MSPs are true technical experts. Their clients – not so much. That is why leading MSPs counsel clients on what they need to be secure. And in this era of ransomware and other ongoing attacks, patching is 100 percent critical.
If you are not already doing so, position your patching expertise and solutions as a competitive differentiator, explaining how proper patching can eliminate the vast majority of successful malware attacks.
Recently Kirk Feathers, vice president, Global Product Enablement at Kaseya, explained the need for patching, and how to save your clients’ bacon and make money at the same time.
The most visible reason for proper patching is ransomware, many variants of which go after unpatched computers. According to the FBI, ransomware increased 6,000 percent in 2016. It is not only locking up important data, but also costing companies money. Some 70 percent of businesses paid the ransom, with half shelling out over $10,000, and 20 percent paying $40,000.
In fact, the FBI reported 4,000 registered ransomware attacks per day against SMBs in 2016.
Meanwhile, the larger category of cybercrime is having a huge global impact, costing $575 billion a year now, and estimated to reach $2 trillion by 2019.
The criminals are becoming more diverse, sophisticated and well organized, and include:
– State-sponsored
– Terrorists, gangs, organized crime (in country)
– Opportunists
– Hacktivists
Motives include:
– Financial gain
– Steal personal, financial, business or political information
– Sabotage, disable or disrupt reputations, systems or services
At the same, SMBs are generally unprepared to face these malware threats, which numbered 350,000 per day in 2016. In a recent study, only 14 percent of SMBs rate their cyber-defense as “highly effective.” Moreover, 71 percent of executives claim cyber-risk impeded innovation. That is why MSP security and patching services are so important to SMBs.
Exploit Kits Make Hacking a Breeze
In the early days of hacking, it took real work and smarts to break into a system. Nowadays, all you need to do is download an exploit kit – the malware comes pre-built. These kits build on what has worked in the past, and for a fee or even free let new cybercriminals run wild. Exploit kits, which accounted for four of the 10 most commonly encountered exploit detection in the first half of last year, include:
• Collections of exploits bundled together and sold as commercial software or as a service.
• Often installed on a malicious or compromised web server.
• Exploit kits usually offer web-based control panels that enable attackers to target specific populations, such as geographic regions, operating system versions, and browsers
Patching is the Answer
The good news is that patching works. According to the Center for Strategic and International Studies, simply applying the most recent patches to six software packages on Windows machines could prevent 99.8 percent of malware infections.
As an MSP, you have the answers. Do not be afraid to show it. Here are some things you can do:
• Talk about it — be the expert
• Explain the news no less than monthly in emails. blog posts and newsletters
• Discuss the advances in attacks and defense
• Create urgency, make speed/automation your value
• Show them they’re exposed
• Use vulnerability reports and dashboards to demonstrate the state of their patching and how it improves under your watch
Let Kaseya Help Perfect Your Patching Service
Kaseya understands the difficulties of patch management. VSA by Kaseya fully automates every aspect of patch management, including:
• Comprehensive discovery and audit to find all devices in the first place, as well as monitoring operating details (to know what needs to be patched).
• Policy-based management and control automated patch deployment that you set up, controlling exactly which patches get deployed, as well as when and how to match your business’ specific needs.
• Remote management to access and patch all devices, including off-network devices sitting on an employee’s countertop. If laptops need to powered on or powered off, VSA can automatically take those steps to ensure the patch is fully installed.
• Real-time, comprehensive reports with drill-down and the extensive ability to use filters
Read more about patch management best practices or tune into our Eight Steps to Better Security Patch Management Webinar.
