A new era of supply chain attacks is emerging, affecting numerous clients directly and indirectly. Various headline-grabbing incidents, including SolarWinds and Log4j, are only the tip of the iceberg as supply chain attacks increased by 650% in 2021. As the potential for profit has increased, cybercriminals are becoming more organized, operating in company-like structures to maximize the financial return from their attacks. Supply chain attacks are profitable for cybercrime industries because they target vulnerabilities that can spread a single attack to numerous victims at once. Numerous cybercrime organizations are looking to leverage established supplier relationships to deliver malware to their clients. This all begs the question: how serious is the risk to managed service providers (MSPs) and their clients?
95% of companies were directly or indirectly affected by supply chain cybersecurity incidents. Small and medium-sized enterprises (SMEs) are vulnerable because they’re often at the bottom of the supply chain and lack the expertise or bandwidth to implement appropriate defenses. Additionally, MSPs serving these companies are at risk of becoming targets. Because the services they provide to their clients’ environment are critical and so much trust is involved in the relationship, jeopardizing MSPs can have a significant impact on their clients. Even though the attacks are directed at software vendors, the MSPs are still part of the pipeline that propagates third and fourth-party exposure down to the SME community.
How can MSPs respond to the growing threat? What steps can be taken to mitigate the risk of MSPs becoming cyberattack victims and spreading malware to their clients? Supply chain attacks can exploit the trust companies have in their suppliers and standard security and cyber hygiene measures can’t reliably prevent them. If patching servers are compromised, the MSP’s established and trusted connection to its partners can be leveraged by threat actors to install malware on a client’s systems. Security tools installed in an end client’s environment have no way of preventing it. Instead of relying on standard security measures in protecting endpoints and networks, which may fail, it can be beneficial to reduce exposure and establish high-level transparency and accountability across both vendors’ and clients’ relationships.
MSPs need to protect themselves to protect their clients. Conducting a full audit of an MSP’s IT environment can be a good starting point because MSPs can protect what they can’t see. MSPs need to be familiar with all the software and hardware in their environment, the cloud services being used, and the vendors and partners with their companies and their clients interacting with them. To reduce the attack surface, partnerships not critical to companies or redundant need to be reviewed, and if necessary, terminated. Tier the remaining supplier relationships based on how critical they are and how much damage attacks on the suppliers can cause to MSPs and their clients. MSPs need to meet with their key suppliers to have important security conversations and willing to ask uncomfortable questions. MSPs need to focus on what’s important to them, develop a plan to address any weaknesses, and always demand proper results.
During vendor evaluations, MSPs need to ask questions aimed primarily at determining potential risks their partnership can expose MSPs to over time. Vendors in an MSP’s portfolio need to explain how they protect themselves and their clients, how they restrict and control access, and what mechanism they use to encrypt MSPs’ data. What steps vendors are taking in protecting the confidentiality, integrity, and availability of MSPs and their clients’ data? What is their plan for business continuity and disaster recovery? Do vendors have effective employee training and information security programs that allow them to respond to ever-changing threats? SpearTip’s risk assessment process allows our engineers to examine companies’ entire security posture and use a cyber maturity-based approach to locate all vulnerabilities and weaknesses. We offer several types of risk assessment solutions to produce a comprehensive evaluation of companies’ cyber maturity.
MSPs need to ensure their vendors reflect their organization’s internal requirements and develop a system for holding them accountable. Important issues, including incident response, data retrieval, data ownership, and assessment rights, need to be addressed in their contracts. Additionally, MSPs should request to review any independent audits of the vendor’s security performance. Vendor management is an ongoing process and preliminary assessments are only the starting point. Follow up with findings and insist that MSPs’ partners’ security programs continue and maintain transparency in their relationships. As vendors’ relationships deepen, the diligence level, security expectations, and accountability should increase. MSPs should expect quality security outcomes from their suppliers that will protect their clients and clients expect the same from their MSPs partners.
With the risk of supply chain attacks increasing, it’s important for managed service providers to always remain ahead of the current threat landscape and regularly update their data networks’ infrastructure to keep their clients’ data secured. With a SpearTip partnership, MSPs can upsell their security offerings by incorporating our pre-breach risk services into their current catalog. SpearTip offers our ShadowSpear Platform, a cutting-edge, integrable, managed detection and response solution, which allows MSPs to focus on their clients’ core IT objectives and provide industry-leading protection against malicious cyber threats. SpearTip enables our partner MSPs’ teams with instant access by integrating into their current workflows so MSPs can focus on strengthening relationships. Partnering with SpearTip provides MSPs with a fully managed SOC and a team of experts dedicated to their account on a 24x7x365 basis which allows their current team to focus on client interactions.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.