• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Managed Service, Network Security, News

Is Your IT Department Augmented by an MSP? Take These Cybersecurity Steps Now.

CISA and other agencies are urging organizations to take steps to guard themselves against possible compromise of their MSPs.

May 20, 2022 Zachary Comeau Leave a Comment

CISA CPGs
Tada Images/ Stock.adobe.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and a host of other cybersecurity and law enforcement agencies are urging organizations to take steps to guard themselves against possible compromise of their managed service providers (MSP) as advanced threat actors and nation states are expected to up their attacks against those service providers.

Attacking and compromising a managed service provider – which provides IT services to many organizations – can yield a much bigger reward for a threat actor than attacking just one specific company. In fact, several large-scale cyberattacks in the past have targeted service providers that, depending on their size, hold the keys to the networks of hundreds or thousands of organizations.

Due to the network and privileged access MSPs have, they are becoming a much larger target for sophisticated threat actors to gain initial access, with attacks seeking initial access via MSPs expected to increase, according to a new CISA advisory.

Along with the U.S., these attacks are expected to increase in the UK, Australia, Canada and New Zealand. A successful compromise of an MSP could result in a wide range of follow-on attacks against both the provider and across their customer base.

For both MSPs and their customers, CISA’s advisory urges them to take steps to prevent initial compromise, including hardening remote access VPN solutions, scanning and patching for vulnerabilities, protecting internet-facing services, defending against brute force and password spraying attacks and taking steps to combat phishing attacks.

However, customers of MSPs are advised to take further steps to make sure their service providers are taking precautions themselves.

According to the advisory, customers should enable monitoring and logging of their systems, but also ensure that their contracts with MSPs require them to implement comprehensive security event management, provide visibility of logging activities and notify the customer of confirmed or suspected security events occurring on the provider’s systems.

CISA also highlights the importance of multi-factor authentication, urging customers to ensure that MFA is implemented on all of the products and service they receive from their MSP, in addition to implementing the protocol on all MSP accounts used to access customer networks.

In addition to applying network security controls to reduce the impact of a compromise across the organization, organizations should ensure that the networks used for MSP access are segregated from the rest of the networks.

CISA’s guidance also calls for the application of the principle of least privilege, urging organizations to ensure that the MSP applies the principle to both provider and customer network environments.

Organizations working with MSPs should also disable MSP accounts that are no longer managing their infrastructure, including disabling user accounts when someone leaves either organization.

The relationship with MSPs should also include transparency around software update policies and patching vulnerabilities. Customers should understand their MSPs policy on software updates and request that those updates are delivered quickly and as an ongoing service.

The guidance from CISA also spells out what kind of system backups MSPs should provide to customers, as well as the importance of incident response and recovery plans built into the contracts.

Customers should also set clear network security expectations with their service providers and understand the risk that comes with granting network access to an MSP, and ensure that MSP accounts are not assigned to internal administrator groups.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

Tagged With: CISA, Cybersecurity, Managed Service Provider

Related Content:

  • McGuire Sponsel meeting room with ClearOne solutions ClearOne Conferencing Solutions Help Clarify Audio and Reduce…
  • Malwarebytes Mobile Security for Business Malwarebytes Launches Mobile Device Security Solution
  • Microsoft Adaptive Protection Microsoft Launches New Machine-Learning-Enabled Adaptive Protection for Data…
  • OneNote Malware, Proofpoint Hackers Are Pivoting to OneNote Documents for Malware…

Free downloadable guide you may like:

  • Harnessing the Power of Digital SignageHarnessing the Power of Digital Signage

    Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.