The Strengthening American Cybersecurity Act of 2022 which was recently enacted has specific implications for managed service providers (MSPs). This is the first time that MSPs’ internal security has been addressed in law. According to Title II, MSPs are defined as entities that deliver services, including network, application, infrastructure, security services, ongoing and regular support and active administration on clients’ premises, entities’ data center, or third-party data centers. MSPs need to pay close attention to what the law requires and how to interpret it, especially since the law will have an impact on how MSPs approach cybersecurity.
Numerous cybersecurity experts strongly advise against paying ransoms because it contributes to an already-lucrative ransomware industry and there’s no guarantee that companies’ data will be returned. The Department of Justice has previously issued warnings about ransomware payments. Numerous ransomware campaigns are carried out by entities on the United States Department of State’s list of State Sponsors of Terror or entities sanctioned by the United States Treasury Department’s Office of Foreign Assets Control (OFAC). Even though many business leaders are unaware of ransomware groups’ potentially problematic affiliations, they’re still liable if payments are made to sanctioned groups. Previous advisories warned that the OFAC can levy civil penalties for sanctions violations, however, the Strengthening American Cybersecurity Act of 2022 promises that if MSPs are breached, the federal government will investigate.
Avoid the attention by utilizing ransomware prevention that incorporates several security layers, including segmentation, multi-factor authentication (MFA), firewall, endpoint detection and response (EDR), and centralized location for logging, including a security information and event management (SIEM), for detecting suspicious behavior early in preventing attacks. The law contains numerous other provisions relating to the formation of Federal task forces to deal with the growing ransomware threats. With federal task forces forming and writing their mandated rules and regulations, they can develop extra security measures and reporting requirements within the framework of the new law.
According to the law, MSPs must report any operations and systems breaches within 72 hours, or within 24 hours if ransomware payments were made. It established a federal vulnerability disclosure program through which vulnerability reporters will collaborate with federal agencies to share information in a consistent, automated, and machine-readable manner. Improving vulnerability reporting has never been greater; in 2021 broke records for the most reported vulnerabilities with 28,695. Cybersecurity companies and the MSP vendor community have pledged to lead the way in supporting bug bounty initiatives and handling incidents with transparency. Cybersecurity companies and MSPs are banding together to communicate remediation steps to clients quickly despite the severity of Kaseya VSA ransomware attacks by REvil in July 2021. It’s cybersecurity companies’ responsibility to provide clarity, not fear, to assist MSPs and their clients with the next steps. The Strengthening American Cybersecurity Act shows that the government supports the stance.
Covered entities, including MSPs, are required to retain all data related to reportable incidents in addition to the reporting requirements in the law. Meaning that all MSPs must ensure that their IT systems are properly secured, and steps are taken to retain all available logging for post-incident analysis. This is true for logs generated by MSPs tools, including remote monitoring and management (RMM) and remote support applications. Threat operators specifically target the applications because successful compromise of the tools allows threat operators access to potentially thousands of endpoints across numerous companies, including REvil’s attack on Kaseya. Log retention allows advanced analysis to detect threat operators before they execute malicious code at MSPs’ or clients’ level in addition to retaining logs for post-incident analysis.
At SpearTip, we assist MSPs and their clients in their security maturity journey and help MSPs meet log retention requirements. MSPs can upsell their security offerings by incorporating SpearTip’s pre-breach risk services into their current catalog. Partnering with SpearTip allows MSPs to gain our expertise in conducting comprehensive security assessments that go beyond simple compliance checks. Our certified engineers, with their experience responding to thousands of incidents, improve MSPs’ clients’ operational, procedural, and technical control gaps based on security standards. SpearTip offers the ShadowSpear Platform, our cutting-edge integrable managed detection and response security solution, that allows MSPs to focus on their clients’ core IT objectives while providing industry-leading protection against malicious cyber threats. By partnering with SpearTip, MSPs will receive a fully managed SOC and a team of experts dedicated to their accounts on a 24/7/365 basis allowing their current team to focus on client interactions.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.