MSP business solutions are always going to be subject to instances where data is compromised. But you can reduce this risk substantially if you educate yourself and your clients regarding that which results in such breaches.
The motivation of the cyber thief can be multifaceted. It’s not always just about getting in, getting a “pound of flesh,” and getting out. The really high caliber thieves are going to slowly worm their way in and chase the most highly sensitive data they can. The reason is that such data provides the highest returns in the long run. If they can get to a central point of operations, then push their “ransom” at a critical juncture, they’re going to make more money.
It’s like Texas Hold ‘Em poker. If you go all-in before the first line of cards flops, you’ll win antes, but it’s unlikely you’ll be able to get much more. If you bet high when the first three are turned, you can increase your winnings, but not as much as if you slow-play throughout a hand until all the chips are down and you’ve pushed somebody into bluffing. The hacker wants to have an ace in the hole, but oftentimes, he really is bluffing. Thing is, he’s always going to go for “the river,” as they call the fifth card in Texas Hold ‘Em. If you understand this, you can circumvent it by creating security protocols which allow your clients to retain their data even if a ransom putsch hits at a critical juncture.
This is more possible through cloud computing solutions than it’s ever been before. Business continuity planning is designed to ensure continuous operations even in the worst-case scenario. This can be hacking or it can be a disaster of some grade. The fact is, an MSP business is going to deal with data breach complications at some point. Having established protocols based on known strategies will ensure no operational compromise must be endured.
Choke-Points
There are several “choke-points” that hackers and other cyber thieves are going to target. One is areas of operations where payments are given or taken. If a hacker can grab the information on credit cards, they can transfer money between accounts and skip away with thousands while the company they’ve exploited must explain it to their clients.
There’s some hope. A great majority of the most pernicious hackers, ransomware purveyors, spammers, spyware applicators, malware moguls and more come from outside the United States. As a matter of fact, the concentration American forces have on “Russian hackers” is likely misinformed. There are quite a few threats that come out of China right now. A lot of these attacks are impersonal, too: they take a “shotgun approach.”
It works like this: the hackers spam out a bunch of e-mails which probe for weaknesses. They’ll send e-mails with attachments from a mix of two addresses in somebody’s account and see who answers. You may get an e-mail from “Carl Michael.” You’ve got a friend named Michael Jarvis and Carl Johnson. The hacker has taken two familiar names to you and combined them together. You click on the e-mail and there’s a link that says: “OMG! You won’t believe the face you made in this video!” You click on the video and— what in the world? There’s no video! That’s when you realize: you’ve just downloaded malware into your computer. With the right security, you can erase and reboot without losing any prior data, but without it you may be sunk. It’s just possible you’ve invited ransomware into your organization’s computer system.
Now these hackers, they’re going to probe your business sometimes before they “get” you. It’s called “phishing” because it’s basically the digital form of “fishing.” But if you know where the attacks are going to come from, you can proactively plan for them, and when they hit, quickly reverse the damage.
Hackers are likely to:
- Utilize choke-points
- Send out “shotgun” hack-attacks
- Go after the most sensitive information
At the very least, an MSP business should be aware of these vulnerable areas. If you work to prevent the most common cyberattacks, you’ll be better suited to catch less obvious ones.
