Managed Service Providers in the Era of Ransomware

We are living in the post-WannaCry era, last year, the said ransomware has caused an estimated $4 billion worth of global losses. Managed Service Providers had made a lot of business of fixing broken PCs due to WannaCry damage, remember those infected with WannaCry had their data encrypted and can no longer be recovered. An estimated 86% of IT Managed Service Provider’s clients had been an infected by ransomware.

The 2017 successful attacks of WannaCry had been an eye-opener for many firms. The lack of a credible backup facility and the lack of awareness of companies that are 100% dependent on their MSP to fix the issue after it happens instead of being proactive. MSP must change their ways of dealing with their clients, and promote proactiveness of security in the enterprise. Too many enterprises still see cyber defense spending as cost, a money drain for the company without realizing that underspending in cyber defense only attracts more trouble.

Virus infection itself is not very costly, as the computer can be re-imaged. However, the lost productivity of the employees, the delay of the deliverables and loss of trust by the customers are long-term damages a virus infection can create. People never forget a company with an episode of a cyber attack, a virus infection or phishing issue.

With the cloud-storage marketplace being filled with many reputable vendors, it is the time for MSP to persuade their corporate clients to take advantage of such high competition, by signing up with one reputable cloud-storage as a backup solution. Such backup solution can be deployed from a central server, with all critical shared folders backed-up in the cloud on a regular basis without the intervention of the end-user.

Businesses need to have a business continuity plan in the event of a cyber attack and other IT trouble. It is a document where everyone in the company from the board-of-directors to the lowliest staff member to follow, this is in order for the business objectives to retain the priority of the company. The business continuity plan includes procedures on how to handle the problem.

The MSP can help their corporate clients to create a business continuity plan. This needs to be highly integrated to the requirement imposed on the MSP, and their obligations on how to coordinate with the clients to solve an IT issue. A relevant IT spending is necessary to create a good combination of a reliable backup system and a business continuity plan. All companies that expect to serve an EU-citizen or operates in an EU-member states needs to double time, as they are under the jurisdiction of the GDPR law.

The GDPR law has a very strict policy of a 72-hour reporting requirement for all companies under its jurisdiction to report all incidents of a cyber attack, virus infection or phishing issue, any IT issues that may cause the customer’s data to be compromised or leaked to 3rd parties. SMEs in the business sector is on the front lines of being attacked by malware, Denial of Service and phishing, and these small businesses have the smallest cyber defense spending budget. MSPs need to provide affordable support packages, by shifting a high tier support for Fortune 500 companies to enable affordable support for the SMEs.