MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe


Empowering Your MSP Business to Grow and Prosper—One Post at a Time

The-Ultimate-Guide-to-Success-in-Managed-IT-Services


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

How to Protect Against Sophisticated Hackers

Posted August 23, 2018by Chris Crellin

How to Protect Against Sophisticated Hackers

Cyber attacks are getting more complex and sophisticated every day. Criminals used to take a spray-and-pray approach, casting a wide net and relying on a large volume of unsophisticated targets falling for an attack, unintentionally giving away sensitive information or downloading malware. But, as defenses got better at blocking this type of attack, hackers learned to adapt.

Cyber criminals developed new types of attacks that can evade traditional security measures. For example, spear phishing, whaling, business email compromise, and CEO fraud are generally zero-payload attacks, so they can bypass most firewalls and email security solutions because they don’t include a malicious link or attachment. Instead, they rely on social engineering to trick users into giving away login credentials that can be used to gain greater access or take over an email account and use it to send more convincing spear phishing emails. Often, attackers will infiltrate an organization’s network and study how the business works so they can more effectively target specific executives with requests to wire money or send sensitive W2 information.

And, these types of sophisticated attacks are becoming more common. According to a recent study by GreatHorn that was published on Help Net Security, 56 percent of security professionals see email threats including impersonation attempts, wire transfer requests, W2 requests, payload attacks/malware, business services spoofing, and credential theft, on at least a weekly basis.

AI for Better Defense

To combat these types of complex attacks, IT services providers need to implement more advanced solutions and help customers take a layered approach to email security.

One piece of this is moving beyond default security. As more businesses move to cloud-based solutions like Office 365, many organizations are simply counting on the native security that’s included with these platforms being enough to protect their data. This level of protection isn’t enough to combat today’s sophisticated hackers, though.

Adding a third-party email security solution can help IT service providers improve the basic level of email protection their customers have in place. Third-party email security solutions provide more advanced threat detection and remediation. Vendors are also starting to leverage the power of artificial intelligence to help improve defenses. For example, Barracuda Sentinel uses an AI engine to learn the communications patterns of an organization and identify and stop spear phishing attacks.

The Human Firewall

Security awareness training is another important piece of protecting your customers from advanced threats and sophisticated hackers.

IT professionals are aware that user error is a significant threat vector. According to Barracuda’s recent Email Security Trends report, 84 percent of IT security professionals said poor employee behavior was a greater email security concern than inadequate tools. And, there is room for improvement when it comes to security education. Also according to the report, 98 percent of respondents said there are better ways to train employees than traditional classroom education.

One approach IT service providers can use to improve security awareness training is adding computer-based training to their security offering. Computer-based training solutions provide a combination of interactive educational materials and phishing simulations, which IT service providers can use to evaluate end users’ knowledge of security best practices and ability to recognize email-borne threats.

Providing this type of training on an ongoing basis helps service providers add value for customers that need training for compliance reasons. It also helps turn end users into an asset instead of a vulnerability. Educated employees that are aware of current threats and understand how to recognize an attack are like a human firewall. Helping customers learn how to they can protect themselves is one of the most powerful tools an IT service provider can use to protect against today’s sophisticated attacks.

 

Barracuda MSP is a Silver sponsor of Navigate 2018, taking place in Boston on September 24–27, 2018! Come stop by our booth to say hi and learn more about how to protect against sophisticated hackers.

 

Handpicked for you:

Download Explaining Cyber Security eBook

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management. 

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus