Ransomware attacks against MSPs, their tools and their customers, are expected to grow in 2020, leading cybersecurity experts said.
Borrowing a line from the infamous bank robber Willie Sutton, Stephan Tallent, senior director, managed security service providers, at Fortinet said there is one reason hackers will keep hitting MSPs: “That’s where the money is.”
“I think in 2020, we’re going to see a big uptick in MSPs being targeted by the bad guys” he said during a panel discussion at Continuum’s Navigate 2019. “That’s something we always need to be thinking about, how are we protecting our environment. Because we are the interface, and the connectivity to a massive amount of customers. I think you’re going to see a lot more of that.”
Tallent said to make matters worse, 78 percent of small businesses who are hit with a ransomware attack, never recover. Sitting beside him on stage, Kyle Hanslovan, founder and CEO of Huntress Labs, agreed that more attacks are inevitable.
“There’s no doubt,” he said. “I mean if you just go with basic data. We’ve seen an explosion of MSPs getting encrypted en masse, from one a month, to three, four per week right now. It’s an up trend. Its here to stay.”
Continuum CEO Michael George told CRN the MSP industry is in a “pandemic crisis” when it comes to ransomware. He said the only way this threat can be fought effectively is through the large-scale deployment and use of AI and machine learning to track down indicators of a system intrusion, before it has a chance to dig in.
“I don't know that they'll ever get completely eradicated,” he said. “But they will get reduced dramatically and then they'll get identified quickly enough that they'll not cause harm anymore and we are not going to do that with human beings.”
George has pushed for a bigger security apparatus for his own company, and just this year Continuum opened its third security operations center. The single-story building in an office park also boasts a help desk with rows of cubicles, that makes it look like any other call center, but it houses advanced AI, that George said will be the difference-maker in the war to come.
“If it's man versus man and these things are coming out at a velocity, and through these vectors that we can't even anticipate any more, we're going to lose,” he said. “But, if I can build, artificial intelligence systems that have enough predictive analytics that can do fact pattern recognition and start to see things before they evolve, to start to see the very first anomalous thing, that would otherwise go completely undetected, and then has the ability to isolate, investigate and remediate that through automation ... it's the only way and that's true.”
Continuum had its own struggles when one of its MSP customers failed to follow best security practices and was hit with ransomware. George said the incident taught Continuum that they cannot allow partners to hurt themselves. He said while they had warned partners to always enable multi-factor authentication, they allowed the partner to choose whether to turn it on or not. Now, he said, it is mandated, system wide.
“We are not going to allow our partners to suffer from self-inflicted wounds by not following what we're telling them to do,” he said. “So now we're going to do the for them. And if it's too ardent, too stringent, too hard an environment, and they don't like it, they're just going to have to go and use somebody else's tools, because we are not going to let you, let other people weaponize these environments for malicious activity anymore.”