2022 saw a swath of breaches that impacted major organizations across the globe. Millions of dollars were held for ransom, personal identifying information (PII) was released onto the dark web, and the cybercrime ecosystem grew more sophisticated, persistent, and damaging.
However, there are lessons to be learned from the top breaches of last year. While at first glance targets like a health insurance company in Australia, a popular transportation app in America, a small school district, and a major software company have nothing in common — the ways hackers infiltrated these organizations and made off with dollars and data highlights what managed service providers (MSPs) need to do to keep themselves and their customers secure.
Take a deep dive into these breaches with “Lessons Learned from Top Breaches” webinar.
Key Lessons MSPs Can Learn From 2022’s Top Breaches
- The data breach is back. Yes, ransomware may be topping headlines, and it continues to be a formidable foe, but more and more threat actors are just exfiltrating data, regardless of a ransom payment. According to IBM, only 11% of breaches in 2022 were ransomware related. In a ransomware attack, data exfiltration paired with data encryption is referred to as “double extortion,” but data exfiltration can occur with many kinds of cyber attacks. Data loss is now the primary avenue where money can be made by cybercriminals. Third-party breaches are also on the rise, meaning threat actors may try to gain access to an MSP to then steal data from the organizations they work with. These supply-chain attacks are increasing in frequency, and threat actors are getting better at avoiding detection. IBM stated that a supply chain breach takes 26 days longer to contain than a single organization breach.
- Credentials protection is critical. Threat actors are gaining access to valuable systems through credentials. Compromised credentials were the most common attack vector in 2022, and as an MSP, your systems could contain not only internal credentials, but credentials for client systems. Credential protection has a high effort-to-value ratio, and a simple technique like implementing multi-factor authentication (MFA) can make all the difference. However, it’s important that, as part of this protection, detection software is also utilized. If credentials are compromised through an MFA-fatigue attack the monitoring and detection solution can alert the organization to unusual behavior. Think of it as having both a well-built gate, and a guard watching over it.
- Make security a part of all operations. As an MSP, security needs to be top of mind through every project, application, client interaction, and more. Never take off the security hat, as customers are depending on MSPs to not only handle the heavy lifting, but also keep them safe. Not only does security need to be integral to technological and operational decisions, but an MSP should also have end-to-end security that follows every aspect of a cybersecurity framework like NIST. That starts with good cyber hygiene and ends with strong incident response.
How MSPs Can Bring Their Clients Along on Their Security Journey
While, as an MSP, it’s critical to secure your operations so that your clients are protected, that security journey travels both ways. MSPs need to work with customers to ensure that they are doing what is necessary to keep their systems safe as well. Customers want, and need, better security capabilities, so it’s on the MSP to develop business, operational, and technological strategies to engage these customers and help them improve their security posture.
The above insights are just the start of the myriad of ways MSPS can turn past mistakes into future action. Visit Arctic Wolf’s MSP resource center to further explore strong MSP security leads to improve customer security outcomes.
Learn how to both harden your security posture and reduce risk for your customers with Arctic Wolf for MSPs.
