Managed (IT) Services Providers, or “MSP”s, have increasingly become the target of hackers especially since the beginning of 2019. And as a result, over the last twelve months, several documented attacks have taken place, with various hacking groups gaining unauthorized access to thousands of computers and the computer networks of MSP’s clients. Once an MSP is breached, hackers typically are then able to gain broad access to all their clients and begin wreaking havoc such as ransomware.
But what is an MSP and why are they such attractive targets?
MSPs – What They Do and Who Are Their Customers
Larger organizations typically have a dedicated in-house IT department that’s responsible for all hardware, systems software, installations, maintenance, updates, and general troubleshooting of computer issues.
However not all companies find it cost-effective to have an IT department, especially smaller SMBs. As a result, MSPs started gaining popularity in the mid-1990s by filling this void via outsourced IT services whether provided remotely, at the customer site or a combination of both. These services often include the design, installation and ongoing management of desktops, servers and networks performed by highly trained experts at a significantly lower overall cost.
MSPs typically install remote monitoring software at the client location so that any time an issue arises, or if there are any updates or maintenance work to be done, they can access their clients’ computers remotely. This is supposed to be a win-win situation where clients no longer need to contend with the costs of having a full-fledged IT team, and MSPs do not need to be onsite in order to attend to the needs of their various clients.
What’s Changed – MSP Vulnerabilities Open to Attack
However, with the advent of very sophisticated cybercrime, hackers have learned to take advantage of any weaknesses or loopholes in MSP networks as a route to their broader customer base. They use the MSP’s remote access software to deploy ransomware into the MSP’s client networks, thereby infecting multiple companies, and their multitudes of computers.
Cybersecurity experts say that MSPs never envisioned these attacks ever happening, which is why some of them may have gotten complacent through the years. This coupled with bad cyber hygiene through weak unpatched networks, a general lack of vigilance for unusual activity, inadequate security monitoring and audits, and not making use of multi-factor authentication options, has made MSPs and their clients easy targets for the most determined hackers.
The consequences of these attacks on MSPs are far and wide, and not limited to critically sensitive data falling that can be held for ransom but can also result in the downfall of the MSP itself, especially if they unknowingly provide the conduit to a client’s breach.
How can MSPs Protect Themselves?
For MSPs to avoid becoming victims of cybercriminals and losing business in the process, they can:
- Engage an unbiased third-party expert to perform a cybersecurity risk assessment to understand where potential may risk lie;
- Understand the National Institute of Standards and Technology (NIST) cybersecurity framework;
- Sign up for updates and alerts from the U.S. Department of Homeland Security issued by the Cybersecurity and Infrastructure Security Agency;
- Conduct cybersecurity awareness programs to benefit your business and clients;
- Attend relevant cybersecurity conferences;
- Understand how cybersecurity and data protection vendor offerings can be aligned and used to prevent and mitigate attacks, as well as recover data.
Interactive Security, Inc. has been at the forefront of providing industry leading expert information technology security services to clients across the globe – focused on IT Security Auditing & Compliance.
We pride ourselves on Making ~ IT COMPLIANCE OBTAINABLE, SIMPLE AND AFFORDABLE.
Vulnerability / Penetration Assessments ~ Application Security ~ PCI DSS ~ HIPAA ~ HiTRUST ~ ISO 27001 ~ FEDRAMP ~ FISMA/NIST ~ GDPR ~ Privacy Shield