720-891-1663

UK, Australia, Canada, New Zealand and US Warn of Attacks on MSPs

Many or possibly most small businesses don’t have an internal IT department. They rely on a third party to help them manage their IT assets. These third parties are called Managed Service Providers (MSPs) or sometimes Managed Security Service Providers (MSSPs). This is not inherently bad. But many of these MSPs are not much larger than the companies they are managing. Many have 25 or less employees.

MSPs have to be trusted by their customers and have to have god-like permissions on their customers’ networks and systems. There is no way around that if you want them to manage things for you.

One example of an attack on an MSP right here in Colorado was an attack against Complete Technology Solutions. The attack on CTS compromised over a hundred Dental Practices who were CTS’s customers.

Another was the attack against Kasaya. Kasaya provides software to MSPs. Compromise Kasaya and you compromise a thousand MSPs, each of which has hundreds (or more) customers, each of which has many users.

There are lots more examples – SolarWinds, Microsoft Exchange and others.

It is not surprising that hackers want to compromise a company that can allow them to leverage their resources and maximize the damage they can do.

But now we have a joint advisory from the cybersecurity agencies of group of nations (the Five-Eyes) that are telling people to beware. The alert provides recommendations for both MSPs and their customers.

For the customers, you are the ones that are responsible for your network. It doesn’t matter that you outsourced the work to someone else. If your network is attacked, you are in trouble. That means that you have to take action to make sure that your MSP is following best practices.

If you need help, contact us.

Credit: The Register and CISA

Facebooktwitterredditlinkedinmailby feather

2 Replies to “UK, Australia, Canada, New Zealand and US Warn of Attacks on MSPs”

  1. Scott Pelletier says:

    So, what would be the top 10 things you would ask an MSP and what are the answers you would expect to ensure they’re doing the right things?

    1. CyberCecurity says:

      Hi Scott,
      Couple of thoughts:
      1. Do you have an internal security program? Provide details.
      2. Who in your company is responsible for cybersecurity?
      3. Do you conduct annual third party audits?
      4. Do you have a third party security certification such as a SOC 2 (and not a SOC 1)
      5. Describe your employee cybersecurity training program

      And lots more. We give our customers a variety of questionnaires to use depending on the situation. They run from a dozen questions to a couple of dozen.

      Mitch

Leave a Reply

Your email address will not be published. Required fields are marked *