Solution providers should undertake a data protection strategy that includes both robust protection and backup efforts, according to Matti Kon, president and CEO of New York-based system integrator InfoTech. On the front end, Kon recommended that VARs and MSPs utilize firewalls, antivirus software and intrusion detection to do their best to stop hackers from getting in. But the efforts shouldn’t focus solely on prevention, Kon said.
Solution providers should also engage in both local and cloud backup so that end users can easily recover should a breach occur. Here are seven things solution providers should think about as they help their customers fight security threats.
Clients are listening and paying far more attention to security matters today than they did four or five years ago, according to Kon. “Unfortunately, people learn the hard way,” he said. Identify theft issues faced by business leaders in their personal lives helped push corporate security matters to the forefront, Kon said. With companies at last largely aware that they have a problem, Kon said businesses have become much more open to bolstering security by changing their procedures.
Kon emphasized that IT experts can only learn how to protect against a breach after it has successfully caused damage. “Every wall has a breach, and it’s only after there’s been a breach that we learn how a build the wall better,” he said.
While anti-virus companies have done a great job of detecting threats as quickly as possible, Kon said protection mechanisms can’t be formulated until the attackers have been successful once. “We can’t prevent penetration,” he said. “We can’t prevent viruses just as we can’t prevent disease in our biological lives.”
The average company suffering from a virus could have prevented it by keeping their anti-virus, malware or intrusion detection software updated, according to Kon. “Most of the penetrations are simple cases,” he said.
Viruses tend to circulate for at least two or three years, Kon said, meaning it’s essential for solution providers to ensure that customer systems and procedures are being kept up to snuff. In particular, VARs and MSPs should ensure that clients are using the latest version of their firewall or anti-virus software. “We all pay attention to the new stuff,” Kon said. “But people continue to get hit by the old stuff.”
To get companies into the mindset of defending against hackers, Kon strongly recommends penetration testing. Most large companies already conduct periodic penetration testing themselves or hire an outside company for that purpose, Kon said. Higher-level, higher-exposure companies will often conduct penetration testing on their systems as well, he said.
A basic penetration test will cost a couple thousand dollars, Kon said, while a more complex test will likely run six figures.
Containment is essential to preventing a successful attack from spreading, Kon said, and can be as simple as pulling an internet cable out of a device or closing systems that a company doesn’t promptly need to access.
Yet even a disconnected device can be vulnerable, Kon said, citing USB cards that spread viruses to computer terminals in Iraq. To defend against an infected USB card, Kon said companies can disable the cards or only allow them to be plugged into certain terminals. Ultimately, Kon said the effort is largely centered around anticipating and blocking potential security loopholes.
Both physical and cloud backups can help companies minimize damage in the event of a breach, Kon said. Kon encouraged solution providers to have their clients take a backup of their system off-site at least once a week. Companies should also have strong physical backups and hot sites ready to go in the event of an attack, he said.
Quality backup measures saved one of Kon’s clients when their building caught on fire on a Saturday in 2006. Since the firm had backup tape off-site, Kon was able to pick up new servers and have the company’s systems back up and running by Monday afternoon.
Yet sometimes basic precautions just won’t be enough to avoid a nightmare scenario. Kon tells a horror story from Christmas 2013, when his client was one of 250,000 to have their firewall penetrated by the ransomware Trojan CryptoLocker. The attackers told Kon’s client that they had 48 hours to buy and install an antidote, or else the hackers would destroy all of the files on their system.
So Kon bit the bullet, purchasing bitcoins from people in Turkey and sending them to the operators of CryptoLocker, verifying the company’s identity and registering each file along the way. Immediately after, Kon cleaned the client’s servers. “CryptoLocker could not be prevented,” he said.