Protecting MSPs from Cyber Attacks
April 15, 2019
Eliminate the domino effect from MSP compromise that can damage reputation and trust across a portfolio of your hard-earned clients.
As a Managed Service Provider (MSP) offering IT infrastructure and end-user systems, your clients rely on you with their valuable assets, sensitive data, and intellectual property. MSPs are often viewed as trusted advisors that augment their customers’ teams and therefore often have the keys to the kingdom in the form of privileged access to their systems and servers. MSPs are also vital players in the global supply chain with their clients across all verticals such as retail, wholesale, regulated industries, and critical infrastructure. A compromise in one MSP can propagate to other clients and organizations, creating a domino-like chain reaction if not adequately mitigated.
What security best practices can MSPs utilize to avoid becoming a headline?
Why MSPs Make Attractive Targets
Attackers target MSPs for one of two reasons: to make a political statement, or more likely, to acquire valuable intelligence and confidential business data to use or monetize. With over 35,000 MSPs worldwide, there are ample candidates to attack by identifying security gaps and vulnerabilities. Successfully breaching one MSP is efficient for attackers who gain access to hundreds if not thousands of clients; persistent adversaries may also target a specific government or large corporation and hope MSPs are the “weakest link” in the attack chain.
MSP Vulnerabilities Continue In 2019
Despite the previous DHS alert to MSPs regarding adversaries trying to infiltrate service providers, industry incidents this year include:
- Ryuk ransomware hit a California-based cloud and data center provider along with thousands of its customers
- Hackers infiltrated a Norwegian managed service provider with 850,000 global clients and compromised credentials and logins
- Nine service providers in Australia experienced attacks from threat actor APT-10, according to warnings by the Australian Cyber Security Center (ACSC)
So, how can you avoid a damaging breach? We recommend adopting these strategic and tactical approaches to service provider security to protect your brand reputation and customer loyalty.
Protect MSP Networks and Assets
Service providers should embrace both strategic and tactical approaches to a layered approach to security. While there is no silver bullet to prevent data breaches, there are actions to deter cybercriminals, demonstrate compliance, and implement security best practices.
Strategic Approaches to Service Provider Security
- Start at the Top – Everyone in the organization plays a role in ensuring security, demonstrating strategic commitment starts at the very top. In light of adversaries actively targeting the MSP industry, map your security investment to the current business and technical risks. No organization is immune or too small.
- Take a Risk-Based Approach – MSPs must avoid a siloed approach to business and technology risk. The entire organization, including IT and security teams, must contribute to prioritizing the most valuable and sensitive assets. EventTracker Essentials, for example, provides comprehensive visibility via an MSP-centric Security Information and Event Management (SIEM) service for risk and compliance use cases.
- Protect Your Supply Chain – Your supply chain encompasses not only hardware and software suppliers, but also service suppliers like your CPA and your security services partner. Supply chain security considerations impact purchasing, vendor management, transportation, quality, and customer success. MSPs can determine their supply chain risks using tools such as NIST’s Best Practices in Cyber Supply Chain Management.
Tactical Actions for MSP Security
- Implement Cyber Hygiene Fundamentals – Just like brushing your teeth, network and computer hygiene must be a part of an MSP’s daily operational routine. For example, minimize your ransomware risks via encryption, patching, and backup. Use strong passwords and keep system access by supply chain vendors to a minimum. Correlate server and workstation logs and monitor them regularly for suspicious behavior to ensure rapid detection.
- Watch for MSP-Specific Gaps – MSPs use Remote Monitoring and Management (RMM) tools and protocols like Remote Desktop Protocol (RDP) to access their clients’ systems to perform helpdesk and security functions. Ensure that you are not using outdated RDP with flawed CredSSP or leaving the default RDP port TCP 3389 open with unrestricted access.
- Think Like a Hacker – Identify security gaps as well as reinforce effective security controls using tools such as penetration testing and simulations. Interrogate your network infrastructure and website as an adversary would, looking for vulnerabilities across all stages of the cybersecurity kill chain.
Service providers must be ever vigilant and proactive with their own security posture in addition to safeguarding their customers’ operations and data. Netsurion has the proven track record to assist MSPs with strategic and tactical approaches to cybersecurity, all with an ISO-certified 27/7 SOC with our own award-winning SIEM platform. Contact Netsurion to learn how a layered approach to security can protect you and your valued clients.
View our Protecting MSPs from Cyber Attacks infographic
for more insight on why managed service providers are being targeted.