Cyber Defense eMagazine July 2021 Edition

More documents

Recommendations

Info

Why MSPs and their customers are uniquely vulnerable to cybercriminals. MSPs are increasingly in the line of fire for cybercriminals, as seen during last year’s crisis. MSPs hold the keys to hundreds of organizations that they manage, making it attractive to go after many at once. “Buffalo Jump” attacks occur when an MSP is breached and more than one managed organization is compromised with malware as a result. Ransomware has also moved to the cloud. Attackers understand MSP tools and know how to exploit the vulnerabilities and tools that MSPs depend upon. They know that enterprise-grade security solutions are rarely built for use by MSPs, who represent a large number of companies, each with its own appetite for risk, or lack of understanding of cybersecurity tools or resource constraints. Last year marked a rapid digital transformation as more customers shifted to the cloud. This introduced a slew of potential new vulnerabilities and risks for uneducated and unshielded customers. In fact, 82% of MSPs told us that the budget reserved for cybersecurity increased in 2020, with 75% of respondents indicating their spending would increase on average by 12.1% in 2021. Of the three types identified in our report - front runners, trying to keep up, and lagging behind - MSPs in the last category that don’t prioritize a security-first approach for a fast-evolving threat landscape take the biggest risk in terms of time and money loss. Common sense cybersecurity steps for MSPs MSPs need to take threats seriously, even if their customers don’t. Here are some common sense security steps and approaches for MSPs: • Recognize you’re a valuable target – Most importantly, if you lack the right staff and training, then get on board with trusted partners and peers that can help you grow your security know-how and capabilities. • Educate customers –Becoming more assertive with customers and bundling security into all packages will put you in a stronger position. • Evaluate Budget – Educating leadership on the gaps and risks with a self-assessment is the only way to get an increased security budget. • Get Dedicated Staff – Tools alone aren’t enough; you need human capacity to operate and interact with security solutions, whether with dedicated security personnel or managed security services. • Reduce tool sprawl – Find security controls that work well together and with your current ticketing systems and complement your stack. • Maximize your spread – When thinking about what to bundle into basic packages, keep in mind the realities of today’s increasingly converged customer environments, including must-have SOC/SIEM with additional XDR/MDR/EDR layered tools. • Tackle passwords and training –Passwords remain a key weak link where security failures are concerned, so password reuse training, architecting multi-factor authentication and security keys for single-sign-on are important. Cyber Defense eMagazine – July 2021 Edition 46 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
The next big thing: addressing remote workforce security gaps What happens when everyone suddenly starts working from home? Security becomes pushed to the backburner. With fully remote and hybrid working models set to stay for the long term, MSPs must urgently review the effectiveness of existing security controls in terms of where employees – and their customers’ users – now work and determine whether an alternative deployment architecture or controls are needed to cover the risk. There are a lot of timely reasons for MSPs to get their cybersecurity ducks in a row, from protecting customers to insurance firms hardening their attitudes toward cyber policies and new compliance regulations. Whatever the reason, the time is now. About the Author Wes Spencer is the CISO at Perch Security, which was acquired by ConnectWise in November 2020. He is responsible for leading external security strategies, working with external constituencies and media. He also provides cybersecurity thought leadership to ConnectWise’s partners, enabling them to build more mature cybersecurity programs for themselves and their clients. Wes has been in the technology industry for 22 years, garnering awards such as Cyber Educator of the