The White House has issued a new set of guidelines to help protect businesses large and small from the threat of ransomware. Here's what MSPs need to know.
Over the last decade, ransomware attacks have increased significantly, impacting public and private sector entities around the globe. Ransomware has been on the radar of the tech industry leaders since 2005, but many don’t know that the first ransomware attack occurred way back in 1989 via floppy disks delivered to AIDS researchers spanning more than 90 countries. So, in short, the problem isn’t new, it’s just intensifying. With the rise of ransomware-as-a-service platforms and the proliferation of easy-to-use attack tools, barriers to entry continue to drop, and more and more cybercriminals view the method as a big opportunity for large payouts.
The trend line has been on a steady rise for years now, but several recent high-profile attacks affecting the U.S. oil and food supply (Colonial Pipeline and JBS, the world's largest meatpacker) have raised renewed awareness and prompted U.S. officials to acknowledge the severity of the threat.
On June 2, the White House has issued a new set of guidelines to help protect businesses large and small from the threat of ransomware. Here’s what the White House is urging organizations to do now to increase their cyber defense readiness.
Backup your data, system images, and configurations, regularly test them, and keep the backups offline
Update and patch systems promptly
Test your incident response plan
Check your security team’s work (security and pen testing)
Segment your networks to maintain operations in a cyber incident
What these guidelines mean for MSPs
These guidelines obviously aren’t new for security-minded managed services providers, but they do present a potent reminder that passively rolling out tools is no longer enough. As stewards of their clients' networks, MSPs are being strongly encouraged to test and rehearse their security plans and backup procedures at an even higher rate than in previous years. Proactive security testing and tabletop exercises are being recommended as essential in order for all employees to know their roles and responsibilities during a cyber incident.
The result is more time and money spent up front, but the consequences of a successful ransomware attempt — an average paid ransom of $220,298 and 23 days of downtime — far outweigh the investment.
The COVID-19 pandemic has shifted how employees and businesses work while making IT leaders reimagine cybersecurity in a distributed workforce world. Take stock of these base-level cyber defense activities listed above and re-evaluate/test your current procedures to see if they’re working.
What these guidelines mean for your clients
These guidelines also present a perfect opportunity for MSPs to start or re-open the security conversation with their clients. If there are new services and/or projects that you've been advocating for, then pointing to the White House memo could help get the ball rolling.
If there's a narrative to pull from the recommendations, it's that you and your clients need to embrace the "assume breach" mentality that frames incidents as something that you're not only actively trying to avoid, but that you're also actively preparing for.
These new guidelines, if messaged properly to your clients, represent a new greenfield of sales opportunities. Political pundits believe these strong guidelines combined with the federal government labeling ransomware as a national security threat are only the beginning — the next step will be regulations. Position this as an opportunity for businesses to get ahead of the curve. By investing in cyber defense solutions today they won’t have to scramble with the rest of the herd tomorrow.
Our CSO's take on the guidelines
I had a chance to connect with NinjaRMM CSO Lewis Huynh on the new guidelines, and he took the time to share what precautions NinjaRMM has taken along with his take on how MSPs should continue to evolve their security practices:
“With the White House's recent announcement on ransomware, the team at NinjaRMM would like to share our approaches to these threats. In the first quarter of 2019, on the heels of the October 2018 warnings issued by the DHS and CISA and the January 2019 warning issued by the FBI, Ninja began a security mission to progressively harden our internal policies, coding and development practices, cloud and infrastructure environments, and Ninja App features and implementations. Essential to our plan were the best practices laid out by the Biden administration's Executive Order (MFA, endpoint detection and response, encryption, a strong internal security team), as well as the recommendations provided in this latest memo (backups, patches and updates, incident response, pen testing, network segmentation). We strongly echo those recommendations.
In addition, while threats have been increasing in number and intensity, Ninja has been vigilant — constantly evolving our security team, practices, and implementations to provide Ninja customers with greater and additional levels of protection and security. We have also accelerated security-related features in the Ninja App, enabling our customers to also follow the administration's guidance: MFA by default, MFA for all destructive activities, improved patching/software update management, improved scripting, and the huge feature — Ninja Data Protection. We are also constantly engaged with the our partners and the wider community through our blog, DoJo, and Privacy Team (email: firstname.lastname@example.org).
Looking toward the future, it's our mission to continuously re-invigorate our security team, improve our security practices and tools, and adapt our roadmap to reflect the evolving threats to the community.”
— Lewis Huynh, Chief Security Officer at NinjaRMM
If you're looking for help leveling up your and/or your clients' security posture, these resources are great places to start: