Although it’s impossible to pin down the true number, current estimates are that up to 75% of data breaches go unreported. And that’s entirely understandable. Announcing to the world that your company or one of your clients has been the victim of a cyberattack is not only embarrassing but can also have a severe impact on the bottom line.
According to IBM’s Cost of a Data Breach Report 2021, the average cost of an attack increased by nearly 10% year-over-year, from $3.86 million to $4.24 million. Beyond the immediate cost of what a company might pay in a ransomware attack or what it might cost for you to conduct incident response, there is brand damage that can have a lasting impact for years to come.
The IBM report says lost business represents nearly 40% of that $4.24 million, which includes business lost from customer turnover, and the cost of acquiring new business due to brand damage. So, you can see how it might be tempting for MSPs to simply pay the ransom and not tell anybody.
The Rise of Ransomware
The Media Sonar research team asked 605 security professionals what threats they have seen most frequently in 2021. Almost 70% responded that ransomware was the most frequent, followed by supply chain threats (17%) and threats from the hybrid workforce (9.8%). Of those who selected “Other”, common threats specifically mentioned included phishing, business email compromise (BEC), CEO fraud, account takeover, and social engineering attacks.
One of the reasons that ransomware is growing is because it’s really become a full-service business. With cyber threat actors now selling their services and skills and tools, such as providing ransomware as a service, you no longer need the technical expertise to be a cybercriminal. You can purchase a ransomware kit on the Dark Web and these services really require little technical knowledge to deploy. This gives less skilled threat actors the tools to conduct their own cyberattack, lowering the barrier to entry and making it much more difficult to attribute threat actors to cybercrime groups.
Cyber Incident Reporting Act
While the EU’s GDPR has strict reporting laws when it comes to the personal information held by companies, the rules in the US are far more lax and a bit fuzzy. There is no federal regulation that requires companies to report breaches, outside of rules relative to patient records or other forms of personally identifiable information (PII).
But all that is about to change. Congress is currently considering a bill that would require organizations that make a ransom payment to report that payment to the Director of the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, within 24-hours of the payment.
The “Cyber Incident Reporting Act of 2021” would apply to critical infrastructure organizations, nonprofits, businesses with more than 50 employees, and all state and local governments. The bill would also require critical infrastructure companies to report any cyber incident within 72 hours.
And that’s not all. The government wants to be able to analyze the methods and tactics of cybercriminals, so companies are required to do more than simply report that a breach occurred or that a ransom was paid. The proposed regulation would require companies to provide detailed information on how the breach happened, what security measures were in place and how the attackers got around them.
The proposed law has important implications. MSPs, in particular, need to start upping their security game when it comes to preventing breaches in the first place, responding quickly to incidents when they do occur, and better protecting each client’s brand.
The Opportunity for MSPs
MSPs are constantly at the frontline of threat detection and investigations. To protect their clients from threats, minimize the impact of attacks, and reduce downtime – MSPs require a new approach to security and must always prepare for any and all types of threats. Media Sonar Web Intelligence & Investigation platform helps MSPs anticipate potential security incidents, perform crisis management if the unexpected happens and protect clients’ brand assets.
Where Media Sonar Fits
- Media Sonar consolidates multiple open-source intelligence tools (OSINT) into an integrated, automated platform for conducting threat detection.
- The Media Sonar platform gives MSPs and security practitioners visibility into the Dark Web so that teams can get ahead of emerging threats.
- The platform specifically targets brandjacking, which can take the form of social media account takeovers, spoofed domains and phishing emails.
- The platform enables deep-dive digital investigations across IP addresses, domains, email addresses, usernames and organizations.
- The Media Sonar Social Insights Report provides a high-level view of public sentiment toward each clients’ brand.
- And the platform enables companies to meet regulatory requirements with detailed auditable logs of user activity.
- According to the IBM breach report, companies with effective incident response teams were able to reduce the cost of a breach by 55%. Media Sonar provides custom alerts and collaborative workflows that help companies respond to crises.
It’s clear that the regulatory environment with respect to data breaches is changing and MSPs need to move quickly to get ahead of the new rules. Even if the federal law gets stalled in Congress, individual states like California are tightening their own data protection rules and adopting GDPR-based regulations.
Defending against cyber threats and protecting the client’s brand is not only good for regulatory compliance, it’s simply good business.