Category Archives for "Managed Services News"

May 01

Remote Working Challenges Aplenty for Cybersecurity Pros

By | Managed Services News

Nearly all cybersecurity pros are working remotely full time.

Nearly all cybersecurity pros are working remotely due to the COVID-19 pandemic. And many no longer focus on their normal tasks.

That’s according to ISC2‘s latest survey of 256 cybersecurity professionals. They shared insights into how their work has changed during the first several weeks of the pandemic. Remote working challenges are common.

Eighty-one percent said their job functions have changed during the pandemic, with 90% of cybersecurity pros working remotely.

Nearly half, most of whom are cybersecurity pros working remotely, are not doing some of their typical security duties. Instead, they’re assisting with other IT-related tasks like equipping remote workforces.

Fifteen percent said their teams don’t have the resources to support remote workers.

“COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home (WFH) before most organizations were really ready; chaos caused by technical issues plaguing workers not used to WFH; panic and desire to ‘know more’ and a temptation to visit unverified websites in search of up-to-the-minute information; remote workforce technology supported by vendors driven by ‘new feature time to market’ and not security; employees taking over responsibilities for COVID-19 affected coworkers (unfamiliarity with process); and uncertainty regarding unexpected communication supposedly coming from their employers.”

ISC2's Wesley Simpson

ISC2’s Wesley Simpson

To find out more about cybersecurity pros’ remote working challenges, we spoke with Wesley Simpson, ISC2’s COO.

Channel Futures: What were some of the most surprising survey findings about remote working challenges?

Wesley Simpson: Learning that nearly half of cybersecurity staff have been reassigned to IT tasks was what surprised us most, especially as 81% indicated their organizations have categorized security as an essential function during this pandemic.

CF: With nearly half of cybersecurity pros being reassigned to IT, is that leaving more organizations vulnerable to cyberattacks? If so, why?

WS: Twenty-three percent of respondents indicated their organizations are seeing an increase in security incidents, at a time when nearly half of these respondents are being pulled into other areas of IT. This kind of situation is obviously not ideal or sustainable for keeping organizations protected. This is magnified by the fact that 34% of respondents said they have the resources they need to support a remote workforce, but only for the time being.

CF: Do remote working challenges for cybersecurity pros put them at a disadvantage when compared to onsite? If so, why?

WS: While 10% of the respondents to our survey said they are still going into the office, the rest say they are working remotely and did not indicate being at a disadvantage, although we did not ask them specifically about this. Fortunately, cloud technologies and VPNs make it easier for cybersecurity tasks to be handled from remote locations, but I don’t think anyone would go as far as to say that this situation is ideal.

CF: Can MSSPs and other cybersecurity providers help ensure optimum security during this difficult transition?

WS: Our survey doesn’t cover how organizations are using third-party support during this time, but I would imagine that as cybersecurity staff are being repurposed with IT tasks, organizations may be looking to MSSPs to help fill the gaps.

CF: Does the ongoing cybersecurity talent shortage play a role in these remote working challenges?

WS: Absolutely. Our 2019 Cybersecurity Workforce Study showed that there is a shortage of more than 4 million trained cybersecurity personnel globally, and I think that unfortunately, for those companies that were not already fully staffed in their security departments before COVID-19, this pandemic has likely put even more stress on their programs.

CF: Are there any indications that cybersecurity eventually will catch up to this new normal? If so, how?

WS: We’re still in the early stages of this situation, and no one knows exactly how long it will last or what the new normal will look like. But if I had to bet …

Apr 30

Swimlane Revamps Channel Partner Program for Long-Term Growth

By | Managed Services News

The Swimlane channel partner program targets VARs, distributors, SIs and SSIs.

An updated Swimlane channel partner program will help partners grow a profitable security orchestration, automation and response (SOAR) business.

The Insider channel program aims to generate long-term partner growth. It includes key strategies like competitive discounts, specializations for service delivery, managed services and more.

Earlier this month, Swimlane acquired Syncurity, an organization focused on security incident response and case management.

The Swimlane channel partner program targets VARs, distributors, SIs and SSIs.

