One of the most basic and effective controls when it comes to ransomware preparation is being underutilized. MSPs report enabling 2FA on only 60 percent of email clients and 61 percent of password managers, despite the fact that the majority of MSPs (67 percent) claim phishing emails are the leading cause of ransomware breaches at SMBs.
Business continuity and disaster recovery (BCDR) solutions have continued to prove to be the most effective in lessening the impact of a ransomware attack. Ninety-two percent of MSPs report that their clients with BCDR solutions in place are less likely to experience significant downtime during an attack. In addition, four out of five MSPs state victimized clients with BCDR tools in place recovered from an attack in 24 hours or less, while less than one in five MSP clients without BCDR were able to do the same. MSPs are in a unique position today to educate SMBs on how to protect against a ransomware attack, including employee training and the tools to implement.
“For MSPs, it’s no longer just a concern of our clients being hit with ransomware, but our own businesses as well,” said Jason Fry, Managing Director at PAV IT, an MSP based in the south of England that focuses on optimising the IT infrastructure of their clients and helping them be more efficient. “Attackers are realising that MSPs are the gatekeepers to mounds of data, so it’s critical that they take a step back and look at their own systems to ensure they're secure and client data is protected.”
MSPs are also a prime target of ransomware attacks, with the Department of Homeland Security issuing warnings to MSPs this time last year. Four out of five MSPs state that they are increasingly targeted by attackers. However, only half of MSPs have external expertise available to help them in the event of a large scale attack against them or their clients. Sixty percent of MSPs do, however, carry cyber liability insurance to help offset the cost associated with a ransomware attack.
“MSPs need to set the tone for their SMB customers when it comes to preparing for and responding to ransomware attacks,” said Ryan Weeks, Chief Information Security Officer at Datto. “They need to protect themselves first by improving their organization’s cyber hygiene in order to keep their clients safe. MSPs must adopt 2FA universally for any technology they use to service clients, as well as their own business. In a climate where cyber attacks have become an everyday occurrence, 2FA across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack.”