Bad actors are targeting MSPs. Are you ready?

On May 11, 2022, cybersecurity authorities from the United Kingdom, Australia, Canada, New Zealand, and the United States issued a joint cybersecurity advisory for managed service providers and their clients. The agencies included in the report have observed "an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue."

It makes sense for bad actors to target MSPs. Infiltrating an MSP's systems may grant access to data and systems for that MSP's clients, giving the bad actors a larger payday.


What does this mean for MSP clients?

Some business owners may think the increased risk means that they should avoid doing business with an MSP. But businesses of all types and sizes are still in danger of a cyber attack. So all businesses need to make sure they are equipped to weather the storm.

Businesses should not feel as if they must brave the coming troubles alone. Partnering with a capable MSP is still the best path forward for most businesses. But businesses should make sure they've partnered with an MSP ready for the challenges ahead. This is where third-party certifications like the Cyber Verify AAA risk assurance rating from MSPAlliance present real value.


What does this mean for MSPs themselves?

MSPs need to be honest and make sure they're following best practices to keep themselves and their clients safe in the event of a cyber attack. MSPs can expect to be tested like never before.

But we can't cower away, because this is what we've signed up for.  This situation is what we've been preparing our clients for over the last few years. 


Highlights from the advisory

We've recently shared similar joint cybersecurity advisories on the Sagiss LinkedIn company page.

This most recent joint cybersecurity advisory is the most in-depth advisory we've seen yet. But nothing in this advisory is groundbreaking.

Everything included in this advisory is part of our daily functions.


Reconsider who has access to what.

The advisory suggests to "identify and disable accounts that are no longer in use." In other words, be sure you're identifying and removing ghost users, those often long-forgotten accounts that increase the avenues bad actors can take to access your systems.

The advisory explicitly says to "Apply the principle of least privilege." Give users access to only the files and systems they need to do their jobs. If an employee account is compromised, at least the damage can be restricted only to a portion of your systems rather than giving the bad actor full access to all of your systems.


End user security training is key.

The advisory links to an article from the Canadian Centre for Cyber Security to help users with spotting malicious email messages.

Technology is only one part of a company's security efforts. The technology aids the users—it doesn't not do all the work for the users. 

Users still have to know what to look for and what to do with the technology they have access to.

Please be sure you're investing in end user security training.


Strengthen login credentials.

The advisory emphasizes the importance of password security and multifactor authentication (MFA).

Login credentials are some of the lowest-hanging fruit for attackers. And strengthening login credentials present some of the largest gains in terms of tightening security.


Apply updates.

Be sure to download and install new patches as they're released. These updates often close security holes that attackers like to exploit. And you might also see some performance improvements!


Don't forget about data backup and disaster recovery.

A solid data backup and disaster recovery plan is crucial. It is often the last line of defense against a successful ransomware attack.

Some bad actors do not restore data even after the ransom has been paid. Also, due to sanction laws, some cyber liability insurers may be unable to pay the ransom anyway.

No matter how you look at it, paying the ransom is a horrible way to recover from a ransomware attack. Data backup and disaster recovery are a much better solution.


Promote transparency.

Transparent, not sticky is one of our core values. So we're big fans of this point.


That's not all.

The full joint cybersecurity advisory includes a bit more.

Feel free to read it over. And contact us today if you have any other specific questions about how Sagiss is preparing for these risks—and how we can help you do the same.


Sign up to get new posts in your inbox!