Managed service providers (MSPs) are an essential part of the technology strategy of many organizations. As MSPs have become more popular, however, they are more frequently becoming the subject of targeted attacks. Recently, attackers have begun targeting MSPs as compromising one MSP can grant access to install ransomware on hundreds of customer organizations. Additionally, threat actors are actively exploiting the technology supply chain and using compromised MSPs to steal sensitive information from otherwise well-secured customer systems. As a result, only MSPs that take cybersecurity seriously and implement vital protections will continue to succeed.
Below are some critical items that can protect you and your MSP from compromise. Work with your MSP to ensure these controls are in place today!
- Recovery Strategy: Backups must occur regularly including all critical data and systems and must be saved both on and offsite. These backups should be tested regularly to ensure data can be restored and should only be able to be accessed by authorized administrators.
- Authentication: All remote and/or administrative access needs to require strong passwords. This includes MSP accounts and tools, such as Remote Monitoring and Management (RMM) software. Both remote and administrative access need to be protected by multi-factor authentication.
- Security Monitoring: Your MSP should be able to produce a log of all access to your systems and information. Additionally, your MSP should have monitoring tools in place to detect if their systems have been breached.
- Restrict Mass Script/Command Execution: Attackers are abusing functionality of MSP tools to send commands to or run scripts on many systems at once. This is often used to download and install ransomware on all managed systems at once. These features should either be disabled if not used or limited to only a few administrators if required.
- Have a Plan: Quick and effective response to an initial compromise is key to limiting the impact the incident has. Both you and your MSP need to have respective incident response plans that lay out employees involved, responsibilities, and procedures to follow. Also, disaster recovery plans should be maintained by you and your MSP to recover from any impact an incident may have. Both these plans should be tested at least annually.
- Patch Management: Software used by MSPs is currently under heavily scrutiny by attackers and researchers alike as recently some critical vulnerabilities have been released for popular platforms. Your MSP must stay on top of patches for RMM tools and associated software.
- Awareness and Training: Where technical controls fail, people must make the right choices to protect an organization. Your MSP should have a security awareness program that includes regular training and phishing simulations to ensure their employees are on the lookout for the latest threats.
- Cyber Insurance: If the worst does happen, financial loss is sure to follow. Cyber insurance can help recover from this, as well as pay for incident response services, recovery efforts, etc. However, many contracts have strict requirements in order for payment to be issued. Ensure that if you have a contract, you are fully compliant with the terms.
At ICS, we practice what we preach. Our team follows best practices internally just as we recommend for our clients. We work directly with 1nteger Security who has dedicated specialists and the proper resources for cybersecurity. Our experience and work culture – along with all the controls and safeguards we have put in place – has allowed us to fortify our own IT infrastructure and as a result provide better protection for our clients.
For over 30 years, ICS has worked alongside clients to develop solutions that meet all their technology and telecommunications needs. While technology has changed greatly over the past three decades, our goals and mission have remained the same: ICS is committed to integrity, innovation, and the most personalized, proactive, and professional customer service in the IT industry. Located in both Endicott, Syracuse, and Ithaca, we can help you to navigate through every phase of technology development. Your business relies on successful identification and implementation of IT solutions. We focus on keeping your technology productive and successful, so you don’t have to.