MSP Insights: What does a 2.7 billion record breach mean to MSPs

Get more information - read the Member FAQs and press release.

  
Internet domain names and DNS are at the core of any business and MSPs need to give the security of those assets special attention.

PROTECT YOUR CLIENTS—AND YOURSELF—WITH ROAR'S IDENTITY MONITORING

Another day, another massive identity breach—or at least that’s how it seems. Just last week, 2.7 BILLION personal data records were compromised, the largest collection of compromised data aggregated in more than a decade.

Last week’s breach was more than 5 times the size of the 2018 Marriott Starwood hotel group’s data breach.

Were your clients’ records among them? If not, will you be so lucky next time? After all, it’s suspected that this is only the first of 7 mega-batches of data.

With probably thousands of customers under management, how can you continuously review and protect every piece of data, making sure nothing has been stolen or exploited? And what about performing the due diligence to warn your customers if user accounts are associated with a known breach?

It’s a massive undertaking.

But Roar’s Identity Monitoring Inspector can whittle it down to size.

By continually checking customer email addresses against public repositories like haveibeenpwned, our automation gives MSPs the visibility you need to have meaningful discussions with your customers—and contain and get ahead of potential chaos.

Read the official release on HaveIBeenPwned's Website

The fast facts from last week’s breach:

    1. 772,904,991 unique email address
    2. 21,222,975 unique passwords
    3. 12,000 files released
    4. 87GB of data in total
    5. Sourced across 2000 databases
    6. 140,000,000 emails are newly discovered
    7. 10,000,000 passwords were previously unknown

We’re all susceptible to a masterful phishing scheme—social engineering—and are at the mercy of the services we use to protect the information we provide them. MSPs are often stuck in the middle, tasked with ensuring your customer’s IT environments are protected but unable to exert any real control over personal user accounts, IT hygiene and habits. Every cyber security incident inevitably unwinds the tangled thread back to a user or user account that was neglected or failed to meet policy.

However, you do have a number of tools in your toolbelt to at least alleviate the impact of breached passwords and accounts, including:

  • Enabling multi-factor authentication
  • Enforcing policies for user account and especially for Administrators
  • Scope account access to least privileges
  • Prevent overuse of administrator accounts
  • Encourage the use of password managers to keep passwords unique for individual sites
  • Encourage rotation of strong passwords
  • Block known phishing source and supplement with email filtering
  • Configure proper domain protections such as SPF
  • Configure firewalls block outbound traffic out to known malware and command & control (C2) sites

See all of Roar's Inspectors that can work together to unify visibility for your MSP.

Breaches will continue to surface, and MSPs will continue to face the challenges with an ever-expanding IT landscape. The first step toward providing security for end-customers starts with continuous and unified visibility across the systems they manage. Automation from platforms like Roar will enable you to strengthen your customer relationships and grow your MSP maturity.

#MakeITRoar!

0 comments
5 views

Permalink