An MSP’s Cyber Threat Glossary for Clients
Hackers frequently target small to medium-sized businesses (SMBs), and MSPs must educate their clients about these risks. Inform clients of the evolving cybersecurity risks they face by defining and illustrating how common cyber threats are deployed and what it takes to recover completely. With this understanding and MSP guidance, clients can enhance data protection with automation, standardization, and consolidation. Keep reading or download the Cyber Threats Glossary to share with clients, use in sales opportunities, and reinforce your relationship with existing, new, and prospective clients.
Cyber Threat Glossary to Define Attack Vectors
These are today’s threat vectors that clients must understand to build their BCDR strategy with their MSP. An educated client with the right MSP guidance will often appreciate the straightforward information and see you as an authority in cybersecurity, resulting in a long relationship built on trust.
Advanced Persistent Threat (APT): Cybercriminals typically use an advanced persistent attack to target organizations to solicit financial information. This type of attack is executed over a long period of time and is difficult to detect.
Backdoor Trojan: A backdoor Trojan allows cybercriminals to take control of a system without permission. Posing as a legitimate program, a Trojan spreads through phishing attacks that fool users into accessing malware through everyday activities such as clicking links within emails.
Distributed Denial of Service Attack (DDoS): A DDoS attack is meant to prevent users from accessing specific locations online. In this attack, a cybercriminal will flood a website with large quantities of information requests that essentially render the site inaccessible to legitimate users.
Flooding: In this security attack, hackers send large amounts of information to a server or web location. The result is a break in the system’s proper operations due to a block in its processing power.
Malware: Short for malicious software, malware includes an attack using any intrusive software developed by cybercriminals to steal data and damage or destroy devices and protected systems. Common examples include ransomware and phishing.
Phishing: A form of malware that uses phishing emails and other messages that appear to be from reputable senders to entice users to click on a fraudulent link to gain access to a protected system or reveal personal information like passwords and credit card information.
Ransomware: A type of malware that encrypts all of the data on a PC desktop or mobile device, blocking access for the data’s owner. Aptly named, Ransomware requires a ransom to be paid, typically in Bitcoin, to the attacker to regain access to the files. Note that you’re dealing with cyber criminals, so there is no guarantee the data will be released, and there is a chance it’s already been sold on the dark web.
Social Engineering: Social engineering uses psychological manipulation to persuade users to perform specific actions or reveal sensitive information. This type of attack often uses lies, bribes, extortion, and impersonation.
SQL Injection: Attackers use malicious SQL code, often moving all data into a central location controlled by the attacker. By doing this, attackers can impersonate identities, modify or delete data, or completely take control of an entire database.
Worm: One of the most common types of malware, a worm is an infection that has the ability to spread indefinitely and self-replicate. By exploiting OS vulnerabilities, this replication happens automatically and does not need human activity to spread.
BCDR Features and Protections to Highlight in Your Cyber Threat Glossary
While understanding today’s cybersecurity landscape is the first step, the second is letting clients know how your MSP protects their business. Use this within marketing and sales campaigns and as an entry point to discuss upsell and cross-sell opportunities with existing clients. Identify vulnerabilities and present the following solutions and protections as part of your cyber threat glossary to reinforce your value in providing uninterrupted business continuity and rapid disaster recovery.
AirGap
An anti-ransomware and data deletion protection feature that serves as your last line of defense against cyber threats to ensure data immutability after an accidental incident or malicious attack on backup files. Leveraging automation, security controls, time gaps, and a little trickery, AirGap protects backups so MSPs can always recover client data. AirGap is automatically enabled in x360Recover for BCDR and x360Cloud for Microsoft 365 and Google Workspace backup.
Security capabilities and data protection safeguards include:
- Honeypots: Trick bad actors into thinking they’ve successfully accomplished their dirty goal of deleting data, but it’s just an illusion. To them, it looks like their job is over, and they can move on – but the data is safe on isolated storage tiers, so you get the last laugh.
