Indirect damage: Why service providers should care about customer security
This year witnessed the further spread of the disease we call ransomware. After seeing the profitability of this “revenue stream” in the consumer segment, cybercriminals are moving ever deeper into the business segment, looking for the most vulnerable victims.
Several cases of data encryption followed by extortion have been documented in a new sector, where vital services such as healthcare have been targeted in recent months. The infamous case of Hollywood Presbyterian hospital demonstrates how suffering a ransomware attack can cause direct financial losses – in this case $17,000 in BitCoins – as well as reputational damages.
After seeing the attack scenario repeat itself multiple times throughout 2016, it’s fair to assume that healthcare is only an initial interest of cybercriminals, and other business sectors will likely follow. According to FBI estimates, ransomware is on track to become a $1 billion a year criminal enterprise by the end of 2016.
However, ransomware is not the only cyberthreat businesses have to face today. Just recently, ESET reported on Retefe malware which targeted customers of various banks mostly in Switzerland, Austria, and the UK. By redirecting clients of these banks to fake or modified banking webpages, it attempted to harvest login credentials and misuse this information for malicious purposes.
Despite the fact that MSPs might not be first-line targets in such cases, they can take the hit indirectly as the providers and operators of IT services for banking or health care clients. All the potential losses and the burden of extensive IT support generated by a malware attack is theirs, and thus, their responsibility to solve.
Offering reliable security solutions from a respected security vendor can be the difference that helps MSPs and ISPs build their brand as responsible partners able to handle cyber security threats and reinforce a perception of expertise, as well as provide high quality services in the field.
Article by Ondrej Kuboič, welivesecurity analyst