Last year, Panorays made its new years resolution to watch out for attacks leveraging third-party systems, predicting that this would be a growing concern for organizations throughout 2019.
Here at Atera, we’ve followed this issue throughout 2019, and we agree that it’s one of the biggest challenges of digital transformation and connectivity more widely.
Panorays continues to call out third-party vulnerabilities as a threat to stay aware of this year, and a few more big issues to keep your eyes peeled for, too. Here’s our round up of Panorays’ cybersecurity issues to be aware of in 2020, and what Atera does to meet these challenges ahead of time.
Automated Supply Chain Attacks
When smaller third-party companies hold data or manage services for large enterprises, they can often become the weakest link in the supply chain. That’s true for Managed Service Providers too, who are increasingly targeted by cybercriminals hoping to find an easy way through the backdoor to access enterprise data and customer credentials. Automated supply chain attacks allow attackers to make these kinds of moves at scale, escalating the threat to a greater degree than manual intelligence can keep under control.
In response to this risk, Atera recently mandated 2FA with authenticator app, to meet the industry standards, and protect against attacks that could be looking to leverage MSP access.
It’s important to be upfront about your access requirements and security expectations when you onboard with a new client, asking how they manage third-party access and suggesting improvements such as User Identity Access Management or a roadmap towards least privilege to protect you both.
Cloud Configuration Mishaps
Did you know that Gartner predict that through 2025, 99% of cloud security failures will be the customer’s fault? Storing data on the cloud is a relatively new process, and many companies simply make mistakes when they’re migrating and securing large amounts of information.
Patch management is really essential here, as gaps in cybersecurity will leave applications unprotected, and it can be hard to spot this kind of issue in a hybrid environment.
When it comes to fighting cloud misconfiguration, it’s really all about visibility. Look for an RMM that includes a whole suite of visibility and monitoring features. These could include root cause analysis, security alerts when metrics move away from baselines, remote access for quick time to resolution, and automation and scripting for controlled maintenance.
It may have started with GDPR in the EU, but CCPA is keeping the momentum going, and other states and governments are looking to follow suit. Data privacy is a hot topic that isn’t cooling down any time soon. Most organizations aren’t looking to act maliciously with consumer data, but at the same time – a large percentage aren’t ready to prove compliance in case of an audit, and don’t have the technology in place to protect customer credentials, or remove them if a user calls in their ‘right to be forgotten’. This is only going to increase throughout the next decade.
Reporting is an important element of proving compliance and establishing intelligent internal governance. When integrated within a strong PSA, you have an easy way to access all your customer information at a glance, including satisfied and dissatisfied customers.
Protecting customer data should be front and center of any security platform, which is why Atera is looking to give our own MSPs even more choice this year, adding to our Antivirus partners so you can choose the vendor that suits your specific business needs.
Cybercrime is an ever-changing reality, with new and advanced types of attacks hitting the headlines every month. We could never have imagined this time last year that AI would be used to forge videos and photos, with one attack highlighted by Panorays even impersonating the voice of an executive to successfully steal financial information.
Fighting against this trend means more than just being aware of AI-based crime. It means being ready for anything. Today it might be voice-based attacks, in the future it could even be video, or something completely out of our frame of reference.
This is one of the reasons why we chose to partner with Webroot for cybersecurity. The technology does not rely on known signatures, and instead protects against anything unusual. The Webroot platform has strong Identity and Privacy features, guarding against the latest phishing scams, even across a hybrid environment.
Protecting our MSPs in 2020 and Beyond
Whatever your fears are when it comes to protecting your own business and your customers in the year ahead, we’re listening. If there’s a feature set you’d like to see that we don’t currently offer, or if you have any other big ideas that can help your business grow from strength to strength – put them on the board!