There is a cybersecurity paradox in many organizations that MSPs should consider when working with prospects and existing clients. Most companies see cyber threats as their top concern and believe they have implemented sufficient protection and best practices to protect their data. However, many have not implemented specific technologies and processes to ensure they are safe from cyberattacks.
That is reflected in recent Barracuda survey data, which found that most respondents felt well protected. However, most respondents shared that they are not using endpoint detection and response, half of the respondents had not done a cyber assessment of their vendors, and more than half did not have an incident response plan. In other words, they feel more protected than they really are.
The Barracuda data also found that – 73 percent reported being hit by a ransomware attack, and, somewhat unbelievably, 63 percent of those companies had been attacked more than once. So not only were they not as safe as they thought, but they had not improved the situation even after experiencing an attack.
Revisiting the basics: The foundation of data protection
For MSPs, revisiting essential security best practices with clients is critical. Chief among those should be an investment in robust backup and recovery services. A good backup/recovery solution is the best insurance against a successful ransomware attack. As a result, backup solutions themselves are now being targeted in these attacks. That means investing in a solid solution is more critical than ever.
To ensure that your backup systems are safe, it is essential to understand their vulnerabilities. Two primary attack vectors are at play – the admin portal or user interface and the physical storage location where the data is kept. If the admin portal or the storage location is breached, attackers can reduce the effectiveness of the backup solution or even delete all the data.
A robust backup solution should include a few key best practices and features:
- Use Zero Trust approaches to lock down access to the admin portal and data.
- Leverage role-based access policies so that only those individuals who must access the backup solution have it. This greatly reduces the chances of a breach.
- Ensure the storage location cannot be easily browsed via the network or physically stolen (i.e., do not rely on USB dongles, etc.).
- Implement immutable file storage and data encryption. This reduces the risk of data being deleted during an attack.
- Use strong multifactor authentication (MFA) mechanisms instead of push notifications (which can result in MFA fatigue and sloppy security).
- Avoid network sharing in the backup environment.
- Use purpose-built integration solutions incorporating hardware and software from the same provider.
Follow the 3-2-1 rule: Three copies of the data, two different types of storage media, and keep at least one backup copy offsite (i.e., an air-gapped or offline copy).
While most companies have backup processes, few have very secure backup policies. MSPs can fulfill the requirements. However, it’s just the beginning. Preparing for an attack and the subsequent recovery process is just as important. Organizations should have a clear backup/recovery plan, test that plan, prioritize the concept of full-system recovery (including during testing), and keep the backup system up to date.
Many companies take a set-it-and-forget-it approach to backup, but the recovery process is just as important. Servers and systems part of the backup environment must be regularly updated and patched, and restoration processes should be documented and practiced. Recovery processes must be done in a particular order to bring the client back to their original state, which is why regular testing is vital to ensure that outside vendors and internal staff are all on the same page and act quickly when there is a breach.
Backup services have become imperative to safeguard customer data. They should encompass everything the customer cannot live without – on-premises data, anything moved to the cloud, and any SaaS or cloud-hosted application data (typically not backed up by the provider).
A multi-layered approach to data protection
It’s also important for MSPs to emphasize that a good backup and recovery solution, like a good goalkeeper on a soccer team, should be the best last resort. A multi-layered security approach that includes backup and recovery is best.
An ideal security solution should include email security that leverages artificial intelligence or machine learning to spot attacks that gateways and firewalls would otherwise miss. It should also have incident response capabilities.
Besides email security, MSPs should adopt a zero-trust approach for their clients, leverage MFA, and invest in Extended Detection and Response (XDR) technology to gain a more holistic view of network activity. They should also take advantage of a 24/7 security operations center (SOC) – available as an on-demand service for organizations that cannot afford to staff their own – for around-the-clock monitoring.
As MSPs guide their clients through this critical journey, they should emphasize that data protection is not just about a single solution but building a multilayered security framework. With ransomware attacks rising, MSPs and their clients must understand that the best defense combines vigilance, preparedness, and cutting-edge technology. Backup and recovery services are the cornerstone of a resilient cybersecurity strategy. Still, they should be part of a broader, comprehensive approach encompassing proactive threat detection, zero trust principles, and 24/7 monitoring. As we navigate the increasingly complex and dangerous ransomware landscape, MSPs and organizations must stand together, fortified by a robust cybersecurity fortress that leaves no room for compromise.
For ideas to get the conversation started, download the Barracuda eBook on Conversational Cloud Backups for MSPs.
Photo: 1st footage / Shutterstock
This post originally appeared on Smarter MSP.