• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Managed Service, Network Security, News

Is Your IT Department Augmented by an MSP? Take These Cybersecurity Steps Now.

CISA and other agencies are urging organizations to take steps to guard themselves against possible compromise of their MSPs.

May 20, 2022 Zachary Comeau Leave a Comment

CISA Software Security
Tada Images/ Stock.adobe.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and a host of other cybersecurity and law enforcement agencies are urging organizations to take steps to guard themselves against possible compromise of their managed service providers (MSP) as advanced threat actors and nation states are expected to up their attacks against those service providers.

Attacking and compromising a managed service provider – which provides IT services to many organizations – can yield a much bigger reward for a threat actor than attacking just one specific company. In fact, several large-scale cyberattacks in the past have targeted service providers that, depending on their size, hold the keys to the networks of hundreds or thousands of organizations.

Due to the network and privileged access MSPs have, they are becoming a much larger target for sophisticated threat actors to gain initial access, with attacks seeking initial access via MSPs expected to increase, according to a new CISA advisory.

Along with the U.S., these attacks are expected to increase in the UK, Australia, Canada and New Zealand. A successful compromise of an MSP could result in a wide range of follow-on attacks against both the provider and across their customer base.

For both MSPs and their customers, CISA’s advisory urges them to take steps to prevent initial compromise, including hardening remote access VPN solutions, scanning and patching for vulnerabilities, protecting internet-facing services, defending against brute force and password spraying attacks and taking steps to combat phishing attacks.

However, customers of MSPs are advised to take further steps to make sure their service providers are taking precautions themselves.

According to the advisory, customers should enable monitoring and logging of their systems, but also ensure that their contracts with MSPs require them to implement comprehensive security event management, provide visibility of logging activities and notify the customer of confirmed or suspected security events occurring on the provider’s systems.

CISA also highlights the importance of multi-factor authentication, urging customers to ensure that MFA is implemented on all of the products and service they receive from their MSP, in addition to implementing the protocol on all MSP accounts used to access customer networks.

In addition to applying network security controls to reduce the impact of a compromise across the organization, organizations should ensure that the networks used for MSP access are segregated from the rest of the networks.

CISA’s guidance also calls for the application of the principle of least privilege, urging organizations to ensure that the MSP applies the principle to both provider and customer network environments.

Organizations working with MSPs should also disable MSP accounts that are no longer managing their infrastructure, including disabling user accounts when someone leaves either organization.

The relationship with MSPs should also include transparency around software update policies and patching vulnerabilities. Customers should understand their MSPs policy on software updates and request that those updates are delivered quickly and as an ongoing service.

The guidance from CISA also spells out what kind of system backups MSPs should provide to customers, as well as the importance of incident response and recovery plans built into the contracts.

Customers should also set clear network security expectations with their service providers and understand the risk that comes with granting network access to an MSP, and ensure that MSP accounts are not assigned to internal administrator groups.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: CISA, Cybersecurity, Managed Service Provider

Related Content:

  • InfoComm Logo InfoComm 2023 to Bridge AV/IT Gap with New…
  • Barracuda ESG Barracuda: Replace Compromised ESG Appliances Immediately
  • Audinate Dante Professional Services engineer Audinate Launches Dante Professional Services
  • Google, Bard Google: Bard Now 30% Better at Computation-Based Problems

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.