Shelly Barnes
Shelly Barnes

As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks.

Jen Easterly
Director, CISA

With the rise of malicious cyber activities targeting IT managed service providers (MSPs), the Cybersecurity and Infrastructure Security Agency (CISA) and FBI have partnered with many other international cyber authorities recently to release a Cybersecurity Advisory and Actions alert. We believe that MSPs and their enterprise clients must take note and take actions to reduce their risk and secure their environments against these growing cyber threats.

MSPs provide services that usually require both trusted network connectivity and privileged access to customer systems. Whether the customer’s network environment is on premise or externally hosted, threat actors can use a vulnerable MSP as an initial access vector into multiple victim networks, with potentially globally cascading effects.

There are a number of key actions and contractual considerations that enterprises can take now, in coordination with their MSP providers, to protect against cybersecurity threats. For example:

 
 

Identity and access management (IAM)

Audit and clean up privileged access:

Apply the principle of least privilege

Consider use of time-based privileges

MSP accounts should only have access to services/resources being managed by them

MSP accounts should not be assigned to internal administrator groups

 
 

Multi-factor authentication (MFA)

Adopt and enforce MFA across all services, products, and locations where possible to strengthen authentication and prevent password breaches.

 
 
 

Monitoring & logging

Implement a comprehensive security event management system:

Enable monitoring and logging of provider-managed client systems and networks

Client notification of security events and incidents occurring on the provider’s infrastructure and administrative networks

Review logs for unexplained failed authentication attempts

MSP accounts should be properly monitored and audited

 
 

Tighten network security

Identify, group, and isolate critical business systems:

Client data sets and services should be segregated from each other, as well as from internal company networks

Confirm the MSP performs reviews to verify all connections between internal systems, client systems, and other networks

Ensure management of identity providers and trusts between the different environments

Use a dedicated virtual private network (VPN) or alternative secure access method to connect to MSP infrastructure

Verify that the networks used for trust relationships with MSPs and any third-party service provider are segregated from the rest of their networks

 
 
 

System & data backups

Isolate backups, and regularly update and test:

Store backups separately and isolate them from network connections that could enable the spread of ransomware

Isolate backups to be able to restore systems/data to their previous state should they be encrypted with ransomware

For critical/sensitive data, maintain offline backups encrypted with separate, offline encryption keys

 
 
 

Incident response management

Implement and regularly exercise incident response and recovery plans:

Include description of roles and responsibilities for all client and MSP stakeholders, executives, technical leads, and procurement officers

Maintain up-to-date hard copies of plans to ensure responders can access them should the network be inaccessible

Ensure these plans are tested at regular intervals

 
 
 

Supply chain management & MSP contract management

 
 

Understand the end-to-end supply chain:

Organizations should proactively manage the supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources

Understand the supply chain risk associated with your MSP, including risk associated with third-party vendors or subcontractors

 
 

Review your MSP contract and address any gaps such as:

Specific performance-related service level agreements

Clarity and delineation of operational IT services and security services

MSP’s incident response responsibilities, warranty information, compensation for service outages, and plan to provide continuous support during a service outage

Complete Software Bill of Materials (SBOM)

Understanding of data segmentation from other clients on MSP’s networks

In summary, customers and their MSPs should examine their overall cybersecurity risk profile (combined and separate) and develop a plan to address areas of vulnerability. MSP customers should especially ensure their contractual arrangements specify that their MSP implements appropriate measures and controls aligned with their business’s security requirements.

Wavestone Cybersecurity and Digital Transformation experts are ready to work with your organization to assess your risk profile and build your program to fortify your defenses against an attack.

TALK WITH A CYBER EXPERT
 
 
 
 

Shelly Barnes
Principal

Shelly Barnes is a high-performing, entrepreneurial-minded executive with over 20 years of demonstrated success in leading IT sourcing transitions and transformations, M&A integrations, organizational change management, ITIL and ITSM maturity and complex program execution. She possesses deep experience in IT operational improvements, financial governance, MSP & vendor management, and security risk compliance across multiple industries including healthcare, mining, high technology, hospitality and travel, managed services, financial services, management consulting, manufacturing, construction, retail, and utilities.

Delivering Excellence and Innovation in Business Transformation – Wavestone Acquires PEN Partnership

Aug 05, 2022

Wavestone acquires PEN Partnership UK to bolster its consultancy offerings in Financial Services and Life Sciences. This move will help Wavestone provide even more value to clients as they tackle business transformation challenges.

How to Turn Cost Cutting into a Catalyst for Accelerated Business Innovation

Aug 04, 2022

To best prepare for economic instability or recession, you must take cost-saving measures. Our recommendation? Partner cost optimization with innovation for a competitive edge – here’s how.

Have a Question? Just Ask


Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.

Ask Wavestone