MSPs and their SME customer base continue to be prime targets for attackers, particularly when it comes to ransomware.
N-able’s analysis of its 2022 Mail Assure data compared to 2021, showed an increase in phishing attacks over the prior year, based on over 28 billion emails blocked by the cloud-based email security solution. Specifically, phishing attempts against businesses increased from 776 million to 913 million, an 18% increase year-on-year. And there were five million more attempts by hackers to install viruses on MSP customer servers.
In a survey commissioned by N-able last year, MSPs reported that 82% of customers have seen an increase in attempted cyberattacks, with phishing revealed as the top attack vector. As email continues to be a primary delivery method for malware, with many ransomware attempts delivered this way, these types of targeted attacks can provide a rapid entry point to deliver the payload cybercriminals are desperately seeking.
“Cybercriminals are clever, and phishing is, for them, not only cost effective but an incredibly efficient tool in their arsenal. These criminals will continue to deliver well-timed and well-planned spear-phishing attacks against strategically targeted individuals within an organization to gain the right permissions to execute their actions and objectives,” said Dave MacKinnon, Chief Security Officer at N-able. “To do this, actors will continue to leverage highly specific spear-phishing emails with the intent of installing malware on even the most cyber-aware companies’ assets. It’s vital to stop as many attempts as possible at the front door, but this strategy on its own isn’t enough.”
“SMEs continue to be attractive targets for cyberattacks so having the right knowledge and education is vital, it’s imperative that MSPs continue to educate on security best practices,” said Lewis Pope, Head Nerd at N-able. “For example, the importance of moving away from legacy solutions to help certain defenses such as moving away from standard antivirus and adopting an endpoint detection and response tool. Not only to help prevent these targeted attacks, but to provide the rapid recovery that AV can’t.
Cyber resilience doesn’t need to be complex—an MSP can provide simple solutions to help reduce vulnerabilities and protect SMEs by implementing security controls aligned to the UK’s Cyber Essentials framework, NIST Cybersecurity Framework, CIS Controls, or the upcoming EU Cybersecurity certification framework. These solutions include the use of data protection, proper patch management, email security, 24×7 security monitoring for endpoints, the use of multi-factor authentication, and other tools along with complementary business processes. Not only can this help improve a SME’s cyber resilience but also improve operational efficiencies at the same time.”