News Feature | September 26, 2016

Help Clients Identify Best Practices To Address Phishing And Ransomware

Christine Kern

By Christine Kern, contributing writer

Ransomware Petya and Mischa

An Osterman Research white paper provides guidance for dealing with attacks.

With the proliferation of ransomware and phishing attacks disrupting business operations and costing thousands of dollars in losses, keeping your client’s networks and data secure is a top priority — and there are a number of security challenges you need to help businesses guard against.

VARs and MSPs can help protect their business clients by educating them on the best practices for dealing with such attacks. And enterprises need a new, holistic approach to security to combat this rapidly expanding threat.

A Webroot white paper offered 10 fundamentals for protecting customers from ransomware, while this webinar examines why security alone isn’t enough to combat ransomware. Now, an Osterman Research white paper provides additional guidance you can share with those clients.

A majority of all security concerns are directly related to phishing risks, according to a study from KnowBe4 and Osterman Research, but nearly 80 percent of those polled say they have seen no improvement in the ways they proactively approach phishing. In fact, one-third indicates the problem is actively worsening, as Business Solutions Magazine reported.

While the real financial impact of cybercrime in general and phishing and ransomware in particular are difficult to assess, the FBI estimates ransomware alone cost organizations $209 million in the first quarter of 2016. Both phishing and crypto ransomware are increasing at the rate of several hundred percent per quarter, according to Osterman Research, which forecasts the trend will continue for at least the next 18 to 24 months. Phishing and ransomware are among the top four leading concerns expressed by security-focused decision makers participating in Osterman Research’s survey.

To combat these challenges, security spending will increase significantly in 2017. However, the study found most organizations are not seeing improvements in the security solutions already deployed or in the security practices they currently follow. One challenge is the lack of expertise to improve performance of these solutions over time as attacks become more sophisticated.

According to Trend Micro, when it comes to ransomware protection, there is no silver bullet and protection must fall across four key layers to be effective including email, endpoint, network, and servers. “The bottom line is that it’s more important the ever to have a multi-layered approach to security for enterprises,” said Doug Cahill, senior analyst covering cybersecurity at ESG.

To help your clients reduce the potential for becoming victims of phishing and ransomware, share these best practices from Osterman, including implementing security awareness training; deploying systems that can detect and eliminate phishing and ransomware attempts; searching for and remediating security vulnerabilities in corporate systems; maintaining good backups; and using good threat intelligence. As an MSP or VAR, you can protect your business clients from ransomware and phishing attacks by understanding the threat and by having the right technologies, policies, people, and processes in place to counter them.