WannaCry Debrief: MSPs Say Proactive Security Key To Guarding Against Next Ransomware Attack
After the recent wave of WannaCry ransomware attacks, managed service providers said the key takeaway they are bringing to customers going forward is the importance of proactive security.
"Our whole stance is around proactive security. When you have proactive [security], WannaCry is not going to have an impact," said Michelle Drolet, CEO of Framingham, Mass.-based Towerwall.
Drolet said that proactive approach includes an integrated, layered approach to security to protect the different levels of the environment. She said that includes vulnerability management, patch management, strong protection technologies and more. Drolet said none of her company's customers were hit by the WannaCry ransomware attack.
[Related: 5 Ways To Beat The WannaCry Ransomware Attack]
The focus on ransomware, which had already been on the rise due to an increasing amount of attacks, hit an all-time high last week with the emergence of the WannaCry ransomware attacks. The attacks hit more than 200,000 computers around the world, including high-profile hits on the United Kingdom's National Health Service, telecom companies and major corporations like FedEx.
The attacks have involved a demand of a Bitcoin payment — equal to $300 -- in order to unlock computer systems. Damages from WannaCry could reach $4 billion, according to cyberrisk analytics platform provider Cyence.
Stephen Brooks, president of Newtown Square, Pa.-based Penn Systems Group, said he hasn't had a single call from a customer affected by the WannaCry attack. He credited that to the company's approach and tool set, saying it takes a "multilayered approach starting from the edge and going back." That includes UTM tools from Fortinet and SonicWall, web, server and desktop protections from Webroot, as well as business continuity tools, he said.
"It's just about being proactive," Brooks said.
Allen Falcon, CEO of Westborough, Mass.-based Cumulus Global, said he also didn’t have any customers affected by WannaCry, but his company sent out a special advisory note about the attacks. As a cloud-focused solution provider, Falcon said his company's customers tend to be more up-to-date as a lower percentage of them are running on older operating systems and it works to make sure they have good malware protections in place when migrating to the cloud. However, he said the WannaCry attacks were a good opportunity to check all of those protections were up-to-date.
"It's definitely an opportunity to talk to customers about security and to have them validate that their protections are in place," Falcon said.
That is especially important for SMBs, Falcon said. While many of the high-profile attacks fell on large organizations, Falcon said SMBs need to also make sure they are being proactive when it comes to security, even though they are likely facing tighter budget constraints.
"We had one customer tell us that hackers aren't attacking small businesses [with WannaCry], so they didn't have to worry," Falcon said. "Our response was the criminals don't care what size the businesses are."
"Just because you haven't heard about [WannaCry ransomware attacks] in the SMB space doesn't mean it isn't happening," he said. "It's just because it's in no one's interest to talk about it. No one wants to stand up and say we weren't adequately protecting our business."
To help address security risks to SMB clients, Falcon said Cumulus Global emphasizes communication to employees around security risks and the importance of security updates, current security protections, and investments in backup and disaster recovery solutions. While some SMBs protest the cost of protective security measures, Falcon said adding technologies, such as email advanced threat protection, is often less costly than remediation services.
Penn Systems Group's Brooks said he sees customers more willing than in years past to invest in proactive security technologies. He said headline-grabbing attacks like the ones last week only help draw attention to the importance of proactive security in preventing ransomware and other types of attacks.
"Something like this gets out and it can be a pretty strong talking point, for sure. It's kind of doing my job for me … the proof is right there," Brooks said.
That's an attitude that just wasn't there even nine to 12 months ago, Towerwall's Drolet said. She credited that shift to boards of directors being held more accountable for security attacks, as well as "in-your-face" ransomware attacks that put cybersecurity front and center as a business risk. While all companies aren't there, she said it is "definitely continuing to grow."
"That's how we approach everything with information security with our customers:Llet's be proactive," Drolet said.