- Human factor controls: Limit who can create data deletion requests and who can fulfill data deletion requests. Only a select number of authorized security individuals can complete both actions, and no one individual can carry out both actions. That means that to delete data from AirGap, two different people must verify it.
- Time gaps: The time between processes – such as when data deletion requests are created, verified, and executed – gives MSPs ample time to stop malicious activity before it’s too late. The time between processes varies, so bad actors can’t recognize patterns and replicate AirGap’s behaviors.
AutoVerify
As the name implies, AutoVerify automated backup integrity testing automatically verifies backup health. This always-on feature continually monitors backups and automatically virtualizes each protected system’s latest backup recovery point. Nightly, AutoVerify tests endpoints using intelligent adaptive backup VM testing to perform numerous deep volume assessments for bootability, OS health, corruption, file system integrity, and application usability.
- Reduce tech debt: Eliminate daily, time-consuming, and error-prone manual backup checks.
- Meet compliance and cyber insurance requirements with automatically generated reporting that proves protected system security and use of automation best practices.
- Sleep soundly, knowing your backups are healthy, available, and accessible for fast recovery and uninterrupted business continuity.
Business Continuity and Disaster Recovery (BCDR)
Axcient’s solutions support a strong BCDR strategy for MSPs and their SMB clients to keep businesses running, and when there is a cyber incident, recovery is fast, efficient, and effective. Leveraging labor-saving proprietary features, hands-free automation, and the secure, single sign-on x360 Platform, Axcient simplifies backup management with flexible capabilities and features for disaster recovery.
Recovery Point Objective (RPO)
The maximum length of time in the past from which an element of the business can revert without intolerable impact on operations. In short, how much data loss can you withstand if a disaster occurs?
Much of it depends on how often information in the business changes. For example, product details on a website may change every couple of days, while order information changes every few minutes. The RPO is longer for website data than for order data. Axcient delivers a 15-minute RPO to ensure all data is recoverable.
Recovery Time Objective (RTO)
The longest time that an element of the business can be unavailable before its loss becomes intolerable. It could be a computer, a network, an application critical to the company, access to information, or loss of a function like email that prevents business as usual.
A business’s BCDR strategies should build redundancy using data protection best practices, robust solutions, and automation so that you can survive the loss of any element for as long as possible. A short RTO requires immediacy from the business to identify the loss and enact disaster recovery operations. Axcient ensures a competitive 1-hour or less RTO to support stringent SLAs and accelerated recovery.
Virtual Office
Always-on cloud failover on all cloud and appliance-based deployments enables self-managed cloud disaster recovery for your MSP. Keeping IT systems up and data accessible anytime and anywhere, you maintain business productivity while your MSP completes recovery behind the scenes. With the ability to instantly recover production servers and workstations, new capabilities provide business benefits on top of accelerated disaster recovery.
- Perform regular full-office disaster recovery tests to validate disaster readiness, optimize disaster recovery planning, and meet compliance standards, industry regulations, and cyber insurance requirements.
- Utilize disaster recovery testing results to quickly and efficiently generate multi-purpose reports that reduce technician workload and chances of manual reporting errors.
- Accelerate disaster recovery with custom runbooks that automatically deploy after an incident on all desired devices and configurations.
Building a Cyber Threat Glossary for Your Clients
Use this as a starting point for constructing a comprehensive glossary fit for your client’s unique circumstances, industries, compliance standards, state regulations, and insurance policy requirements. With a clear understanding of the cyber threats your MSP is fighting, how you’re doing it, and what you’re preventing, clients see the value of your services, supporting trust and lasting relationships. Back it up with automated reporting that proves efficiency and effectiveness, and your MSP is set up with an all-in-one BCDR solution fit for various client needs. Axcient partners can get more free marketing and sales materials for clients in the Axcient Marketing Portal (AMP).
Thinking about giving Axcient a try to get access to our cyber threat protections to keep your clients data immutable? Request a no-hassle quote today:
Author
Related posts
How well could you sleep with reliable cloud-based backups and recovery?
Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what:
