In May 2017 the global ransomware attack Wannacry hit over 200000 computers worldwide. It used an exploit developed by the US NSA, leaked by a hacker group in advance. The attack hit 150 countries, with total damages ranging from hundreds of millions to billions of dollars. Microsoft had released patches previously to close the exploit (two months before the attack!). Still, much of WannaCry’s spread was from organizations that had not applied these or were using older Windows systems that were past their end-of-life. WannaCry also took advantage of installing backdoors onto infected systems.
Later in 2017 and even in 2018 attacks using the same vulnerabilities were launched. They have hit the Windows not updated even after the initial attack. And this is just an example of a cybersecurity attack. The list is long. The solution was simple yet not implemented.
So why don’t people update their Windows operating systems or their software in general?
Answers could be: compatibility between installed software and the latest patches, lack of information and knowledge about cybersecurity or they are just comfortable. People think they do not want to fix what it seems to work and this is how they become victims of cyber-attacks.
Our job as a managed service provider is to take away the compatibility pain and keep the customer in the comfort zone while its infrastructure is being updated and secured.
It is the job of the SMB manager to be aware of the risks of cybersecurity, and the MSP/MSSP should provide such knowledge to them.
Even the authorities are trying to help the small and medium business segment creating awareness and best practices guides. The Canadian Government issued the “Get Cyber Safe Guide for Small and Medium Businesses” – designed to support owners or managers of small or medium businesses understand the cybersecurity risks they face, and provide them with practical advice on how to better protect their business and employees from cybercrime (Source: https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/index-en.aspx). We will be referring this guide in our future posts but we highlight now the Software Security aspect. Quote: “Your business’s cybersecurity is only as good as the software you use. In fact, if you make all of your software secure, a large number of security threats will be reduced or resolved.” And it continues with “Apply security updates to your software as soon as they are available from the developer.”
If an SMB uses a Managed Service Provider or a Managed Security Service Provider It is the provider responsibility to have the software up to date and patched at its latest versions. The managed infrastructure updated, together with a comprehensive network, endpoint, cloud & mobile security will protect your organization, eliminating the risk and liabilities of cyber-threats as the ones mentioned above.