Security in an office network has always been incredibly important, but now it seems more important than ever. Ransomware is becoming increasingly more threatening as it affects larger and larger targets at an increasing rate. As such, most IT service providers and MSPs (managed service providers) have been focusing harder on making sure that the state of their client’s network security is top notch. However, there are a few issues that keep their efforts from being completely successful.
The first and most impactful issue is put very well by Derrick Wlodarz in their article “The War Against Ransomware: 4 Lessons Learned From the Trenches” in that “MSPs need to ditch the idea that they will be able to prevent 100% of malware. Having a disaster recovery strategy that employs proper planning and IT solutions is the new reality we all need to recognize.”
| https://www.mspinsights.com/doc/the-war-on-ransomware-lessons-learned-from-the-trenches-0001 |
Disaster recovery is vital to ensuring that when (not if) something happens to shut down services within an office, the down time is reduced to a manageable minimum. With devices like those offered by Datto, even ransomware can be recovered from in a matter of a couple of hours and potentially even detected before it infects more than the source computer on the network.
Wlodarz also mentions is that “Another avenue most major ransomware incidents tend to take advantage of is unpatched software and hardware.” Typically this means that software updates are performed and networking hardware firmware updates are applied regularly. However a much more basic and larger concern is the use of software or hardware that is no longer updated by the company that provided it in the past. With the end of support for Windows 7 fast approaching, any and all machines using Windows 7 will quickly become a serious security risk.
That being said, Windows 7 is not the only thing to be worried about. Even Windows 10 will become risky to continue using if the most recent updates have not been applied for long enough. Performing updates never has to be something that interrupts work. If the schedule for updates is properly devised, the updates can be performed during off hours that also takes into consideration complications with the updates that might take time to resolve.
With the increased effectiveness of cloud-based server solutions, many people are beginning to migrate to these services, attracted by the promise that outsourcing their server environments will increase the reliability of their security and decrease downtime. However, it’s been shown recently that even these services are not immune to ransomware.
| https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/ |
The above article covers the ransomware that infected iNSYNQ’s servers, causing a complete outage of their service for multiple weeks and the loss of many clients’ data. While these services definitely offload the responsibility of security compliance and updates, something happening that affects these services can mean more downtime than a properly setup disaster recovery system on site.
The decision to use a cloud service or an on site server is one that usually requires much deliberation. Wlodarz mentions in his article that “Clients who are sustaining fleets of physical servers on-prem without the requisite attention to patching and security oversight are putting their entire IT infrastructure at unnecessarily high risk to ransomware” and he has a very valid point. He makes the case that most of the time, using a cloud service to replace an on site server is usually not only easier to maintain, but less time has to be involved for security.
However, that does not mean cloud services can replace on site servers in every scenario, or that the cloud services will be as effective as desired. Along with the offloading of responsibility over security comes the lack of knowledge of what the cloud service provider is doing with regards to their security, making it impossible to know for certain that their methods are satisfactory.
