Heading into 2019, ransomware remains the most common type of malware targeting your customers; some form was found in 39 percent of malware-related data breaches, according to Verizon’s annual Data Breach Investigations Report. And while some attackers are moving to cryptomining, cybercriminals employing ransomware are getting more targeted, creative and devious, introducing ransomware-as-a-service models and taking aim at particular verticals, like health care and government. Despite increased efforts from IT security teams to thwart attacks, Cybersecurity Ventures has predicted that damages will exceed $6 trillion by 2021.
What goes into that figure? There’s the cost of the ransom itself, of course, but the financial implications don’t end there. Profits and productivity are affected every minute that employees can’t access mission-critical information. Even when systems are back up and running, the negative impact to the business often continues. Once customers are affected or the press gets wind, the impact of an attack can snowball into an even bigger crisis. Take the recent Ticketfly attack, for example. The company was forced to take its systems offline after a ransom demand, which severely affected both venues and ticket buyers. The systems were down for several days, resulting in an onslaught of negativity around their cyber preparedness levels. This incident may have a long-lasting impact on Ticketfly’s profitability and ability to maintain client trust.
Unfortunately, there’s no silver-bullet solution to defend against all the different ransomware variants, though a set of solid best practices can make customers much safer. In addition, partners should seek out vendors that currently collaborate with, or are open to working alongside, other organizations to improve their products or services. Take a hard look at any supplier that says its products are all you need to protect customers. Collaboration is key, particularly between data protection and IT security providers.
Who’s Responsible for What?
Service providers can help their customers avoid Ticketfly’s fate by first helping them understand the differences between a data protection and an IT security provider. While they are closely connected, the terms are not interchangeable. IT security involves a combination of techniques and technologies for defending company assets. This can include security-awareness training and simulated phishing attacks as well as traditional security measures including encryption, key management, firewalls, passwords and much more.
Data protection safeguards corporate information through data backup and replication. Having a combination of these two technologies can help ensure networks are defended against malicious cybercriminals, while also making sure data is backed up so it’s still available in the event of a natural disaster or good old-fashioned system failure.
Work with vendors that understand their offering is only one part of a comprehensive security plan, and are willing to work with you to identify compatible vendors/partners to provide a more holistic solution for end-user customers. In doing this, you ensure you’re offering clients a seamless user experience and improved IT resiliency. Customer expectations are higher than ever, and it’s become just as – if not more – important to deliver a consistently positive experience.
In our experience, line-of-business decision-maker expectations don’t necessarily match up with their IT team’s ability to deliver high availability; therefore, IT leaders will be looking to partners for …