2022 threat assessment for the hosting industry

Our own Jeff Hardy, Product Marketing Manager, Acronis Hosting Solutions, recently delivered an insightful presentation for the HostingTalk Global summit.

In this 25-minute presentation, Jeff describes the current threat landscape, shares his “Five Plus One Cybersecurity Axioms” and highlights new ways of thinking that can help hosting service providers (HSPs) stay a step ahead of the bad guys.

His presentation was well-received, so if you’d like to watch it, you can still see it here. We also thought we would summarize many of his key points below.

If we look at the overall trendline that shows the emergence of new types of threats as well as the total number of attacks and successful incidents, it’s easy to see things are changing fast—and unfortunately, it’s only getting worse.

For example, today the industry has identified and registered almost one billion new malicious programs.

In his presentation, Hardy noted that many cyberthreats may peak in their overall popularity. For example, in the not-so-distant past, malware was the preferred type of attack. Yet it has recently been surpassed by ransomware and even social engineering attacks, which unfortunately always seem to be a weapon of choice.

Yet like the game “whack-a-mole,” HSPs may think they’re safe, but past types of threats can resurface at any time. All of this adds up to a simple fact: if you’re a hosting service provider, you have to have the most effective and adaptable cybersecurity in place. It’s a double-edged sword: your customers know this, too, which means they’ll continue to demand more comprehensive solutions and protocols from HSP partners.

Cleary cybersecurity is a major concern. While it is a “must,” cybersecurity can be extremely complex. There are other challenges to consider, too: Virtually all of us face expanding threat vectors, insider threats and increasingly sophisticated tools from adversaries, such as threat automation tools and capabilities.

With all of this in mind, Hardy offered his “Five Plus One” cybersecurity axioms—five things all HSPs should keep in mind with one helpful related point:

1. Cybercrime is a business.

2. There is no such thing as a completely secure system, no matter how good your security or encryption may be.

3. Any system will be subject to compromise when/if the potential economic gain exceeds the cost of doing so in time, effort, or money.

4. The cost of technology – and thus, technological crime – will continue to drop while the overall value of technological systems continues to increase.

5. The best way to address security in any system is to consistently increase the costs of a compromise while consistently decreasing the ability of criminals to derive economic gain.

And Hardy’s “Plus One?” He reminded HSPs to remember that economic gain is not just measured in money; it can also be evaluated in overall utility, or other measures deemed important to the attackers.

Hardy also introduced the idea of “shifting left” and “shifting right.” In his example, shifting left is a current mindset among DevSecOps professionals: the idea of thinking about building security into applications and systems from the start, not after the fact.

But he encouraged HSPs to also shift to the right. Here, he built an “economic model of cyber protection” and referred to the inflection point where the cost to attack your system is lower than the economic gain of a successful attack. If HSPs can shift the cost curve to the right – possible with tactics such as a disciplined updating and patch system, improved detection, minimizing threat vectors and hardening the overall perimeter – HSPs can gain an ongoing advantage.

Yet if they simultaneously shift the benefit curve to the right – with tactics such as making ransoms moot, improving overall response, accelerating disaster recovery and using advanced encryption – HSPs won’t be chasing the latest tactics and techniques, they’ll be improving the security in their hosting environment.  

Finally, Hardy shared findings from Acronis and what types of threats he thinks HSPs should be aware of in 2022:

·       Direct internal engineering threats, such as phishing campaigns.

·       Ransomware attacks, which have grown in popularity to the point where they are now the third most common threat causing breaches.

·       Customer-side threats, especially from applications.

·       Weak, insecure and unguarded passwords, a situation that can be improved with two-factor authentication.

Acronis is committed to helping HSPs improve their overall security approaches and best practices to stay a step ahead of these threats in 2022 and beyond. To learn more, please watch our Hosting Threat Assessment 2022 video or visit www.acronis.com today.