Cyberattacks on managed services providers (MSPs) are on the rise; an end-to-end security approach can keep them, and their clients, safe.
Managed services providers (MSPs) have emerged as desirable targets for cybercriminals, primarily because they can potentially provide attackers with access to multiple networks belonging to their managed services clients. By compromising an MSP, criminals can leverage those networks and email systems to launch additional attacks on other companies, access data or initiate ransomware attacks against multiple clients simultaneously.
CISA continues to warn of the dangers to MSPs
Earlier this year, the Cybersecurity & Infrastructure Security Agency (CISA) issued another warning to MSPs, reminding them of their own vulnerability.
The threat guidance states:
“Whether the customer’s network environment is on-premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. As a result, the UK, Australian, Canadian, New Zealand, and US cybersecurity authorities expect malicious cyber actors – including state-sponsored advanced persistent threat (APT) groups – to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity – such as ransomware and cyber espionage – against the MSP and across the MSP’s customer base.”
Steps MSPs can take to safeguard against cybercrime
CISA’s guidance offered several steps to help MSPs and their clients defend against these attacks, including implementing mitigation resources; monitoring endpoints and networks; securing remote access applications and enforcing multifactor authentication; creating and practicing incident response/recovery plans; and evaluating and managing risk across each department.
The last thing any security-centric MSP wants is to be the primary vector of a major ransomware or other attack. This not only damages business operations in the short term but undermines client confidence and jeopardizes future contracts and growth. Plus, MSPs could also be liable for client losses.
One way for MSPs to safeguard against these attacks is to deploy an extended detection and response (XDR) solution, like Barracuda XDR. An XDR solution collects and automatically correlate data across email, endpoint, server, cloud, and network security layers. This provides a faster and easier way to detect threats through automated security analysis.
This type of analysis and response can improve mean-time-to-detect and mean-time-to-respond metrics. It also lightens the load on the MSP by reducing manual analysis and mitigating alert fatigue while improving accuracy and reducing the total cost of ownership of the system.
The Barracuda XDR platform provides a single view across all threat vectors for the MSP and its clients and allows the MSP to build concentric rings of security across clients’ environment. The threat indicator repository is based on a robust security intelligence feed and is backed up by a 24/7 security operations center (SOC).
There are a few other vital steps that MSPs should take in conjunction with both their clients and their security software vendors. Those include:
- Check your cyber insurance policies to ensure these attacks are covered, regardless of where they originate. MSPs should also encourage clients to purchase cyber insurance policies covering direct and MSP-related attacks.
- Perform regular security audits internally (and make sure your clients are doing the same).
- Update internal security incident response plans several times per year to keep up with emerging threats and to test your ability to secure client networks quickly if there is a breach.
- Use an RMM tool to monitor network activity internally and across your client base. Ensure you thoroughly vet the RMM vendor and keep up with patches – the Kaseya attack should serve as a warning in this regard.
- Deploy security solutions that use artificial intelligence and machine learning to evolve and adapt to the shifting threat landscape.
With these tools and processes in place, MSPs can reduce risk, improve performance for their clients, and stay out of the headlines.
JP Kehoe is Vice President of XDR Sales for Barracuda MSP where he is focused on helping MSPs grow their businesses through cybersecurity-as-a-service offerings.