Andy Duewel is Swimlane’s vice president of global channels. He said Swimlane’s previous program enabled grassroots expansion.

Swimlane's Andy Duewel

Swimlane’s Andy Duewel

“However, with recent overall company growth and channel investment, we needed to revamp the program to scale for growth,” he said. “We not only needed a new program to better align our partnerships and help us through the next phase of growth. We also needed a two-tier program to incentivize our partners to position Swimlane more. Our goal is to protect our partners through an appropriate deal registration structure as well as incumbency protection on renewals.”

The new Swimlane Immersion Program gives partners advanced training and certification to make them more knowledgeable.

“We sought advice and input from a few strategic partners,” Duewel said. “We wanted to fully understand what they value in a channel program. Our goal was to make the program simple to understand and easy to do business with, as well as offer structured sales and technical enablement while providing favorable margins for our partners.”

COVID-19 has driven a new way to do business remotely by doing more with less, he said.

“Swimlane is positioned favorably in the market today due to the fact we help our partners and customers be more efficient in the way they operate,” Duewel said.

“As one of Swimlane’s strategic partners, we’re thrilled they’re rolling out a new, formalized partner program,” said Chuck Crawford, Fishtech Group‘s co-founder and CCO. “By enhancing their offering while launching a new training and certification program, Swimlane is showing their commitment to the channel. And it’s exciting to see them grow and evolve as a leading SOAR company.”

Other Swimlane partners include Merlin, Optiv, Spectrami EU and SSS IT Security Specialists.

Apr 30

COVID-19 Lifts Microsoft Teams Usage, Boosts Windows Virtual Desktop Demand

By | Managed Services News

Microsoft Teams usage continues to rise sharply as COVID-19 forces millions of people to work from home.

Likewise, new remote work scenarios are lifting demand for Microsoft’s Windows Virtual Desktop, Dynamics 365 and its other cloud services.

More than 75 million workers now use Microsoft Teams, a figure that has nearly doubled since early March. Microsoft revealed the latest figures yesterday with its third quarter earnings report.

During the period ending March 31, Microsoft posted revenues of $35 billion, a 15% year-over-year increase. That beat forecasts of 10% growth. Microsoft’s $10.8 billion profit represented a nearly 11% increase.

Microsoft's Satya Nadella

Microsoft’s Satya Nadella

“As COVID-19 impacts every aspect of our work in life, we have seen two years’ worth of digital transformation in two months,” said Microsoft CEO Satya Nadella, speaking during the company’s earnings call with analysts. “We are working alongside customers every day to help them stay open for business in a world of remote everything. There is both immediate surge demand and systemic structural changes across all of our solution areas that will define the way we live and work going forward.”

Microsoft Teams usage was already growing steadily before COVID-19 required employees who don’t provide essential services to work at home. During its last earnings report in January, Microsoft counted 20 million Teams users, up from 12 million last summer. By early March, as much of the world economy started to shut down, the user count jumped to 38 million. A week later, Microsoft Teams usage spiked to 44 million.

Having nearly quadrupled since the beginning of this year, Nadella said Microsoft Teams usage was 4.1 billion minutes this month. The number of organizations integrating line-of-business apps from partners with Teams has tripled during the past two months.

Microsoft Teams usage could rise, because the chat and communications tool is included with all commercial SKUs of Office 365. Microsoft reported its latest tally of commercial Office 365 subscriptions is now up to 258 million.

Dynamics 365 and Windows Virtual Desktop Growth

Revenue for Dynamics 365 grew 47% year over year, lifted by demand from companies that quickly needed to shift to remote operations.

“Dynamics 365 is helping thousands of organizations accelerate digital transformation as they remote every part of their operations, from manufacturing, to supply chain management, to sales and customer service,” Nadella said. “[That’s] inclusive of new scenarios like curbside pickup contactless shopping, remote customer assistance and operations.”

The shift to remote work has also increased demand for Windows Virtual Desktop, which Microsoft released last fall. The company didn’t reveal specific figures. But in a webinar today, Microsoft corporate VP Brad Anderson said demand has exceeded the company’s forecasts.

