Long before cybersecurity had entered our vocabulary, I have a distant memory of my first computer virus. I’ve forgotten the specifics other than I needed a professional to remove it and make my computer work again. That was long enough ago that I didn’t have to worry about anyone stealing my personal information or worse. Today, retrieving emails and navigating the online landscape is like walking through a minefield. You never know when you’re going to get got.
Recently, ConnectWise released its annual MSP Threat Report, which analyzes key security incidents of the past 12 months to provide technology solutions providers (TSPs) with guidance for the upcoming year. According to the company, to protect SMBs, it is essential to inform TSPs about the evolving threat landscape so they can stay well informed and practice proactive cyber defense strategies.
How does ConnectWise do this? Its Cyber Research Unit analyzes half a million cybersecurity incidents that affected IT solution providers and their clients. The analysis focuses on identifying the most targeted vulnerabilities, such as the implications of Windows Server 2012 end-of-life and includes a comparative analysis of common tactics used by threat actors between 2022 and 2023.
“The 2024 MSP Threat Report findings reveal the heightened risks stemming from outdated software, vulnerabilities associated with remote work environments, and the alarming surge in the frequency and impact of ransomware attacks,” said Raffael Marty, executive vice president and general manager, cybersecurity at ConnectWise, in a press release. “These mission-critical challenges demand immediate attention from TSPs as they gear up for the upcoming year.”
One of the most significant trends identified in the report was the rising number of drive-by attacks where victims are lured to malicious websites through techniques such as search engine optimization (SEO) poisoning and “malvertising” (the distribution of malware through online advertisements).
According to ConnectWise, standard cybersecurity defense posture operates under the assumption that an attacker will proactively reach its target and engage with it within a given threat surface. However, the 2024 MSP Threat Report uncovered that during 2023, there was an increase in malicious activity using a different delivery approach in which threat actors place themselves so that victims proactively come to them. Also notable is the report’s analysis of ransomware trends, which revealed a 94% increase in ransomware incidents in 2023 compared to 2022.
Scanning the report—which admittedly makes for a challenging read unless you are a computer geek or have a much higher IQ or attention span than me—at the very least, it’s obvious there is a clear and present danger and that awareness of these threats is critical. Because of the complexities of cybersecurity, it makes me wonder in a Led Zeppelin Stairway to Heaven kind of way why any office technology dealer offering managed IT services would want to take their chances and offer cybersecurity services. It also makes me wonder why they wouldn’t since the need for these services is expected to grow exponentially, leading to lucrative opportunities.
This month, we have several cybersecurity and managed IT articles, which will hopefully increase your awareness about topics such as cyber insurance, starting a managed IT business, scaling up your managed IT operations, and using managed IT to secure new customers.
In the meantime, don’t click on anything I wouldn’t.