Threat actors are targeting MSPs. Are you ready?

On May 11, 2022, authorities from the United Kingdom, Australia, Canada, New Zealand, and the United States issued a joint cybersecurity advisory for managed service providers and their clients. The agencies included in the report have observed "an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue."

It makes sense for threat actors to target MSPs. Infiltrating an MSP's systems may grant access to data and systems for that MSP's clients, giving the threat actors a larger payday.

What does this mean for MSP clients?

Some business owners may think the increased risk means that they should avoid doing business with an MSP. But businesses of all types and sizes are still in danger of an attack. So all businesses should make sure they are equipped to weather the storm.

Businesses should not feel as if they must brave the coming troubles alone. Partnering with a certified managed service provider is still the best path forward for most businesses. But businesses should make sure they've partnered with an MSP ready for the challenges ahead. This is where third-party certifications like the Cyber Verify AAA risk assurance rating from MSPAlliance present real value.

What does this mean for MSPs themselves?

MSPs need to be honest and make sure they're following best practices to keep themselves and their clients safe in the event of an attack. MSPs should expect to be tested like never before.

But we can't cower away, because this is what we've signed up for.  This situation is what we've been preparing our clients for over the last few years. 

Highlights from the advisory

We've recently shared similar joint security advisories on the Sagiss LinkedIn company page.

This most recent joint security advisory is the most in-depth advisory we've seen yet. But nothing in this advisory is groundbreaking.

Everything included in this advisory is part of our daily functions.

Reconsider who has access to what.

The advisory suggests to "identify and disable accounts that are no longer in use." In other words, be sure you're identifying and removing ghost users, those often long-forgotten accounts that increase the avenues threat actors can take to access your systems.

The advisory explicitly says to "Apply the principle of least privilege." Give users access to only the files and systems they need to do their jobs. If an employee account is compromised, at least the damage can be restricted only to a portion of your systems rather than giving the threat actor full access to all of your systems.

End user security training is key.

The advisory links to an article from the Canadian Centre for Cyber Security to help users with spotting malicious email messages to avoid threatware of all forms.

Technology is only one part of a company's security efforts. The technology aids the users—it doesn't not do all the work for the users. Even modern tools like next-generation antivirus can't eliminate attacks.

Users still have to know what to look for and what to do with the technology they have access to. Security is a team effort, not solely the responsibility of the IT department.

So please be sure you're investing in end user security training.

Strengthen login credentials.

The advisory emphasizes the importance of password managers and multi-factor authentication (MFA).

Login credentials are some of the lowest-hanging fruit for attackers. And strengthening login credentials present some of the largest gains in terms of tightening security.

Apply updates.

Be sure to install software patches as they're released. These updates often close security holes that attackers like to exploit. And you might also see some performance improvements!

Don't forget about data backup and disaster recovery.

A solid data backup and disaster recovery plan is crucial. It is often the last line of defense against a successful ransomware attack.

Some threat actors do not restore data even after the ransom has been paid. Also, due to sanction laws, some cyber liability insurers may be unable to pay the ransom anyway.

No matter how you look at it, paying the ransom is a horrible way to recover from a ransomware attack. Data backup and disaster recovery are a much better solution.

Promote transparency.

Transparent, not sticky is one of our core values. So we're big fans of this point.

That's not all.

The full joint security advisory includes a bit more.