Microsoft's Brad Anderson

Microsoft’s Brad Anderson

“What we’ve seen with Windows Virtual Desktop is just an explosion in the use way beyond any of our expectations that we had mapped out for our entire fiscal year,” Anderson said.

Headwinds from COVID-19

COVID-19, which has decimated many businesses, has been a mixed bag for the tech industry. AMD, IBM and SAP are among those that have reported weaker revenues or outlooks. Intel, however, which had a strong quarter, issued a weak outlook. Google on Wednesday reported weakness in its core ad-supported search business. But Google Cloud revenue of $2.8 billion was up 52% and YouTube revenue of $4 billion grew 33%.

Overall, Microsoft’s business has fared better than most during the COVID-19 crisis, though the company isn’t entirely immune from headwinds. CFO Amy Hood said transactional business across all of its segments slowed, notably from SMB customers. Also, consulting projects that were put on hold led to weaker enterprise services business. Microsoft’s LinkedIn Talent Solutions business also saw a slowdown in renewals, as a result of the weak job market.

Despite economic worries, Hood said Microsoft will continue to build out its cloud services.

“We will continue to provide increased support to our customers and partners as they navigate the uncertain future ahead, deepening our engagement and adding increased value,” she said.

Apr 30

5 Ways MSPs Can Optimize Security Spend

By | Managed Services News

To optimize security spend, avoid IT budget cuts with long-term implications and risk.

Today’s business environment is creating unprecedented financial challenges for MSPs and clients alike. Your executives may ask you to justify your IT and cybersecurity budget, or even provide cost-cutting recommendations. Your response to requests to justify security spend directly impacts the bottom line and sets the stage for the future.

Here are five steps to optimize your IT security spend for short and long-term impact:

  1. Consolidate your tools: Reduce tool sprawl by convergence of single-function technology and consolidation without compromise. Spending on comprehensive IT security solutions can offer greater data protection at a lower cost than legacy systems and applications. If you staff a security operations center (SOC), include automation and machine learning (ML) to minimize alerting and false positives, or use SOC-as-a-Service (SOCaaS) to augment your cybersecurity expertise.
  2. Shift expenses to operating expenses: Organizations can move purchases for new long-term cybersecurity assets like software that are often considered capital expenditures (CAPEX) to ones that are for software-as-a-service (SaaS). SaaS-based purchases such as SOC-as-a-Service are operating expenses (OPEX) incurred to run the business. OPEX purchases are often viewed as more scalable and simpler for internal budget approval.
  3. Minimize the attack surface: Assess whether there are benefits to consolidating your technology solutions and streamlining your vendor bench; minimizing vendors saves time and money. Consider a new sourcing initiative with a vendor that provides a holistic cybersecurity platform with more all-in-one capabilities.

+ + + + + + + + ++ + + + + + + + + + + + + + + + + + + +++ + + +++++++++++++++++++++++++++++++

“Prepared organizations emerge from crises stronger and more competitive.”

                                                Max Hammond / Senior Director Analyst
                                                Gartner, Inc.

+ ++ + + + + + + + + + + + + + + + + + + + + + + + ++ + + + + ++ ++++++++++++++++++++++++++++

  1. Invest in a well-tuned SIEM solution: A co-managed security information and event management (SIEM) solution catches advanced threats that pose a financial risk to you and your clients, and also identifies suspicious internal behavior that could pinpoint areas for improved processes and productivity.
  1. Augment your internal expertise: Sophisticated adversaries continually morph their techniques to evade detection. It can be challenging, however, to master all aspects of cybersecurity. A lack of 24/7/365 visibility increasingly puts you and your clients at risk. SOCaaS controls costs and resources while simplifying day-to-day management and maximizing cybersecurity coverage.

Learn more in the Netsurion blog “ IT Security: How Much Should You Spend” to understand how to balance risk management and business growth.

It’s important to strike the right balance between reactively cutting costs and proactively preparing for business ramp up and recovery. Assess your existing IT and cybersecurity spend while looking for short- and long-term savings as you enable future growth initiatives. Learn how SOCaaS from Netsurion increases cybersecurity and saves money.

