How MSPs Can Address the Risks of Social Engineering-Driven Phishing Attacks

How MSPs Can Address the Risks of Social Engineering-Driven Phishing Attacks

By Matthew Vulpis

Digital transformation has brought with it manifold opportunities for businesses to improve what they build, how they engage with their customers, and how they operate more efficiently. But, it also brings with it opportunities for cybercriminals to benefit. The number of connected applications, devices, networks, and cloud-based services have given would-be cyber attackers more points of entry than ever, leading to a sizable increase in cyberattacks.

In total, global cyberattacks increased by 38 percent in 2022, compared to 2021, with the average cost of breaches reaching $9.44 million by the end of 2022.

“Among the variety of attack methods, the most common are phishing attacks, along with other browser-based attacks,” said Nick Heddy, Chief Commerce Officer of Pax8, one of the largest and fastest growing cloud-based marketplaces in the world, with more than 25,000 MSPs serving 400,000 small and medium-size enterprises. “Our cyber security offerings are among the most utilized, and for good reason. Phishing attacks are on the rise, and more sophisticated than ever.”

Such attacks start with a fraudulent email or other communication designed to lure a victim with a message that is made to look as though it comes from a trusted sender, where the victim is coaxed into providing confidential information – often on a scam website.

“Browser-based attacks are often so well disguised that within seconds, after just one click, malware can be silently downloaded onto the target’s computer,” Heddy said. “Other attacks include malicious pop-up ads designed to fool an end user into engaging, and while training is important, having software that senses and alerts end users has become an essential solution for MSPs who are responsible for protecting the assets of their customers.”

These attacks are more frequently used than other types of cyberattacks, and in the first quarter of 2022, the Anti-Phishing Working Group (APWG) observed 1,025,968 total phishing attacks. This is the first time the quarterly total has exceeded one million, making it the worst quarter APWG has observed. As for browser-based attacks, 2022 saw 4.7 million web app-related cybersecurity exploitations, a 271 percent increase since 2020.

“The reason these types of attacks have risen so dramatically is recognition by the dark side that, ultimately, the weakest part of an enterprise's cybersecurity is the human aspect,” Heddy explained.   “Both of these attacks rely on the unsuspecting employee to click on what appears to be a perfectly safe link or email, without realizing one click will give hackers complete access to the enterprise’s cloud infrastructure.”

CrowdStrike recently released its Global Threat Report, which includes the following analysis: “While technology is clearly critical in the fight to detect and stop intrusions, security teams are the crucial link in the chain to stop breaches. For security teams, practice makes perfect. Encourage an environment that routinely performs tabletop exercises and red/blue teaming to identify gaps and eliminate weaknesses in your cybersecurity practices and response.”

The report also noted that security teams shouldn’t be the only ones practicing and training – initiating user-awareness programs to combat the continued threat of phishing and related social engineering techniques is recommended for organizations large and small.

Since these attacks are the most prominent being used by the modern-day cyber attacker, MSPs have, unsurprisingly, begun searching for ways to bolster their digital defenses, and better protect their companies against phishing. The most notable way organizations have been going about this is to adopt and implement a cybersecurity solution that leverages AI and employee training programs to proactively find and snuff out potential cyber threats.

“While cybersecurity solutions are increasingly effective and more intelligent than ever, providing educational sessions on cybersecurity protocols for employees can also make an important difference,” Heddy said. “No matter how good a cybersecurity solution is, they cannot guarantee that an employee won’t click on a malicious link, so we offer solutions that train end-users in real time, with alerts, as well as automatic blocking of certain domains and URLs.”

Security Awareness Training helps employees understand the importance of cybersecurity and teaches them how to identify potential threats and respond appropriately. It also provides employees with the knowledge and skills needed to recognize, report, and prevent security incidents.

“A cyberattack, by definition, is a conflict between two parties,” the CrowdStrike report reads. “Not knowing or understanding your adversary when you enter a battle is equal to being unprepared. Organizations spend years and millions of dollars fighting ghosts and noisy alerts, never knowing the “who, why and how” behind the attacks.”

With attackers and attacks expected to grow in terms of volume, speed, and most dangerously, sophistication, “Every organization must start making improvements to their defense before it’s too late,” Heddy said. “This is as much a risk-management as technology imperative. The abundance of technology available today can help companies make necessary upgrades to their digital defense to stave off most would-be attackers. However, to securely protect one’s entire organization, businesses must prioritize employee training, in order to make sure workers can spot and avoid a phishing or a browser-based cyberattack. This is not limited to their computers, but to every access device, especially smartphones which are often used while on the move, and with less close attention being paid.”

Pax8’s marketplace includes two dozen cyber security solution providers.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Content Contributor

Related Articles

Partner Confidence and Fast Support: Why MSPs Choose Wildix

By: Greg Tavarez    2/21/2024

At MSP Expo 2024, a meeting with Tim TrueLove in the exhibit hall led to a discussion of what Wildix brings to MSPs.

Read More

MSPs Must Better Educate Clients Against Cyber Threats

By: Greg Tavarez    2/20/2024

Walt Czerminski, partner, Fortium Partners, led a panel discussion at MSP Expo 2024 featuring Ragav Khosla, manager, channel solutions consultants Ame…

Read More

Cybersecurity Preparedness Gaps Remain

By: Stefania Viscusi    2/20/2024

More than half of companies faced significant security incidents in the past year.

Read More

Despite AI's Capabilities, A Help Desk is Needed

By: Greg Tavarez    2/20/2024

Mostafa Razzak, CEO, JMR Connect, led a panel discussion at MSP Expo 2024 featuring Robert Isaacs, CEO, Nine Minds; and Oren Rosen, CEO, eProc Solutio…

Read More

Compliology's Jesse Tuttle Shares His Story During Keynote at ITEXPO 2024

By: Greg Tavarez    2/20/2024

Jesse Tuttle, chief hacking officer, Compliology, aka Hackah Jak, told his story that he kept secret for three decades.

Read More