With Managed Service Providers (MSPs) specializing in providing IT infrastructure and end-user systems, clients rely on MSPs to protect valuable assets, sensitive data, and intellectual property. MSPs are frequently regarded as trusted advisors that boost their clients’ teams and therefore hold the keys to their systems and servers in the form of privileged access. When MSPs experience a compromise, it can spread to other clients and companies in a domino-like chain reaction if not properly mitigated because of MSPs’ important role in the global supply chain and involvement in various industries. What security best practices can MSPs implement to ensure protection against a cyber incident?
Threat operators typically target MSPs to either make a political statement or acquire valuable intelligence and confidential business data. With over 35,000 global MSPs, there are plenty of targets for cyberattacks on operations with security gaps and vulnerabilities, demonstrating the dire need for a renewed focus on cybersecurity. SpearTip’s ShadowSpear Platform offers MSPs a premier cybersecurity solution that prevents ransomware from gaining a foothold in a target environment. For threat operators seeking to gain access to thousands of clients, successfully breaching one MSP is efficient; persistent adversaries may target specific governments or large companies, hoping that MSPs are the weakest link in the attack chain.
Despite a recent Department of Homeland Security warning to MSPs about adversaries attempting to penetrate service providers, the following industry incidents have occurred this year:
- Ryuk ransomware targeted a cloud and data center provider in California along with thousands of its customers.
- Threat operators infiltrated a Norwegian managed service provider, compromising 850,000 global clients’ credentials and logins
- According to the Australian Cyber Security Center’s (ACSC) warnings, threat actor APT-10 breached nine service providers in Australia
How can MSPs avoid a serious security breach? To defend MSPs’ brand reputation and customer loyalty, it’s recommended to implement strategic and tactical measures to provide security. Even though there’s no one-size-fits-all solution for preventing data breaches, there are actions MSPs can take to deter cyber criminals, demonstrate compliance, and implement security best practices.
Start at the Top – Everyone within a company has a responsibility to play in ensuring security; however, demonstrating strategic commitment begins at the top. Map security investment to the current business and technical risks considering adversaries targeting the MSP industry. No company is immune or too small.
Take a Risk-Based Approach – Avoid taking a compartmentalized approach to business and technology risk. The entire company, including IT and security teams, needs to contribute to prioritizing the protection of the most valuable and sensitive assets. For risk and compliance use cases, one company provides comprehensive visibility using an MSP-centric Security Information and Event Management (SIEM) service.
Protect the Supply Chain – Not only do MSPs have hardware and software suppliers, they also have service suppliers like their CPA and security partner in their supply chain. Purchasing, vendor management, transportation, quality and customer success are all affected by supply chain security considerations. MSPs cans use tools, including NIST’s Best Practices in Cyber Supply Chain Management, to assess their supply chain risks.
Implement Cyber Hygiene Fundamentals – Network and computer hygiene need to be part of MSPs’ daily operational routine. Data encryption, vulnerability patching, and backup hardening can help reduce ransomware risks. Keep system access by supply chain vendors to a minimum and use strong passwords. To achieve rapid detection, correlate server and workstation logs and regularly monitor them for suspicious activities.
Watch for MSP-Specific Gaps – MSPs access their clients’ systems using Remote Monitoring and Management (RMM) tools and protocols, including Remote Desktop Protocol (RDP) to conduct helpdesk and security functions. MSPs need to make sure they’re not using outdated RDP with flawed CredSSP or leaving the default RDP port TCP 3389 open to unrestricted access.
Think Like Threat Operators – Using tools, including penetration testing and simulations, helps identify security gaps and reinforce effective security controls. Examine network infrastructures and websites like adversaries would, looking for vulnerabilities across all the cybersecurity kill chain’s stages.
Managed Service Providers need to remain vigilant and proactive with their own security posture and safeguard their clients’ operations and data. SpearTip has a proven track record in assisting MSPs with strategic and tactical approaches to cybersecurity, all with certified engineers and a 24/7/365 Security Operations Center along with our cutting-edge endpoint detection and response tool, ShadowSpear Platform. SpearTip enables MSP teams with instant access by integrating into their current workflows so MSPs can focus on strengthening relationships. Contact SpearTip to learn how an all-in-one approach can protect MSPs and their valued clients.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.