This guest blog is part of a Channel Futures sponsorship.

Apr 30

Setting up Your Remote Workforce for Long-Term Success

By | Managed Services News

Suddenly, a remote workforce isn’t the outlier, it’s the norm. The organization’s processes, culture and tools must adapt accordingly.

There’s a big difference between employees occasionally “working from home” and having a true remote workforce.

In the first case, you need a VPN, company-issued laptops, a conference call number or two, and some basic ground rules. In these cases, it’s the exception, not the rule. But when a company fully embraces remote work–which many firms are suddenly finding themselves doing whether they wanted to or not–there are additional considerations. Suddenly, remote workers aren’t the outlier, they’re the norm. And the organization’s processes, culture and tools must adapt accordingly.

For MSPs, the recent switch to remote work in light of COVID-19 was either jarring and disruptive or it was more of a natural evolutionary step in its flexible approach to work. Either way, turning the new reality into a workable, long-term solution requires some tweaks–if not wholesale changes–in how MSPs run their day-to-day operations.

Properly Equipping Your Team

Remote workers can’t be expected to do their jobs day after day with an inappropriate home setup. Working in bed might be fun for a day or two, but it’s no way to live for months on end.

To be successful, you must ensure your team is kitted out with what they need to ensure maximum productivity. Everyone has a professional-grade laptop or desktop setup, including a monitor they won’t mind staring at for days on end. And while you may not have the budget for home office furniture, encourage everyone to create a dedicated workspace providing them with proper ergonomics in as quiet of an environment as possible.

Beyond the “stuff” they’ll need to do their jobs, the remote workforce also need guidance and protocols around how to work remotely and their employer’s expectations. Whether it’s mutually agreed upon working hours, a dress code for videoconferences or ensuring redundancy in case someone gets sick, MSPs shouldn’t take it for granted that everyone will approach long-term remote work the same.

There’s obviously a need for flexibility, but that shouldn’t come at the expense of professionalism or productivity. Having those conversations early on and periodically checking in with staff during the transition is crucial to avoiding bad habits from setting in. A refresh or additional training around security protocols may also help reinforce things.

Getting Comms Squared Away

Communication is going to be critical during this period, so workers need a reliable system for staying in touch with colleagues and customers. If possible, they should be using the business phone system and having calls forwarded to their remote office. They should also be able to check their voicemail remotely.

To ensure they sound professional, they should be using headsets. Even better, a dedicated VoIP phone line can create some separation from personal calls and device usage, not to mention superior audio quality.

Videoconferencing and screen sharing are also paramount during these times, so make sure there’s a solution in place supporting these functions. It not only helps with maintaining human relationships, but also makes it much easier to support customers struggling with their own remote work IT challenges.

Securing Client Systems

Depending on the nature of their business, many customers might not have embraced working for home before recent events. Even those who did might have still expected certain staff to always be onsite, which is no longer the case.

Opening up what used to only happen in the office to a fleet of remote workers requires a new level of discipline regarding security and remote monitoring. MSPs should be sure clients have proper defenses in place to defend data and systems while allowing seamless access to those requiring it.

Multifactor authentication is imperative given how many employees will be logging in from unfamiliar devices, as is secure VPN access to servers. And any device a remote employee uses for work should be running current operating systems, applications and browsers, along with having the latest security patches and upgrades installed.

Some people also need remote access to systems that can’t leave the office. In these cases, MSPs can use endpoint management tools to easily enable those workers to do so from their devices at home. Creating automated scripts for common tasks like these will streamline the client support process.

But beyond the technical infrastructure, clients also need

Apr 30

New Red Hat CEO Thrives on Channel Partner Relationships

By | Managed Services News

Paul Cormier has seen a lot of change in the world of open source and Linux since joining Red Hat in 2001.

In his 19 years at Red Hat, Paul Cormier is always focused on channel partner relationships. And now, as CEO since April 6, Cormier stresses that the channel continues to fuel Red Hat’s steady growth.

