As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks.
Jen Easterly
Director, CISA
With the rise of malicious cyber activities targeting IT managed service providers (MSPs), the Cybersecurity and Infrastructure Security Agency (CISA) and FBI have partnered with many other international cyber authorities recently to release a Cybersecurity Advisory and Actions alert. We believe that MSPs and their enterprise clients must take note and take actions to reduce their risk and secure their environments against these growing cyber threats.
MSPs provide services that usually require both trusted network connectivity and privileged access to customer systems. Whether the customer’s network environment is on premise or externally hosted, threat actors can use a vulnerable MSP as an initial access vector into multiple victim networks, with potentially globally cascading effects.
There are a number of key actions and contractual considerations that enterprises can take now, in coordination with their MSP providers, to protect against cybersecurity threats. For example:
Identity and access management (IAM)
Audit and clean up privileged access:
•
Apply the principle of least privilege
•
Consider use of time-based privileges
•
MSP accounts should only have access to services/resources being managed by them
•
MSP accounts should not be assigned to internal administrator groups
Multi-factor authentication (MFA)
Adopt and enforce MFA across all services, products, and locations where possible to strengthen authentication and prevent password breaches.
Monitoring & logging
Implement a comprehensive security event management system:
•
Enable monitoring and logging of provider-managed client systems and networks
•
Client notification of security events and incidents occurring on the provider’s infrastructure and administrative networks
•
Review logs for unexplained failed authentication attempts
•
MSP accounts should be properly monitored and audited
Tighten network security
Identify, group, and isolate critical business systems:
•
Client data sets and services should be segregated from each other, as well as from internal company networks
•
Confirm the MSP performs reviews to verify all connections between internal systems, client systems, and other networks
•
Ensure management of identity providers and trusts between the different environments
•
Use a dedicated virtual private network (VPN) or alternative secure access method to connect to MSP infrastructure
•
Verify that the networks used for trust relationships with MSPs and any third-party service provider are segregated from the rest of their networks
System & data backups
Isolate backups, and regularly update and test:
•
Store backups separately and isolate them from network connections that could enable the spread of ransomware
•
Isolate backups to be able to restore systems/data to their previous state should they be encrypted with ransomware
•
For critical/sensitive data, maintain offline backups encrypted with separate, offline encryption keys
Incident response management
Implement and regularly exercise incident response and recovery plans:
•
Include description of roles and responsibilities for all client and MSP stakeholders, executives, technical leads, and procurement officers
•
Maintain up-to-date hard copies of plans to ensure responders can access them should the network be inaccessible
•
Ensure these plans are tested at regular intervals
Supply chain management & MSP contract management
Understand the end-to-end supply chain:
•
Organizations should proactively manage the supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources
•
Understand the supply chain risk associated with your MSP, including risk associated with third-party vendors or subcontractors
Review your MSP contract and address any gaps such as:
•
Specific performance-related service level agreements
•
Clarity and delineation of operational IT services and security services
•
MSP’s incident response responsibilities, warranty information, compensation for service outages, and plan to provide continuous support during a service outage
•
Complete Software Bill of Materials (SBOM)
•
Understanding of data segmentation from other clients on MSP’s networks
In summary, customers and their MSPs should examine their overall cybersecurity risk profile (combined and separate) and develop a plan to address areas of vulnerability. MSP customers should especially ensure their contractual arrangements specify that their MSP implements appropriate measures and controls aligned with their business’s security requirements.
Wavestone Cybersecurity and Digital Transformation experts are ready to work with your organization to assess your risk profile and build your program to fortify your defenses against an attack.
TALK WITH A CYBER EXPERT
Shelly Barnes
Principal
Shelly Barnes is a high-performing, entrepreneurial-minded executive with over 20 years of demonstrated success in leading IT sourcing transitions and transformations, M&A integrations, organizational change management, ITIL and ITSM maturity and complex program execution. She possesses deep experience in IT operational improvements, financial governance, MSP & vendor management, and security risk compliance across multiple industries including healthcare, mining, high technology, hospitality and travel, managed services, financial services, management consulting, manufacturing, construction, retail, and utilities.
Endpoint Explosion: Cybersecurity in the Hybrid Workplace Era
Mar 16, 2023
The rush to adopt hybrid work arrangements has led to a surge in endpoints as personal devices across platforms access critical systems. We’ve compiled best practices to secure endpoints across 3 areas of security architecture.
Moving in Synch: Aligning Cloud Strategy and FinOps Practices
Mar 09, 2023
Synergy between your cloud strategy and FinOps practices is essential to achieving effective cloud cost optimization. Here are 4 operational areas where cloud strategy-FinOps cohesion is vital and how to foster synergy between them.
Have a Question? Just Ask
Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.