Orange Is the New Hack: 3 Cybersecurity Lessons for MSPs

Hype surrounding the Netflix original series, Orange Is the New Black, got several shades darker this past weekend when a hacker literally stole the show. The hacker, who goes by “thedarkoverlord,” obtained and shared the first ten episodes of the coming season of Orange Is the New Black on Saturday after Netflix failed to meet their ransom requests.

The hack occurred at the postproduction company Larson Studios, a popular digital-mixing service in Los Angeles for television networks and movie studios. Thedarkoverlord also claimed to have stolen unreleased content from ABC, Fox, National Geographic and IFC, and threatened ransomware attacks on these networks, as well. The theft is merely the latest in a long line of ransomware attacks by cybercriminals over the past year. Specifically, this new development provides a perfect opportunity for managed IT services providers (MSPs) to ensure that clients are adopting a multi-layered approach to IT security.

Ransomware attacks have dramatically increased in the past five years. According to a recent data breach investigations report by Verizon, ransomware attacks were up 50 percent in 2016 compared to 2015. With a growing frequency of breaches in which criminals threaten to expose or delete proprietary information unless companies pay a ransom, security experts have no choice but to respond.

You’d think that companies as large as Netflix and Fox would be secure, likely investing in state-of-the-art cybersecurity defense technology. Yet, the area of concern is the fact that these companies must also rely on a variety of postproduction vendors—from mom-and-pop shops to more sophisticated outfits—which may not all have the same level of cybersecurity and threat intelligence.

The same issue of disparity, inefficiency and ultimately vulnerability is perpetuated as many smaller businesses utilize an assortment of security vendors and products. This approach to security has traditionally been offered by managed services providers, too. For years, MSPs have provided security solutions to SMBs in the form of one-off best practices like proper password etiquette, security behaviors in the office and anti-virus software. However, this Netflix hack serves as proof that modern businesses are in dire need of a multi-layer threat defense that considers all possibilities and covers all bases with robust technology. For MSPs working to add effective security solutions to their services portfolio, the following three lessons will help ensure you’re set for a secure and scalable future.

1. Take an Integrated Approach

A trend that continues to gain traction among leading MSPs is offering a variety of services in one integrated portfolio. Providing RMM, BDR and security services in an integrated package is an effective tactic because it simplifies the IT solutions for SMBs in a few key areas, including:

  • Faster and easier service delivery
  • Increased concentration of skill sets and service
  • Simplified billing structure

If you are already offering managed IT services to your client—like RMM or BDR—but they’re using a few different security vendors for high-level endpoint solutions, there is huge opportunity in adding on security. When you’re able to provide your clients one security solution that integrates well with their existing IT services, the margin of error will significantly decrease, keeping business running smoothly. 

2. Offer Fully-Managed Security

When MSPs have to manage multiple vendor relationships, transfer data between systems and attempt to price and package services that are being purchased and consumed differently, it can be extremely difficult to find a formula that is “just right” for each security environment being managed. Security services that lack flexibility will inevitably result in some clients having more security allocated than they need, others not having enough and others being priced out of the conversation due to costly hardware or hesitating to sign long-term agreements.

MSPs that fully manage their clients’ cybersecurity will be able to achieve better cost savings, improve their ability to add security services and capabilities and enhance threat management and mitigation. While high-level endpoint solutions do not fully protect your clients’ IT environment, MSPs can secure all devices across the network with a fully-managed, multi-layered security offering that will:

  • Monitor endpoints
  • Remediate threat vulnerabilities
  • Patch gaps in security defenses
  • Mitigate security incidents while assisting in incident response
  • Conduct research and follow up

3. Redefine Security Software as a Service

There are a variety of devices in today’s SMB environment—servers, phones, laptops, POS systems, connected printers and the Internet of Things (IoT)—that require vigilant management in order to remain secure. Offering an integrated, fully-managed security solution relies heavily on software—but not solely. The reality is, because software is only as good as its developers and management, many endpoint tools often fail. Furthermore, the level of robust security needed to protect against cyber attacks (24x7x365 IT support) can be extremely expensive.

For MSPs evolving their model to a more comprehensive managed security services provider (MSSP) approach, a new class of solution is required. MSPs can essentially redefine security software as a service to a more scalable model that combines industry-leading software and the requisite labor and skillsets to manage it, day in and day out.

Handpicked for you:
Download Cyber Security Sales Success Kit 2018