Cormier arrived as the company’s VP of engineering 19 years ago, and later became president of products and technologies. He has watched the company transform from a startup into a goliath in the world of open source software. And in many steps of that path, Cormier has had a leadership role in making things happen. The company has grown dramatically from its start as a Linux vendor to offering a wide range of enterprise applications. Today that includes platforms for cloud, Kubernetes, storage, middleware, virtualization and more. The company’s $34 billion acquisition by IBM in July 2019 has been a huge boost as well.

Red Hat's Paul Cormier

Red Hat’s Paul Cormier

In a Q&A with Channel Futures, Cormier speaks about his new roles as CEO and president and about what he sees in the future for Red Hat, its partners and customers. Cormier succeeds Jim Whitehurst as Red Hat’s CEO. Whitehurst left Red Hat in April to become the CEO at IBM. Cormier was employee No. 120 at Red Hat when he arrived 19 years ago.

Channel Futures: You’ve been working for the company since the days of the early LinuxWorld conferences back in 2001. What’s this journey been like for you? Did you expect to be CEO one day?

Paul Cormier: When Jim Whitehurst came in 12 years ago as CEO of Red Hat, we talked about it. Jim was coming from Delta Airlines, an airline guy. Jim and I forged a really good partnership. He brought things to the table that he was better at and I brought things to the table that I was better at. And look where it got us. But this time, for this change, IBM has been incredible in terms of understanding why we need to be independent and how to be independent. Especially Arvind Krishna, IBM’s new CEO. Arvind was really the architect of the deal. And he and I worked on it really early. So, at this point in time to make the change, to make sure that it really gets solidified inside IBM, it had to be a Red Hatter to [succeed Whitehurst as CEO].

CF: Red Hat has been a huge partner with the channel for a long time. What is your approach to channel partner relationships?

PC: The channel is what made Red Hat. The key to the success of the company was Red Hat Enterprise Linux (RHEL). When I first started, we had a retail Linux product we sold in bookstores. Bob Young started the company by selling Linux CDs out of his trunk and his flea market. I’m not kidding. And when I came in, the banks on Wall Street were starting to use Red Hat Linux. I went and talked to them, and some of the feedback I got was that it’s great, but there are no ISVs and no partners who know how to do service or who can help configure, install and architect it. They said they didn’t know where it was going, that there was no life cycle. We later solved all those problems when we introduced RHEL.

CF: What helped move things forward?

PC: One of the biggest problems was building an ecosystem around it. And that ecosystem is what made us successful. The first channels were the OEM partners: Dell, HP, IBM. All the OEM partners were really the first channel partners. Then we started to get smaller channel partners that could actually build …

Apr 30

Barracuda: reCaptcha Test New Weapon in Phishing Scams

By | Managed Services News

Working from home may increase the risk of being tricked by this technique.

More cybercriminals are using the reCaptcha test to their advantage in their phishing campaigns. That’s the test that ensures you’re not a robot before logging onto a website or submitting a form online.

Barracuda researchers say malicious hackers are using the reCaptcha test to block URL scanning services from accessing the phishing page content. Legitimate companies use the Google service to deter bots from scraping content.

The researchers uncovered one campaign with more than 128,000 emails using this reCaptcha test to obscure fake Microsoft login pages.

End users are familiar with solving reCaptcha tests. Therefore, malicious use of a real reCaptcha wall lends more credibility to the phishing site.

Jonathan Tanner is senior security researcher at Barracuda. He said the phishing masked by reCaptcha can put businesses of any size at risk.

Barracuda's Jonathan Tanner

Barracuda’s Jonathan Tanner

“It mainly aims at defeating automated URL scanning services from protecting users from receiving the phishing emails,” he said. “So, regardless of whether or not the company utilizes such security measures, the users would receive the same phishing attempts. If anything, it seeks to bring larger or more well-funded (in terms of security) businesses to the security level of those without such security measures. This specific phishing campaign was aimed at users of Microsoft mail products, which are used by companies of all sizes.”

The phishing emails used in the Microsoft campaign claim the user has received voicemail. The bad actors redirect users who solve the reCaptcha to the actual phishing page.

The phishing page spoofs the appearance of a common Microsoft login page.

