SMBs indicated that having a privileged access management (PAM) solution in place is important to a cybersecurity program – yet 76% of respondents said that they do not have one that is fully deployed, a Devolutions survey reveals.
While it’s a positive trend that the majority of SMBs recognize the importance of having a PAM solution, the fact that most of the respondents don’t have a PAM solution in place reflects that there is inertia when it comes to deployment.
SMBs are not immune, company size doesn’t protect from cyberattacks
Global cybercrime revenues have reached $1.5 trillion per year. And according to IBM, the average price tag of a data breach is now $3.86 million per incident. Despite these staggering figures, there remains a common (and inaccurate) belief among many SMBs that the greatest security vulnerabilities exist in large companies.
However, there is mounting evidence that SMBs are more vulnerable than enterprises to cyberthreats – and the complacency regarding this reality can have disastrous consequences.
“SMBs must not assume that their relative smaller size will protect them from cyberattacks. On the contrary, hackers, rogue employees and others are increasingly targeting SMBs because they typically have weaker – and, in some cases, virtually non-existent – defense systems.
“SMBs cannot afford to take a reactive wait-and-see approach to cybersecurity because they may not survive a cyberattack. And even if they do, it could take several years to recover costs, reclaim customers and repair reputation damage,” said Devolutions CEO David Hervieux.
Key findings from the survey
To dig deeper into the mindset of SMBs about cybersecurity, Devolutions conducted a survey of 182 SMBs from a variety of industries – including IT, healthcare, education, and finance. Some notable findings include:
- 62% of SMBs do not conduct a security audit at least once a year – and 14% never conduct an audit at all.
- 57% of SMBs indicated they have experienced a phishing attack in the last three years.
- 47% of SMBs allow end users to reuse passwords across personal and professional accounts.
These findings reinforce the need for better cybersecurity education for smaller companies.
“Conducting this survey reaffirmed to us that while progress is being made, there is a still a lot of work to do for many SMBs to protect themselves from cybercrime. We plan to conduct a survey like this each year so that we can identify the most current trends and in turn help our customers address their most pressing needs,” added Hervieux.
Protect from cyberattacks: The role of MSPs
One way for SMBs to close the cybersecurity gap is to seek out a trusted managed service provider (MSP) for guidance and implementation of cybersecurity solutions, monitoring and training programs. Because SMBs do not typically have huge IT departments like their enterprise counterparts, they often look to outside resources.
MSPs have an opportunity to strengthen their relationship with existing customers and expand their client base by becoming cyber experts who can advise SMBs on various cybersecurity issues, trends and solutions – as well as offer the ability to promptly respond to any security incidents that may arise and take swift action.
“We expect more and more MSPs will be adding cybersecurity solutions and expertise to their portfolio of offerings to meet this demand,” Hervieux concluded.
Prevent privileged account abuse
Organizations must keep critical assets secure, control and monitor sensitive information and privileged access, and vault and manage business-user passwords – all while ensuring that employees are productive and efficient. This is not an easy task for SMBs without the right solution in place.
Many PAM and password management solutions on the market are prohibitively expensive or too complex for what SMBs need.
A new SolarWinds study revealed the operational impact of the current pandemic on managed services providers (MSPs) and future growth opportunities in the market.
The study surveyed 500 MSPs across Europe, North America, Australia, and New Zealand, to gain insight into how MSPs are successfully navigating the impact of COVID-19 and their views on the next 12 months in the market.
“To see the overwhelming majority of MSPs retain their staff during a time period characterized by uncertainty is truly heartening, especially given the important role MSPs have played in helping businesses digitally transform,” said Colin Knox, vice president of community, SolarWinds MSP.
“The technology industry, and the channel, is resilient but also resourceful, and this crisis has re-enforced the value MSPs bring to businesses. Without MSPs as an extension of the team — focused on risk mitigation and business continuity — many businesses would have been lost, and wouldn’t have been able to support remote working on such a vast, immediate scale. The knowledge, expertise, and skillset of MSPs has been crucial in this changing climate. They have truly become essential.”
Operational impact of the pandemic on managed services providers
- 59% of surveyed MSPs have applied for government financial relief programs, with 74% receiving the help they needed
- Over 80% of respondents have continued operating at their pre-pandemic staffing levels
- The majority of MSPs declared they have adapted their security services for work-from-home clients, with 59% of managed-services-centric businesses offering more security bundles than any other business model
66% of MSPs have reported going the extra mile to support their customers during this time. Along with adapting their security services for work-from-home clients, MSPs have been continuing to accommodate customer needs in the following ways during the pandemic:
- 65% of MSPs do not anticipate making any pricing changes to their managed services package in the long-term
- 24% have offered delayed payments
- 23% have offered temporary discounts
- 19% have reduced their services to fit shrinking customer budgets
- 13% intend to increase their prices following the pandemic
In terms of challenges, MSPs believe the biggest barriers they will face over the next year are:
- Securing new customers
- Social distancing requirements in the office and at customer sites
- Lower IT budgets and spending due to recession
- Adapting to having staff and clients work-from-home
The next 12 months
- MSPs continue to see security services as a crucial growth factor for advancement along with cloud services — 51% are set to increase their security services and 47% plan to increase cloud services sales
- 42% of respondents predicted growth will come from additional project work, and 39% expect an increase in managed services contracts
- For other potential growth opportunities, 40% of large MSPs also anticipate they will engage in a merger or acquisition to support expansion
- Nearly half of respondents estimate more than 20% of their clients will implement work-from-home policies post-pandemic
- Companies operating in a managed services business model show more confidence and expect stronger revenue growth than companies operating primarily in the break/fix business model
The report showed that although MSPs are comfortable with the security basics such as antivirus, backup, and firewalls, there was room for growth in some of the more advanced security solutions and offerings including penetration testing, auditing and compliance management, and risk assessments.
Dealing with the sheer variety and growth of security threats such as ransomware, malicious insider attacks, and advanced persistent threats, requires MSPs to take a broad, layered approach to security including robust solutions to defend against today’s sophisticated threats.
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes.
About ConnectWise Automate and the vulnerability
ConnectWise is a provider of business automation solutions for managed services providers (MSPs) and IT solution providers.
ConnectWise Automate is a software suite IT support technicians use to remotely monitor and manage customers’ assets (servers and workstations).
“A remote authenticated user could exploit a vulnerability in a specific Automate API and execute commands and/or modifications within an individual Automate instance,” the company shared in a security bulletin. Effectively, this could allow attackers to do things like run commands on endpoints, create new users, etc.
The vulnerability affects on-premise and cloud instances of ConnectWise Automate versions 2020.5 and earlier.
ConnectWise has applied the hotfixes and hardening measures required to plug the security holes and is urging on-premise partners to do the same based on their Automate instance version.
Those who still use ConnectWise Automate versions 2019.11 or older are urged to implement provided mitigation steps and to update to a supported version.
ConnectWise has been working on the hotfixes since last week and has been releasing them up until Saturday. The first hotfixes were a temporary stopgap, so users are advised to peruse the security advisory and make sure to apply them all.
“To protect our customers, ConnectWise does not publicly disclose or confirm security vulnerabilities until ConnectWise has conducted an analysis of the product and has issued fixes and/or mitigations,” the company noted.
“Alternative tools and processes are used, where appropriate, when targeted or discrete communication with entitled customers is required.”
Earlier this year, BishopFox researchers flagged eight vulnerabilities in ConnectWise Control, the company’s remote control and access solution. Seven of the vulnerabilities were subsequently remediated and the successful remediation confirmed.
Mobile service providers say they are making substantial progress toward ushering in a new generation of 5G networks that will enable ultra-high-speed mobile connectivity and a wide variety of new applications and smart infrastructure use cases.
Progress includes steady work toward virtualizing core network functions and a reexamination of the security investments they will need to protect their networks and customers.
COVID-19 is not expected to significantly delay the progress of 5G deployments, according to a global study report, developed by the Business Performance Innovation (BPI) Network, in partnership with A10 Networks.
The percentage of mobile service providers who say their companies are “moving rapidly toward commercial deployment” has increased significantly in the past year, climbing from 26 percent in a survey announced in early 2019 to 45 percent in the new survey. Virtually all respondents say improved security is a critical network requirement and top concern in the 5G era.
Adding standalone 5G
Early 5G networks are being designed in accordance with the already-approved non-standalone 5G standard. However, 30 percent of respondents say they are already proactively planning to add standalone 5G, and another 9 percent say their companies will move directly to standalone.
