By Kevin Lancaster, CEO at ID Agent
According to a comprehensive analysis of security breaches conducted by Gemalto, last year saw almost 1.4 billion data records lost or stolen. Juniper Research has the global cost of data breaches reaching $2.1 trillion by 2019. The numbers are alarming, and while 2017 statistics are still unfolding, we already know there is great cause for concern. With modern malware, new-age ransomware and the Bitcoin process, the IT market has advanced in complexity with more sophisticated cybersecurity threats which are increasing in both frequency and scale.
The NotPetya ransomware campaign cost pharmaceutical giant Merck more than $300 million in Q3 2017, and sources suggest that Merck will be hit with that amount again in Q4. Mondelez International, maker of Oreo cookies and Cadbury chocolates, estimates the Petya malware attack shaved three percentage points from their Q2 sales growth, due to interruptions in shipping and invoicing.
The magnitude of some of these attacks is astounding, but many large corporations have the resources to survive the disruptions experienced at the hands of these criminal activities. It is small businesses, however, that are feeling the impact the hardest when a cyberattack occurs due to lack of preparedness, resources and confidence in the ability to stop an attack. Some estimates say that as many as one third of small-to-medium-sized businesses were hit by ransomware in 2016, forcing many of them to halt operations completely.
Cybercriminals have learned that smaller attacks can be replicated easily and carried out against multiple companies – including small and medium sized businesses – for greater revenue. It only takes a small number of successful attacks to yield substantial revenue – and incentive.
With the evolution of today’s attacks, companies of all sizes need to be vigilant and place a higher priority on protecting their employees and their corporate networks and systems. And small businesses are relying on their MSPs. Are you offering the latest protective services that your clients need to protect their networks and systems? Are you prepared for a client cyberattack?
Not long ago, selling cybersecurity services to clients meant offering simple monitoring and patching services. The significant ransomware threat and Bitcoin was not even around a few years ago when you may have signed some contracts with clients. The market has changed substantially – so your services as well as what you are charging – need to change as well.
Don’t be afraid to talk about increased pricing. As an MSP, you are protecting your clients’ most valuable assets, assuming much risk in securing networks and systems, and you need to be compensated. There is substantial value in these services – more value today than ever before. MSPs are providing more services – user awareness training, active endpoint protection and more. In fact, if you aren’t charging enough for protective services, your clients may question why and look to others who may be offering seemingly better services.
Fundamental cybersecurity best practices include backing up data regularly, keeping software up-to-date and staying on top of the common tactics used to spread ransomware. Today’s MSPs should also be providing Dark Web monitoring services – solutions that scour millions of sources including botnets, criminal chat rooms, peer-to-peer networks, malicious websites and blogs, bulletin boards, illegal black market sites and other private and public forums – to identify and monitor for an organization’s compromised or stolen employee and customer data. Dark Web monitoring services are allowing IT service providers, MSPs and MSSPs to educate their clients about the high risk of the Dark Web and protect them from the dramatic rise in credential-based exploits.
The Dark Web, the large portion of the Internet that is hidden from conventional search engines, holding a wealth of stolen data and illegal activity, must not be overlooked in an up-to-date security plan. As well, delivering affordable, add-on services with 24/7/365 alerting and monitoring for signs of compromised credentials, allows MSPs to quickly and cost-effectively increase monthly recurring revenue, customer stickiness, dependence and satisfaction as well as attract and retain new customers.
Personally identifiable information (PII) – names, email addresses, passwords, dates of birth and IP addresses – are being stolen at alarming rates. Hackers, including nation states, organized crime, hacktivists, malicious insiders and motivated individuals, are using our PII to successfully access and steal our money in a variety of ways. While cyber breaches are no secret, many don’t realize that organizations and individuals are highly vulnerable to exposure of PII on the Dark Web, lending high vulnerability to corporate systems.
Most small and medium sized businesses don’t have the knowledge or resources to protect themselves against the sophisticated attacks looming today. As the MSP, ensure your clients are protected against today’s inevitable threats and be prepared when they strike by offering the latest, most comprehensive, protective security services, including Dark Web monitoring.