It’s not clear whether the page’s appearance matches the user’s legitimate mail server. However, using some simple reconnaissance, the attacker could find this sort of information to make the phishing page even more convincing.

Working-from-Home Risk

People working from home might be more vulnerable to this technique, Tanner said. Network-based web traffic defenses won’t protect any user solving the reCaptcha, he said.

“The most likely detection and prevention method for this campaign would be detecting the email content itself as phishing, which would likely be in place regardless of whether the user was working remotely or not,” he said.

Some solutions that MSSPs and cybersecurity companies offer could help mitigate this attack, Tanner added.

“The best places to detect this sort of attack are through the email content itself (not relying on the URL, but rather the wording and headers of the email) or through analysis of all URLs users visit (should a user click through),” he said. “While the reCaptcha adds a layer of sophistication when it comes to evading URL analysis, the content of the emails reads like standard email phishing attempts, and could likely be detected by email protection capable of identifying such content as malicious.”

There are a number of techniques available to help distinguish phishing sites from legitimate ones, Tanner said. There may be subtle differences in content or structure that could be detected. However, this would require knowing all versions of legitimate pages being served, he said.

“This is perhaps why Microsoft email logins specifically are targeted so often despite actually trailing Gmail for Business in market share,” he said.

Apr 30

Cloud Data Management Report: Backup for What’s Next

By | Managed Services News

Building strong digital foundations that center on data availability is vital to the future of every organization.

Unfortunately, many businesses recognize that they still are unable to meet users’ demands for uninterrupted access to applications and data. This gap is causing business-critical challenges, from damage to customer confidence and brand integrity, right through to losses of hundreds of thousands of dollars an hour.

This 33-page report explores how businesses worldwide are approaching data management, the most common challenges with backups and availability, and the lessons leaders can learn from how high-performing businesses are using data as they continue to transform.

So, as businesses take the next step on their digital journey, we’re offering a blueprint for how each organization can get the foundations right and become a more intelligent business.

Sponsored By: 

 

 

 

Apr 30

Accenture, CentriLogic Cloud Deals Represent Way to Thrive Amid COVID-19

By | Managed Services News

The two channel-centric companies have snapped up firms that help them grow, even – or especially – during a pandemic.

This month, two channel-centric companies with global presences – Accenture and CentriLogic – announced cloud acquisitions. While the deals were in the works prior to the coronavirus pandemic, they still signify that COVID-19 may not have the power to slow partners or vendors focused on next-generation technologies.

Indeed, if estimates from research firm IDC stay on target, cloud is the silver lining as the world works to survive an unprecedented economic threat. The transactions recently made public by Accenture and CentriLogic represent a small, yet positive, part of that new reality.

On April 20, Ireland’s Accenture, a worldwide professional services firm, said it has secured Paris-based Gekko, an Amazon Web Services consultancy, as its latest purchase. Accenture is an AWS premier consulting partner.

Then, on April 21, Canada’s CentriLogic, a managed IT solutions provider that also sells through fellow partners, said it has snapped up ObjectSharp. Headquartered in Toronto, ObjectSharp is a cloud-native development and application services firm specializing in Microsoft Azure; CentriLogic is a longtime Microsoft gold partner.

Neither CentriLogic nor Accenture disclosed the financial terms of their respective transactions.

Of interest is that the spread of COVID-19 still did not impede the timing of these acquisitions. That’s namely because enterprises, SMBs, nonprofits and other organizations throughout the world now need cloud technologies more than ever.

Robert Offley, CEO of CentriLogic, agreed.

CentriLogic's Robert Offley

CentriLogic’s Robert Offley

“COVID-19 has thrust all businesses into practically overnight digital transformation,” Offley told Channel Futures. “We experienced this beginning in the second week of March, when most metropolitan areas in North America went into shelter-in-place mode and, hence, created a work-from-home imperative. That very first Friday, CentriLogic had numerous customers approach us with a need to provide them with expanded infrastructure and upgraded security to prepare them for the transition.”

Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup.

One customer immediately tapped the MSP and data center provider to help it support 850 employees working from home. That’s 800 more than it was equipped to handle. Bringing on ObjectSharp during the COVID-19 pandemic will only make other such deployments smoother, Offley noted.

