ON THE HORIZON
3 Ways To Stop Phishing From Giving Your MSP A Scare
By Manoj Srivastava , General Manager , Security , Kaseya
C
ybercrime is on the rise and here to stay , and topping the list are phishing scams . A common misconception is that only dumb people fall victim to these types of attacks . The truth is that some of the most prestigious national labs , major corporations , and even people with doctoral degrees and IQs off the charts have been compromised .
According to the FBI , phishing was among the top three cybercrimes reported in 2020 . In fact , phishing incidents more than doubled from 114,702 in 2019 to 241,342 in 2020 . What ’ s even more frightening is that 90 % of incidents that end in a data breach start with phishing .
Anyone can fall victim to a phishing scam , making it more important than ever for MSPs to protect their customers .
Don ’ t Let A Lack Of Security Training Haunt Your Business .
Email is one of the major vectors to distribute ransomware , and cybercriminals often depend on phishing and social engineering tactics to infiltrate an unsuspecting organization . Traditional legacy systems are less equipped to protect against cyberattacks , and smaller-sized MSPs may struggle to properly secure environments due to a lack of funds . One way to successfully get around this is by increasing security awareness , which can reduce an organization ’ s chances of having a cybersecurity incident by up to 70 %.
People are the first line of defense . MSPs can leverage this position and safeguard their clients by offering security training to employees as part of their contractual services . Frequency matters . Research shows that trained employees start losing what they learned between 4 – 6 months after each session .
New employees should always go through training during their onboarding process , but don ’ t stop there . Phishing training should be carried out for all employees monthly . It may seem like a lot , but it ’ s critical for organizations to remain vigilant and always on their toes , as cybercriminals are constantly
6 | MSPSuccessMagazine . com • VOLUME 2 ISSUE 6 adapting their techniques to find a way in .
The pandemic also changed the landscape with more employees working from home or in hybrid scenarios with little to no supervision . About 55 % of remote workers rely on email as their primary form of communication , driving home the importance of security training .
Smaller MSPs may sometimes think , “ We are too small to be a target !” This is erroneous thinking . The sobering reality is that their customers are the target . One such victim of a sophisticated cyberattack consisted of a prospect reaching out through a SharePoint file asking for a response to a proposal via sign-in to SharePoint .
MSPs can never be too careful . Security awareness training is one way they can safeguard their clients .
Invest In Phishing Prevention Tools .
Another line of defense for MSPs is to invest in AI-based prevention tools that proactively monitor and protect their business and end customers . An effective AI not only scrutinizes email communications but also analyzes behaviors such as the devices ’ senders , including an employee ’ s usage , who they message the most , and what time of the day they communicate the most , etc . This data is then used to create profiles of trusted email senders and compares incoming communications to these profiles to detect and prevent sophisticated phishing attempts . AI-based monitoring software can also scan images to identify false login pages and recognize altered signatures , then automatically quarantine malicious emails so the end user never interacts with harmful messages .
MSPs should invest in technology that offers warning banners that flag suspicious emails , allows users to quarantine or mark the message as safe with a single click , and proactively quarantines suspicious emails for IT to investigate before they even make it to an employee ’ s inbox . When selecting a product , MSPs should opt for one that offers a dashboard where they can