In early 2017, SolarWinds® MSP investigated the cybersecurity preparedness, experiences, and failings of 400 SMEs and enterprises, split equally across the US and the UK. Now that the results are in, my anxiety level regarding the state of Internet security has never been higher. I’m also a bit disappointed we (as in the industry) have not made more progress, when it comes to securing our customers.
At one moment, our networks are secure because we are patching diligently and then the next day stuff is exploding all around us. Is there really anything we can do? The answer is yes; there is a lot we can do.
Picking through the cyber wreckage
The news of the WannaCry ransomware attacks targeting companies around the world this last weekend is just the latest in a long line of cyber carnage that has been happening. If the past few months are any indicator the damage inflicted on businesses by cyberattacks will escalate, and as this weekend proves it can all happen very, very quickly. It would appear the bad guys have broken through the front lines and are pushing the cyber defenders to the limit. The new SolarWinds MSP survey provides us with insight and perspective around why and how this is happening.
Let’s recap some of the big stories from the past few weeks:
- Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack. These patches include one for a Microsoft Word zero-day exploit. This exploit has proved equally popular with cyber criminals dropping ransomware, banking Trojans and targeting Ukrainian rebels with malware. Apparently, the hard part of this story is that this zero-day exploit has been around since security firms identified attacks as far back as November 2016, with most firms pointing to the Dridex banking Trojan as the major payload.
- WikiLeaks and Shadowbroker zero-day exploits. Between the “Vault 7” disclosures from Wikileaks and the Shadowbokers zero-day exploits for everything from Windows XP to Windows Server 2012, cybercriminals have (for free) a whole new arsenal of government-made malware to throw at us. If things were not particularly good for Defenders in Q1, Defenders in Q2 are going to have to step up their game even further.
So, the question is how do you tackle the problem of zero-day exploits? Well it’s a combination of your existing best practices—which you are already doing, right?—and securing what’s being targeted. Many of the exploits dumped by Shadowbrokers assume access to Server Message Block (SMB) and the ability to make an SMB connection over TCIP. The recommended best practices are to disable SMBv1 and make sure you are blocking outbound and inbound UDP ports 137 and 138, as well as TCP port 139 and 445 at the firewall. Since one of the exploits targets Kerberos, we know Kerberos clients need to send UDP and TCP packets on port 88, so blocking that at the firewall would give you a win. Since security researchers have managed to get their hands on the payloads, you can expect antivirus vendors to be issuing updates pronto.
Much needed perspective
The new SolarWinds MSP survey provides some much needed perspective and insight into why we’re in this predicament. There are some really startling revelations within the survey, and my view is that it shows the business arena is ripe with opportunities for Managed Service Providers (MSPs) and IT providers to deliver more security services—even simple things like Patch Management as a Service (PMaaS), user awareness training, and Backup as a Service (BaaS).
This series of stats really hit home for me:
“87% of organizations have complete trust in their security techniques and technology, and 59% believe they are less vulnerable than 12 months previous. However, 71% of those same organizations have been breached in the same period.”
Statistically the belief that “it will never happen to us” simply doesn’t add up.
The survey offers more insights and data around the kind of security technologies being used, and reveals an updated cost for data breaches. Given the revelations of the past few months, it’s an important read. The bad guys have more tools to break into networks now, which means MSPs and IT providers are going to have a lot of victim customers demanding security services.
Ian trump is global security strategist for SolarWinds MSP. You can follow Ian on Twitter at @phat_hobbit
We’ve tailored the report to reflect your side of the industry, so…
- If you’re a managed service provider, click here to download the full report
- If you’re an IT Pro, you should download this version
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.
Click here, to find out more about how SolarWinds MSP can help you protect your customers.
Watch the webinars
Check out Ian Thornton-Trump’s webinars on the survey below.