Accenture was reluctant to talk about if it is steering more or fewer cloud deployments during the spread of coronavirus. The company is traded publicly.

“We’re working to help clients outmaneuver uncertainty with very fluid changes daily so it won’t be appropriate to make projections about our business,” Cédric Le Yeuc’h, managing director at Accenture Technology in France and Benelux, told Channel Futures. “We need to look at this with a human and business lens more than ever.”

With that in mind, Accenture is keenly aware of the need to help clients achieve resilience. And cloud will prove critical to that capability.

“The cloud offers the best solution to scale system resources as required,” Le Yeuc’h said. “The cloud also helps by enabling the deployment of instant innovation and aligning technology costs to rapid fluctuations in demand.”

For example, he added, the Singapore government used cloud architecture to …

Apr 30

Microsoft Reduces Cybersecurity Risk with ‘Patching People’ Strategy

By | Managed Services News

Microsoft’s aim at human-operated ransomware campaigns points to new opportunities for MSSPs.

Microsoft is taking aim at human-operated ransomware campaigns. The company offers analysis of such attacks in a new blog and recommends mitigation efforts with a “patching people” strategy.

The Microsoft Detection and Response Team (DART) offers insights on precisely where defenders should look to prevent these attacks.

Lucy Security's Collin Bastable

Lucy Security’s Collin Bastable

“A strategy of patching people by simulating ransomware attacks on staff and running ‘what if’ system tests to identify systemic vulnerabilities would be far more effective in reducing damage from ransomware attacks than solely focusing on plugging holes below the IT waterline after a hit,” said Colin Bastable, CEO of security awareness training company Lucy Security.

A pronounced patching people strategy also expands opportunities for MSSPs that provide phishing awareness and other training programs for employees at their clients’ companies.

“They say that threats are opportunities in disguise. Many IT security people regard non-IT folks as part of the problem,” said Bastable. “CISOs need to treat their colleagues as potential allies in the fight against cybercrime, engage HR, department heads and make the whole organization defense-ready.”

Microsoft DART noted an uptick in ransomware attacks during the first two weeks of April. The attacks primarily targeted health care critical services but were not limited to the sector.

Microsoft is telling its customers how to use its technology to mitigate the attack after it has happened, and this is very sensible for a technology company. Preventing what they define as ‘human-operated ransomware campaigns’ in the first place requires a different, holistic approach, aimed at humans, because the attacks are designed and carried out using psychology and understanding human behavior,” said Bastable.

“Train people how to identify the socially-engineered attacks that lead to the delivery of ransomware. Over 90% of these attacks are initiated by email and often as part of a carefully thought out social engineering attack,” Bastable added.

Human-Operated Ransomware

All of these attacks used techniques associated with what Microsoft dubs as human-operated ransomware attacks. Microsoft notes these type of ransomware infections are at the tail end of protracted attacks, and recommends that defenders focus on finding “signs of adversaries performing credential theft and lateral movement activities” to prevent the deployment of ransomware.

Red Canary's Keith McCammon

Red Canary’s Keith McCammon

“Ransomware actors continue to leverage some textbook breach tactics – service and account discovery, lateral movement and widespread infection of endpoints – to maximize the impact and profitability of their operations. This underscores the need not just for better preventative controls, but for robust detection coverage, careful investigation, and proactive hunting for threats that others controls have missed,” said Keith McCammon, co-founder and chief security officer of threat detection and response specialist Red Canary.

Defenders face an ongoing onslaught of attacks, and new tactics and techniques are constantly necessary to thwart them. Monetary damages caused by cybercrime are expected to reach more than $27 billion by 2025, according to Atlas VPN estimates. The company also predicts that pandemic lockdowns this year are likely to act as “a catalyst for the biggest hacker attack outbreak to date.” MSSPs should therefore add a people patching strategy for those working at home to their services menu.

Atlas VPN says that in 2019, digital crimes that caused the most financial damages were business email compromise (BEC). Those accounted for more than half of the monetary losses that year, totaling $1.77 billion.

>