Standalone 5G will require a whole new network core utilizing a cloud-native, virtualized, service-based architecture. Many respondents, in fact, say they are making significant progress toward network virtualization.
“Our latest study indicates that major mobile carriers around the world are on track with their 5G plans, and more expect to begin commercial build-outs in the coming months,” said Dave Murray, director of thought leadership with the BPI Network.
“While COVID-19 may result in some short-term delays for operators, the pandemic ultimately demonstrates a global need for higher speed, higher capacity 5G networks and the applications and use case they enable.”
- 81% say industry progress toward 5G is moving rapidly, mostly in major markets, or is at least in line with expectations.
- 71% expect to begin 5G network build-outs within 18 months, including one-third who have already begun or will do so in 2020.
- 95% percent say virtualizing network functions is important to their 5G plans, and some three-quarters say their companies are either well on their way or making good progress toward virtualization.
- 99% view deployment of mobile edge clouds as an important aspect of 5G networks, with 65% saying they expect edge clouds on their 5G networks within 18 months.
“Mobile operators globally need to proactively prepare for the demands of a new virtualized and secure 5G world,” said Gunter Reiss, worldwide vice president of A10 Networks, a provider of secure application services for mobile operators worldwide.
“That means boosting security at key protection points like the mobile edge, deploying a cloud-native infrastructure, consolidating network functions, leveraging new CI/CD integrations and DevOps automation tools, and moving to an agile and hyperscale service-based architecture as much as possible.
“All of these improvements will pay dividends immediately with existing networks and move carriers closer to their ultimate goals for broader 5G adoption and the roll-out of new and innovative ultra-reliable low-latency use cases.”
Challenges: The security mandate
The industry’s top 5G challenges:
- Heavy cost of build-outs (59%)
- Security of network (57%)
- Need for new technical skills (55%)
- Lack of 5G enabled devices (42%)
Importance of security to 5G:
- 99% rate security as important to their 5G planning, higher than even network reach and coverage or network capacity and throughput
- 97% say increased traffic, connected devices and mission-critical use case significantly increase security and reliability concerns for 5G
- 93% say their security investments are already being affected (52%) or are under review (41%) due to 5G requirements
Top use cases expected to power 5G adoption
Next two years:
- Ultra-high-speed connectivity (81%)
- Industrial automation & smart manufacturing (62%)
- Smart cities (54%)
- Connected vehicles
Next 5 to 6 years:
- Smart cities (62%)
- Ultra-high-speed connectivity (59%)
- Connected Vehicles (57%)
- Industrial automation & smart manufacturing (42%)
“Mobile operators globally need to be proactively preparing for the demands of a new 5G world,” Reiss said.
Cybersecurity and, to a lesser but growing extent, compliance are the most pressing priorities for MSPs and their customers this year, according to a Kaseya survey of 1,300 owners and technicians of MSP firms in more than 50 countries.
“Respondents to this year’s survey overwhelmingly agreed that their clients need more cybersecurity support from them. This is especially true in today’s uncertain environment,” said Jim Lippie, senior vice president and GM of partner development at Kaseya.
“As more small and midsize businesses look to maintain vital security operations and decrease IT costs internally ahead of an economic downturn, they will lean on the expertise and services provided by MSPs to keep their companies operating.”
While responses to the 2020 survey were collected in December 2019 prior to the coronavirus crisis, the pandemic has only increased the focus on a need for expanded IT security measures.
Companies of all sizes have recently seen an increase in cyberattacks with an influx of personal devices connecting to the corporate network and as malicious actors hope to take advantage of the uncertain times.
“More than half, or 60 percent, of our respondents said their clients experienced downtime from an outage in the past year,” Lippie continued.
“In our current, unprecedented climate, an outage can mean the end for a small business. So for MSPs, who are the IT backbone of these small businesses, there’s a significant opportunity to diversify their clients’ cybersecurity solutions and strategy in order to respond agilely to any threat that comes their way and maintain their livelihood.”
MSPs and priorities: Security dominates
Both MSPs and their customers have faced increased security threats year over year. Because MSPs have access to their clients’ IT environments through remote monitoring and management (RMM) tools, they are an ideal target for malicious actors who see opportunity in the ability to extend the impact of their attacks. In fact, a little more than 1 in 3 respondents (37 percent) said they felt their MSP business was more prone to cybercrime now than it was in 2019.
