A casual glance at the headlines is far from reassuring concerning the state of enterprise security. Whether it is the billions being paid out to criminal gangs, the millions of customers whose personal data was hacked, or the latest vulnerability impacting IT systems, the bad news keeps piling up. And with organizations unable to fill urgent cybersecurity jobs – or even entry level positions – the situation looks grim.
Managed Security Service Providers (MSSPs), though, view these developments in a different light. They see these megatrends as a sure sign that the MSSP market is going to remain health for the foreseeable future. Organizations need all the cybersecurity help they can get.
Let’s summarize some of the latest malware and cyber-staffing shortage headlines:
Many wait with bated breath to see if their winning ticket comes up in Powerball. A recent jackpot exceeded a billion dollars. But cybercriminals look for a different kind of winning ticket – holding organizations to ransom. In the U.S. alone, banks processed $1.2 billion in ransomware payments in 2021, according to a report from the Treasury Department’s Financial Crimes Enforcement Network. That’s almost triple the amount from 2020 and the total could be even higher in 2022. With a war happening in Ukraine and Russia under heavy sanctions, the fact that much of this money is filtered through suspected Russian cyber hackers means that some of that cash may be subsidizing the Russian military. Stopping ransomware in its tracks, therefore, is a matter of national as well as organizational security.
Who is making the biggest payments? The manufacturing industry leads the way, with the average ransom payment being around $2 million, according to a Sophos study. These businesses probably considered that amount to be a modest penalty in comparison to the millions they would lose each week by having their systems shut down. This may be one of the reasons why manufacturing ransom averages are more than double that of the broader business world. Cyber criminals know this. They want to target companies that incur big daily losses due to a ransom attack. Manufacturers not only fit the profile; they are also laggards when it comes to security and digital transformation. Many of them cling to aging and highly insecure systems. And with the worlds of IT and operational technology (OT) coming together, ancient OT systems are now heavily exposed.
Overall industry averages show that 37% of those paying ransoms handed over more than $100,000. But as many as 8% paid $1 million or more to be given their decryption keys. Not surprisingly, almost two thirds of those paying failed to recover all their data.
Ransomware is huge. But insider threats, too, are becoming a major issue. Kroll’s Q3 Threat Landscape: Insider Threat the Trojan Horse of 2022 report highlights the rise of insider threats in the enterprise. They accounted for 35% of all unauthorized access threat incidents.
- A big increase in phishing, particularly via valid accounts
- More malware infections via USB
- A decrease in overall ransomware attacks as criminals focus on the most lucrative targets
- An increase in credential stealing malware such as Ursa, Vidar, and Raccoon
- A rise in attacks against professional services and manufacturing firms
- An increase in phishing attacks, specifically vishing and smishing attacks in which threat actors attempt to gain valuable personal information for financial gain through phone calls, voice altering software, text messages, and other tools.
The Sad State of Government Security
In light of these challenges, the federal government has taken major steps to safeguard its systems. Yet breaches continue and ransomware is running rampant.
- Between 2018 and October 2022, 330 individual ransomware attacks were carried out against US government organizations, potentially impacting more than 230 million people and costing an estimated $70 billion in downtime alone.
- Ransomware amounts varied from $1,000 to $5.3 million
- Hackers demanded nearly $36.5 million (72 ransom amounts were revealed)
- Hackers received $5 million in payments from 27 of those 72 cases
- Ryuk, Sodinokibi, DoppelPaymer, and Conti were the most prolific hackers (where the entity disclosed the hacker name or the hacker claimed responsibility for the attack)
- Texas had the highest number of attacks (35) and the greatest number of people impacted (72.5 million), followed by Georgia with 25 attacks and 23.9 million people potentially affected. Making up the rest of the top five most affected states were California (19 attacks), Florida (18 attacks), and Pennsylvania (14 attacks)
Should We All Quit?
In response to such alarming reports, it is no wonder that many cybersecurity executives are throwing their hands up in despair. Some want to quit altogether. A better solution is to bring in outside help. MSSPs can share the burden with enterprise IT and help solve the staffing and ransomware crises. Security duties can be handed off to MSSPs such as vulnerability management, endpoint detection and response (EDR), backup and recovery, and even Security Operations Center (SOC) services.
Syxsense offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage. Syxsense also offers an MSP/MSSP program with a world-class platform that features an orchestration and automation engine to scale business without adding costs.
For more information visit www.Syxsense.com