In this week's installment of MSPtv, we're joined again by Continuum's Chief Information Officer, Hunter Smith, as we talk about cyber attacks. Hunter discusses a recent report by the Ponemon Institute, and provides insight to what the statistics released in the report could mean for MSPs. According to the Ponemon Institute, hackers prefer easy targets to harder ones, and will call off an attack if it is taking too long to get through. Hunter goes over the different types of IT infrastructures and points out exactly which types hackers prefer to target. Finally, Hunter discusses the products that Continuum offers to its partners and highlights the ways that they can be used to prevent cyber attacks on end users.
Check out this latest episode and stay tuned for future MSPtv coverage on cyber attacks in the future.
Have any suggestions for an MSPtv episode? Want to give us your feedback? Email us at firstname.lastname@example.org and let us know what you think!
Hunter: Good Scott, yourself?
Scott: Good. We wanted to talk with you folks a little bit about cyber-security, hacks and attacks. We've recently come across some information that the Ponemon Institute released, and it was rather a startling survey, right? Most of us are used to the big attacks of Sony and Target and those guys, but what did this report tell us?
Hunter: Well it was interesting, Scott. What this report told us is that the average take that a hacker makes from an attack is only $15,000.00. So while we hear about the Sony's and the Target's and that [SP] what make the news, the bread and butter for hackers, as it turns out, is actually the small to mid-sized business.
Scott: Which is a concerning thing. I'm sure all of our partners and clients, and so forth hear about those big stories, but they think it's outside of the realm that's going to bother them, if you will. But this presents a good opportunity for our partners to have a conversation. What are some of the things that we took away from the report?
Hunter: Well, so a number of things that we took away from the report. The first was that on average, 70 hours of attack go into a typical IT infrastructure.
Hunter: 147 hours go into battling what's called an 'excellent IT infrastructure'.
Hunter: And at 206 hours, an attacker will generally give up.
Scott: Okay. All right. So, let's define those terms. What would we consider to be a 'typical IT infrastructure'?
Hunter: A typical IT infrastructure is going to be one that has an antivirus solution in place. Has patching in place, and has some level of monitoring in place.
Scott: Okay. And 'excellent'?
Hunter: Excellent takes everything that is done in a typical IT infrastructure, and expands it further by thinking about every endpoint that could exist on the network.
Hunter: And dealing with things like mobile device management. It also is going to create an IT security program, and define policies for things like network access, and administrative account control, and password changes.
Scott: So something certainly more robust and what have you.
Hunter: Certainly more robust, and certainly more structured and regimented.
Scott: Right. And when we talk about plans, having them in place also, exercising and reviewing those plans on a regular basis.
Hunter: Correct. That would be all of the hallmarks of having an IT security program, and a well run one.
Scott: Now some of these barriers; the technical differences between a typical and an excellent IT infrastructure, the report suggests...and by the way, this report was profiled from hackers, both from the U.S., the U.K. and Germany. So this is, if you will, sort of an anonymous survey of hackers themselves.
Hunter: Yeah, this is getting the information right from the source.
Scott: Right. Now, when they're going up against a particular kind of network, after so much time, they're going to give up as far as terms of delay. Where were we coming in on that?
Hunter: Well, so it was interesting. After 10 hours, almost a quarter of them will quit.
Hunter: That number jumps to 20 hours and over a third of them will quit. And at 40 hours, a whopping 60% of them will quit.
Scott: So if you can get some significant infrastructure in place in terms of IT security for your partners, for your end clients, you're really making their site a lot safer; their business a lot safer.
Scott: Okay. So kind of stepping away from that a little bit, where does Continuum fall in helping our partners and what kind of products are we providing?
Hunter: There are a number of areas where Continuum actually provides products and services that can actually support our partners. The first is with our core monitoring product, and help desk services to back that up. But we also offer antivirus solutions, patching, as well as mobile device management. And should all else fail...
Hunter: We offer backup and disaster recovery.
Scott: Now, backup and disaster recovery, we've spoken about this before and the difference between the two. But more people are using, let's say, the Cloud or hybrid solutions of OnPrem and the Cloud in order to cover their requirements and what have you. What kinds of encryption protocol should we be looking for, or what does Continuum offer?
Hunter: Well, so when you think about backup and specifically sort of Cloud backup, you want to make sure that all of your data is encrypted from the point in time that it's actually backed up, which is exactly what we do with 'Continuum BDR'.
Hunter: We actually from the moment that it's backed up, all the way through, into the Cloud and it rests, it actually's fully encrypted, because again, if you want to think about hackers and how they're going to attack, being able to attack your backups in the Cloud would be potentially one path of attack.
Scott: Where they could go. Now, an attack also that we're seeing a little bit more and more of that maybe 'Continuity' addresses in some fashion is ransomware attacks. Explain those to me.
Hunter: Ransomware is where your network gets infected with a virus, and what that virus does is it takes and encrypts the contents of your business.
Hunter: And then it gives you a ransom, and says, "If you don't pay some amount of money, we will not give you the key that unlocks the encrypted data."
Hunter: And some of the nastier ransomware viruses will actually have a self-destruct sequence, where if you don't actually respond to the ransom within a 24 or 48-hour period, it doesn't not just give you the key, it actually deletes the data.
Scott: So more and more of our people might be seeing that coming their way as well.
Scott: Now the incremental backup that 'Continuity' offers as well, offers I would imagine a little bit of a chance to go back and do a little forensic work on that. Why is that important?
Hunter: Well, it's actually very important to have, because sometimes when you've been unfortunately hacked, you need to be able to go back and look at the situation that led up to being hacked.
Hunter: And if you have a vulnerability in your business, you cannot allow that vulnerability to continue to exist. So you have to immediately move to close that vulnerability, but then how do you go back and actually examine how it occurred?
Hunter: And so, being able to actually recreate or create a disaster recovery of your business environment can give you that opportunity to create that environment to go take a look at.
Scott: And see where that occurred and how it occurred.
Hunter: And you know unfortunately, if the exploit was big enough, then that also becomes your ability to actually recover your business, and continue to operate.
Scott: And go in that direction. So this is an ongoing issue that all of us are dealing with more and more so. I think as technology becomes more sophisticated, there's a positive side and a negative side to it.
Scott: And certainly something for our partners to take advantage of in their conversations with end clients.
Hunter: Well yeah, and I think the thing that came out of this report that I think our partners should take away, is that hackers are looking for easy targets.
Hunter: And they consider an easy target something that takes less than 70 hours to gain access to.
Scott: Right, with pay-off figure of about $15,000.00.
Hunter: With a pay-off figure of about $15,000.00.
Scott: Right. So it's really an opportunity, folks, to have a conversation with your end-clients and really inform them about what really hackers consider to be a substantial pay-off and one that's worth their time and effort to go after. It's the Sony's that get the big news, but it's the middle and small businesses that are probably going to get the worst end of it.
Hunter: $15,000.00 tells me that they're really is no target that's too small.
Scott: Yeah. Absolutely. Well best of luck to everybody. Stay in touch, and we'll be having more on this as time goes forward. Thank you.
- How to Lock Down Security with Your Cloud Provider & Backup Solution: MSPtv Episode 45
- Which Cloud is Best for You?: MSPtv Episode 46
- Do You Know the Most Cost Efficient Backup Platform?: MSPtv Episode 44
By Meaghan Moraes
By Dave LeClair