Year by the Cybersecurity Excellence Awards in 2020. Additionally, Wes is a part of multiple boards, serving on the Advisory Committee on Cybersecurity at the University of Florida, the Advisory Board on Cybersecurity Management at Murray State University, and as Chairman at the Community Institution Council Advisory Group, FS-ISAC. He has been featured in numerous publications, including The Wall Street Journal, ProPublica, Dark Reading, and Bleeping Computer. Wes attended Murray State University, earning both a Bachelor of Science in Cybersecurity and a Master of Science in Cybersecurity. In 2017, he was named among Murray State’s Alumni of the Year. Outside of work, Wes runs a YouTube channel with 30,000 subscribers covering cybersecurity and cryptocurrency. He is happily married and enjoys gaming and exploring the outdoors with his four children. Cyber Defense eMagazine – July 2021 Edition 47 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Colonial Key Business Pipeline, Les
Page 3 and 4: Ransomware, the Ultimate Cyber Thre
Page 5 and 6: @MILIEFSKY From the Publisher… Ne
Page 7 and 8: Welcome to CDM’s July 2021 Issue
Page 9 and 10: Cyber Defense eMagazine - July 2021
Page 33 and 34: Colonial Pipeline, JBS Cyber Attack
Page 35 and 36: is clear: Cyberattacks will continu
Page 37 and 38: of management complexity for any bu
Page 39 and 40: Flipping the Cyber Script Getting A
Page 41 and 42: Trust strategies, they will prevent
Page 43 and 44: The growing threat In the last 12 m
Page 45: Common Sense Cybersecurity Steps fo
Page 49 and 50: Applying PR tactics is a new page i
Page 51 and 52: NATO to Consider Military Response
Page 53 and 54: The number of open positions in var
Page 55 and 56: 3. Delivery - Transmission of the p
Page 57 and 58: Uncovering the Dark Side of the Col
Page 59 and 60: Energy and Utilities - You Have No
Page 61 and 62: a cyberattack that shut down approx
Page 63 and 64: Ransomware and the Cybersecurity In
Page 65 and 66: About the Author Jack Blount is Pre
Page 67 and 68: The airline industry’s poor recor
Page 69 and 70: Ransomware, the Ultimate Cyber Thre
Page 71 and 72: About the Author Yehudah Sunshine,
Page 73 and 74: A second reason for the increase in
Page 75 and 76: A Case of Identity: A New Approach
Page 77 and 78: Implementing a digital trust ecosys
Page 79 and 80: A 3-Part Plan for Getting Started w
Page 81 and 82: As threats continue to evolve, it
Page 83 and 84: 1. Endpoint and user protection Des
Page 85 and 86: The Risks of The Vulnerable Iot Dev
Page 87 and 88: Insecure Data Transfer and Storage
Page 89 and 90: Three Steps to Building Email Cyber
Page 91 and 92: Plan Ahead and Avoid Disaster The H
Page 93 and 94: NDR technology is built on three pr
Page 95 and 96: Hardware Trojan Detection By Sylvai
Page 97 and 98:
the properties (user mode, memory a
Page 99 and 100:
About the Author My Name is Sylvain
Page 101 and 102:
outside coaches - to help them impr
Page 103 and 104:
Tips for Avoiding Online Scams Duri
Page 105 and 106:
Phishing Example 1 Phishing refers
Page 107 and 108:
About the Author Cindy Murphy is th
Page 109 and 110:
The recent Feedzai report confirms
Page 111 and 112:
Why Cyber Risk Is the Top Concern o
Page 113 and 114:
(BEC) attacks, also known as “fak
Page 115 and 116:
What Educational Institutions Need
Page 117 and 118:
Firewall Security VPN connectivity,
Page 119 and 120:
Business Continuity: Where InfoSec
Page 121 and 122:
● ● ● ● How educated are em
Page 123 and 124:
Biometrics Challenges By Milica D.
Page 125 and 126:
Epic V. Apple Trial - Impact of Big
Page 127 and 128:
About the Author Brad Ree is the Ch
Page 129 and 130:
eaches because large amounts of hig
Page 131 and 132:
• securing mobile and remote work
Page 133 and 134:
This topic has great relevance beca
Page 135 and 136:
I recommend that leaders of private
Page 137 and 138:
fail that promptly. After, say, sev
Page 139 and 140:
1. Infosecurity Europe Where: Olymp
Page 141 and 142:
leaders, and help each other advanc
Page 143 and 144:
Cyber Defense eMagazine - July 2021
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
You asked, and it’s finally here
Page 155 and 156:
9 Years in The Making… Thank You
Page 157 and 158:
show all

Cyber Defense eMagazine July 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?