On top of the concern for their own organization’s security, MSPs must contend with increased cyber risks to their clients. Almost all respondents (95 percent) have had either some or most of their clients turn to them for counsel on cybersecurity plans and best practices.
Additionally, nearly three in four respondents said that 10 to 20 percent of their clients experienced at least one cyberattack in the past year.
Companies need more cybersecurity support from their MSP partners. Among a ranking of several top IT needs, such as “supporting mobile devices,” “legacy system replacement” and “public cloud adoption, migration and support,” 29 percent of respondents listed “meeting security risks” as their clients’ top IT need.
“Cybersecurity services,” like antivirus, anti malware and ransomware protection, followed closely at 14 percent. Together, these two options make up more than 40 percent of responses to the question. With ransomware and malware attacks making headlines every day, MSPs have an opportunity to protect existing and future customers by providing multi-layered security and backup services.
The need for compliance services is growing
With the increasing number of regulations, including the CCPA and the New York Stop Hacks and Improve Electronic Data (SHIELD) Security Act, data privacy has become a necessity for small and large organizations alike. In fact, two-thirds of respondents reported that their clients struggle to meet compliance requirements, and nearly one-third reported an increased need for compliance services in the past two years.
As our dependence on software and other technologies grow, regulators will continue to enact data privacy laws. This presents an opportunity for MSPs to develop and leverage a niche expertise in this space to help clients maintain compliance with an increasingly complex set of regulations.
RMM remains MSPs’ core application of choice
For more than half of respondents (61 percent), RMM remains the most important application, followed by PSA (21 percent) and IT documentation (11 percent).
More important than the applications themselves, however, is integration between these core applications. In fact, nearly 70 percent of respondents said that integration between their core IT applications is very important, and 81 percent responded that this integration could help their organization drive better bottom-line profits.
MSPs show growth through new offerings and value-based pricing
In the past decade, MSPs have evolved greatly from simply providing break-fix services to implementing full-fledged suites of solutions. Driving this evolution is the ability of MSPs to agilely respond to emerging needs in the market.
Nearly 90 percent of respondents consider the expansion of their service offerings important, which makes sense: The most successful, high-growth MSPs — those with an average monthly recurring revenue growth greater than 20 percent — have added about four to five new services to their offerings in the past two years.
Underlying all of this growth is a continued shift toward value-based pricing models. Respondents this year opted for a value-based pricing strategy rather than cost-based or price-match strategies. Value-based pricing strategies develop prices based on the end result and the value delivered to the customer.
Among all respondents, 38 percent reported that more than half of their revenue comes from a value-based pricing strategy. Contrastingly, only 17 percent of respondents reported that the majority of their revenue came from a cost-based pricing strategy.
Cloud support decreases but remains an opportunity for MSP growth
Public and private cloud adoption are among the top IT needs in 2020. However, respondents who manage client cloud environments dropped from 70 percent in the 2019 survey to 56 percent this year for public cloud, and from 59 percent in the 2019 survey to 49 percent for private cloud.
Despite this, there still remains an opportunity for MSPs to grow their cloud management offerings, as nearly a quarter (21 percent) of successful, high-growth MSPs manage their clients’ public cloud environments.
Is your organization using ManageEngine Desktop Central? If the answer is yes, make sure you’ve upgraded to version 10.0.474 or risk falling prey to attackers who are actively exploiting a recently disclosed RCE flaw (CVE-2020-10189) in its software.
We’re seeing this being exploited in the wild. Watch for shady shit dropping out of java.exe, LOLBIN download of 2nd stage via bitsadmin or certutil
Working on a blog post, watch https://t.co/yI3VuU1IIa
— Eric Capuano (@eric_capuano) March 10, 2020
— chris doman (@chrisdoman) March 9, 2020
About ManageEngine Desktop Central
ManageEngine Desktop Central is developed by ManageEngine, a division of Zoho Corporation, an software development company that focuses on web-based business tools and information technology.
Desktop Central is a unified endpoint management solution that helps companies, including managed service providers (MSPs), to centrally control servers, laptops, smartphones, and tablets.
About the vulnerability (CVE-2020-10189)
CVE-2020-10189 allows for deserialization of untrusted data and allows unauthenticated, remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central and achieve SYSTEM/root privileges.
This would allow them to install malicious programs or push malicious updates onto the managed devices, lock them, and so on.
The vulnerability affects Desktop Central versions prior to 10.0.474 and was unearthed by Steven Seeley of Source Incite, who revealed its existence publicly last week through a tweet and security advisory that also links to PoC exploit code.
At the time, the vulnerability was a zero-day (unknown to and unaddressed by the vendor), since Seeley didn’t share his findings with Zoho/ManageEngine prior to the advisory’s publication – ostensibly because “Zoho typically ignores researchers.”
A day later ManageEngine issued a security update (v10.0.479) to correct the flaw and offered mitigation advice.
Nate Warfield, senior security program manager at Microsoft, used the Shodan search engine to find some 2,300 publicly accessible Desktop Central instances.
But even instances that aren’t exposed externally can be exploited by attackers who have achieved access to the target organization’s through another security hole, allowing them to broaden their presence.
Finally, since the solution is often used by managed service providers (MSPs), compromised Desktop Central instances could result in the simultaneous compromise of many client organizations’ endpoints and, through them, networks.
Organizations who use ManageEngine Desktop Central should upgrade to a safe version as soon as possible.
Managed services remain healthy and profitable, with great opportunities for growth, including advanced security, automation, and business operations, a SolarWinds report reveals.
MSPs comfortable with security basics
- For solutions in North America, respondents were most comfortable offering and using antivirus (89%), firewalls (83%), data backup and recovery (81%), and endpoint security (75%).
- In Europe, respondents were most comfortable offering and using antivirus (93%), data backup and recovery (82%), firewalls (82%), and antispam (80%) as solutions.
However, MSPs have room for growth in some of the more advanced security solutions and offerings, as respondents were less confident in the more complex controls:
- European and North American respondents selected the same top three solutions they were least comfortable with: biometrics, cloud access security brokers (CASBs), and digital rights management.
- On the services end, European respondents were least comfortable with penetration testing (52%), auditing and compliance management (39%), and risk assessments (36%). North American respondents were least comfortable with auditing and compliance management (53%), penetration testing (47%), and security system architecture (39%).
MSPs increasing the use of automation
The results also showed MSPs are starting to increase the use of automation to handle day-to-day tasks such as patch management and backup, but don’t feel comfortable with automating the advanced tasks:
- Automation saves North American MSPs an average of 15.6 full-time employee hours per week and in Europe, an average of 23 full-time employee hours per week.
- In North America, respondents were least comfortable automating client onboarding (44%) with identity and access management in second place (38%). In Europe, respondents were least comfortable automating SQL query workflows (57%) but shared their discomfort with automating identity and access management with their North American counterparts.
2019 showed an improvement in customer retention
In the 2018 report, MSPs were losing customers almost as fast as they gained them, but 2019 showed an improvement in customer retention. Two of the top three reasons for losing customers stemmed from the customer rather than the service provider:
- In North America, respondents pick up an average of four clients every three months while losing one in the same period.
- In Europe, respondents pick up an average of three clients every two months while losing more than one on average in the same period.
- Top causes of customer loss included the company either went out of business (26% in North America and 16% in Europe) or were fired by the partner (25% in North America and 16% in Europe).
Biggest growth obstacles for MSPs
Another key finding showed core business operations are still amongst the biggest growth obstacles for MSPs including lack of resources/time, sales, and marketing:
- North American MSPs claimed their biggest obstacles toward growth were sales (43%), lack of resources/time (42%), and marketing (26%).
- European MSPs claimed their biggest obstacles toward growth were lack of resources/time (41%), sales (32%), and security threats (32%).
Many providers claim a lack of sales and marketing expertise is a major anchor on their growth—hiring specialized staff could help close the gap or training for existing employees.
Enterprise expectations of managed service providers (SPs), along with their ecosystem of public cloud provider partners, are shifting and will drive fundamental changes in both how buyers consume cloud services and providers position their business models in meeting customer needs for these services. Utilizing managed SPs for managed cloud services IDC sampled 1,500 buyers and nonbuyers of managed cloud services. The respondent audience for this survey included both IT and LOB respondents across six countries … More
The post Enterprise expectations of managed service providers and public cloud providers are shifting appeared first on Help Net Security.