Cybercriminals usually target Managed Service Providers (MSPs) because MSPs have privileged access to their clients’ systems. Therefore, one cyber attack on one MSP will allow the attacker to get access to several systems, if not all of the MSP’s clients.
The latest Kaseya supply chain attack demonstrated just how critical this kind of attack could be. An REvil ransomware affiliate acquired access to Kaseya systems, and through which accessed the systems of approximately 60 of its customers (mostly MSPs) and encrypted the data therein. Through those MSP clients, ransomware affected about 1,500 downstream companies.
Small- and mid-sized companies usually don’t have employees to handle their own IT systems or may not have the expertise or hardware to keep sensitive data and manage sensitive operations. Many use MSPs to offer that needed expertise. It is usually more economical for SMBs to scale and manage their networks using MSPs instead of handling their resources on their own.
Outsourcing IT or security capabilities to an MSP presents risks, which SMBs must mitigate. MSPs additionally must have safety measures to block unauthorized access to their networks and to control the harm that may affect their clients in case there is a breach of their perimeter defenses.
On July 14, 2021, the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) released guidance to assist MSPs and SMBs in strengthening their defenses to enhance resilience to cyberattacks and to control the damage brought about in case an attack succeeds.
The CISA Insights report gives mitigations and hardening advice for MSPs and SMBs, pointing out vital steps to take to secure MSP network resources and those of their clients to minimize the risk of successful attacks.
The CISA Insights: Guidance for Managed Service Providers (MSPs) and Small- and Mid-sized Businesses guidance document can be downloaded on this page.