Cybercrime has increased as the rest of the world adopts technology solutions to run organizations successfully. Many organizations rely on managed service providers (MSPs) to help secure and run their technology. For this reason, MSPs have become a prime target for cybercriminals to exploit.
A former FBI cybercrime expert shared how MSPs that adopt a security mindset for their business, and the organizations they serve, can set themselves apart from competitors.
Understanding How Ransomware Affects Victims
Malicious software has been used by cybercriminals for decades as a main attack method against organizations. Although the types of malicious software have evolved over time, ransomware continues to be one of the most effective methods for bad actors. Ransomware allows these people to steal encrypted data and sell it on illicit marketplaces for monetary gains if ransoms are left unpaid.
One of the biggest questions that cybersecurity experts pose when faced with ransomware threats is: Do we pay the ransomware?
Scott Augenbaum, cybercrime prevention trainer, author and keynote speaker at CyberSecure Mindset, raised concerns about the root causes of ransomware problems for organizations during a CompTIA ChannelCon session called From Victim to Victor: Lessons for MSPs from a Retired FBI Special Agent. Instead of focusing on the decision to pay ransoms, Augenbaum recommends focusing on the vulnerability that caused the attack.
With past experience in the FBI’s cybercrime unit, Augenbaum said he’s seen organizations pay the ransom on a Monday in order to regain access to their data, only to be confronted with a similar incident within a short span of time after the initial attack.
A ransomware attack can cripple the critical needs of everyday citizens. For example, a hospital in Illinois was forced to close in 2023 after failing to recover after a ransomware attack on their systems in 2021. This, of course, can cause a ripple effect of issues where critical healthcare is hindered.
4 Cyberattack Realities
As the shift to online activities has increased, so have cyber threats to organizations. According to Augenbaum, ransomware attacks are only going to increase in volume and complexity. As a result, he recommends that organizations face reality and change their behavior.
He shares four important truths about cyberattacks that organizations should address as part of their internal security posture and incident response processes. These use cases come directly from his experience during his time with the FBI’s cybercrime unit.
1. Victims Don't Expect an Attack
When it comes to cybercrime, researchers and experts can only address the exploits and attack trends as they are discovered. However, Augenbaum says most of the ransomware victims he encountered “never expected to be available” to be attacked. In other words, most of the victims he encountered did not anticipate being a target of a ransomware attack.
The reality is that cybercriminals do not care about the type of size of an organization. They merely target an entity from which to steal money and data. Emphasizing the importance that any organization or individual can be a target of an attack is essential.
2. Prosecuting Cybercrime Is Complex and Difficult
Victims that have encountered a cyberattack have a hard time recovering assets. The chances of recovering stolen funds and data are low. Augenbaum says that he originally thought cyber would be much easier to check and prosecute.
"I believed all we had to do was get grand jury subpoenas and boom," he said. Cybercrime is a global issue and it can be challenging to prosecute when facing multiple countries with different laws in regard to making the punishment enforceable.
3. Law Enforcement Faces Challenges With Recovery Efforts
Similar to the issue of being difficult to prosecute, recovery efforts for stolen money and data is near impossible. This can be true both on a business level and a consumer level. Businesses can face the ramifications from a cyberattack in the form of lost revenue, data, fines and legal penalties that cut profits.
In extreme instances, it can permeate down to a consumer level by allowing personally identifiable information (PII) to be exploited. For example, if a consumer is defrauded out of a few thousand dollars, this can create emotional and financial harm that can be challenging to rectify.
4. The Majority of Attacks Are Preventable
It’s commonly known that attacks can derive from a multitude of human errors. This can include phishing and social engineering attacks. However, prevention of cyberattacks doesn’t always equate to more training and awareness, but the need for more effective security controls.
Augenbaum notes that during his tenure with the FBI supporting cybercrime investigations, he saw firsthand that 90% of the cyber-related crime cases he investigated were preventable. Consumers are not always tech-savvy or considered security experts, which means that it is up to many organizations and the vendors that they hold relationships with to better protect their customers.
Implementing a Proactive Security Culture for MSPs
Promoting a proactive security culture can be challenging for any organization, including MSPs. When it comes to security, it can be difficult to remain proactive. “That's why we have to start focusing on the entire prevention side,” said Augenbaum. “We have to focus on the core critical.”
Having a security mindset can be achievable by providing training and resources to technical and non-technical teams. MSPs that adopt a proactive security culture can also spread that culture of support to their clients as well. Proactive security cultures can also help educate and inform the everyday end users.
Organizations across the board should aim to examine and revise the behavioral changes of their end users to their security culture. This in turn can help better safeguard MSPs and their clients from the impacts of ransomware and other types of cyberattacks.
Looking to Embed Cybersecurity Into Your Culture?
Download a CompTIA whitepaper to learn how to get executive buy-in, create the right documents and processes and position yourself as a security-first company.