Datto Holding Corp. (“Datto”) (NYSE:MSP), the leading global provider of cloud-based software and security solutions purpose-built for delivery by managed service providers (MSPs), today announced its collaboration on the Ransomware Task Force’s (RTF) “Combating Ransomware: A Comprehensive Framework for Action” report.
Datto CISO Ryan Weeks is a core member of the RTF, a broad coalition of more than 60 experts in industry, government, law enforcement, and international organizations coming together in the fight against ransomware.
The RTF, formed in January by the Institute for Security and Technology (IST), recognizes that ransomware attacks present an urgent national security risk around the world. According to Datto’s Global State of the Channel Ransomware Report, while threat actors do not discriminate, 95% of MSPs state that their own businesses are increasingly being targeted and 78% of MSPs reported attacks against small and mid-sized businesses (SMB) in the last two years.
Any recommended solutions must therefore apply both internationally and to a wide array of affected sectors, including MSPs and SMBs. The varied expertise of the members allowed for multifaceted solutions and a full, comprehensive strategy to stem the ransomware tide.
The recommended RTF framework consists of four goals:
- deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced comprehensive strategy;
- disrupt the ransomware business model and decrease criminal profits;
- help organizations better prepare for ransomware attacks; and
- respond to ransomware attacks more effectively.
The 48 recommended actions provide guidance for addressing some of the root causes of the ransomware epidemic, including the low barrier to entry for intelligent cyber criminals, the difficulty of tracing cryptocurrencies, and lack of law enforcement resources. This has created an environment of safe havens for threat actors.
Effects on the MSP Community
The RTF finds that MSPs do not commonly provide extensive security coverage or ransomware mitigation, but doing so would create a widespread positive impact for SMBs.
To further this effort, baseline requirements for MSPs include:
- Adherence with a cyber-hygiene program (for example, CIS Controls Implementation Group 1 and the NIST Cybersecurity Framework)
- Financial funding and support to help MSPs develop cyber resilience capabilities
- Stricter disclosures of the occurrence of ransomware incidents for increased transparency
- Formation of an MSP-ISAC, an information sharing and analysis center specific to the unique needs of the MSP industry
“The release of these findings is an important step both in the U.S. and globally in instituting the proper frameworks, enforcement, and funding to make a difference,” said Ryan Weeks, CISO at Datto. “MSPs continue to be on the frontlines of a cyberwar but need more support, and this report elevates this concern. The time for concerted, coordinated action is now. Datto is proud to have played a part in this groundbreaking coalition, and looks forward to the day when the threat of ransomware no longer looms over the heads of citizens, students, teachers, businesses, hospitals, and nations.”