The Current State Of Cybersecurity
By Jason Manar , Chief Information Security Officer , Kaseya
Cybercrime is on the uptick and here to stay . Cybercriminals are getting more sophisticated with their attacks , putting a larger burden on MSPs to protect not only their clients , but also themselves . Gone are the days when having a playbook was a luxury . In today ’ s landscape , it ’ s a must . And forget the one-and-done approach . IT professionals need to regularly review their security strategies and adapt them as cyberthreats are continuously evolving . MSPs are uniquely positioned to serve as trusted advisors to their customers , working collaboratively to both implement and foster a security-first culture in their organizations .
Cybersecurity Trends At A Glance
Reconnaissance by Russian state-sponsored cyber actors is on the rise . Their tactics seem endless and most often
MANAGED SOC PLATFORM
Built for MSPs delivering cybersecurity to SMBs
LEARN MORE appear in the form of port scanning , spear phishing , harvested credentials , and password spray techniques to gain access to networks as well as the cloud . It ’ s critical to have mitigation strategies in place such as a strong firewall , credential hardening , multifactor authentication , strong and unique passwords , centralized log monitoring , rigorous configuration management , and enforcement of the principle of least privilege to safeguard customers ’ organizations .
Like the latest social media trend , another tactic that is hard to stay on top of is phishing . This age-old method continues to be the No . 1 preferred way of attacking organizations through creative emails that can fool even the smartest people . Some of the more successful scams range from an email pretending to be from the company ’ s CEO requesting some urgent action , or a communication that appears to be from a legitimate financial institution threatening immediate consequences if the recipient does not click on an “ authentic-looking ” link . The best way to combat phishing is using anti-phishing solutions combined with employee security training that engages workers and helps them understand they are a company ’ s first line of defense . One highly sophisticated incident I witnessed as an FBI agent was when a group of cyber actors wanted to hack into a large corporation by targeting the company ’ s CEO , but he was diligent at locking down all his personal information . All they were able to get was his business email address . The cybercriminals , however , used property records to uncover his wife ’ s name . They then tracked her social media accounts and discovered the name of their children ’ s school . With this information , they set Google alerts for the school and waited . When they received a Google alert for a school lockdown due to an emergency , the cyber actors pounced and sent an email to the CEO ’ s business email with a malicious attachment purporting to have the names of all the school ’ s emergency contacts . The CEO clicked on it and as a result , the attackers infiltrated the company ’ s network and remained there for a year before they were even detected .
Another issue affecting cybersecurity today is finding the next generation of security professionals . It ’ s already difficult to hire for any position , especially those that require technical experience . Many job openings and salaries are competitive , so finding talent can be daunting . Adding to the problem is hiring people who have the right skill sets to build well-rounded security teams . Larger tech companies , like Kaseya , are trying
6 | MSPSuccessMagazine . com • VOLUME 3 ISSUE 5