ICYMI: How Threats Are Handled By MSPs
iCorps IT Services
How are cyber threats handled by MSPs? Find out what the panel of experts from iCorps' ALA Lunch & Learn had to say in this video.
[Chris Stephenson - Moderator] So just one more—I don't want to stay on the cloud too long, but how is ransomware, phishing, things like that, handled in the cloud by you the providers or, you know, by analyst technologies? Is it handled differently, or are these things that are impacted differently than on-site? How do we begin to think about that?
[Justin Walker - Sophos] Yeah, sure. I don't think it's any different really. So we treat it exactly the same. It's exactly the same risks. You know, ransomware actually makes up a really small percentage of actual infections. It's less than 2% globally. All the malware out there is actual ransomware infections, but they are so disruptive and damaging that it's all you think about.
[Chris Stephenson - Moderator] Right, they make the news.
[Justin Walker - Sophos] Yeah, they also make a ton of money. I mean, in 2016, a single family of ransomware made over a billion dollars. Just one variant of ransomware. I always laugh when people say it's the A/V companies that are writing the ransomware. If we write a ransomware, we'd be making a lot more money. So you know, it is where the money is, and that's why there are such incentives to have technical support behind it. They have their own cloud management dashboards for managing these malware campaigns or selling things off. We see advanced threats nowadays like Emotet, which itself is a file-infector that then has started to auction off infected machines. So the machine gets infected with Emotet, you know, it might sell it off to a ransomware writer, the next day it might be a SPAM botnet, it might be a banking trojan.
So it really has developed into more of a business, and I don't think, you know, whether we're talking laptop/desktop, physical/virtual, on-premise or in the cloud is really any different because if it's in a system that is all exposed and has potentially sensitive data, it's just as much of a target. And that's why—it's ultimately why we put the same protections in place regardless of, you know, what operating system, where it is, physical/virtual, here or in the cloud.
[Jeffery Lauria - iCorps Technologies] I agree, and the other part to that is, thankfully, these platforms - SharePoint, OneDrive, Google Docs - they have rollback features. Mechanically, the way OneDrive works is if you get ransomware, it's not going to affect you, just because of the way it works. That said, that doesn't necessarily mean that it doesn't affect your machine or you don't get locked out. So if you have cloud data, fair enough, but you have to treat it the same way.
iCorps Video Library