Guest Column | March 9, 2020

Assessing The Unique Cyber Threats Facing MSPs Today

By Michael Schenck, Kaytuso

Threat Intelligence Solutions

Trust is the foundation of every MSP-client relationship, as clients rely on MSPs to diligently maintain their IT infrastructure and keep their databases safe and secure. However, the very nature of the business and high-level access to client networks mean that MSPs run the tremendous risk of being targeted by cybercriminals.

According to CRN, there was an increase in cybercriminals targeting MSPs throughout 2019 and seizing upon the tools they use to manage customer IT systems as vehicles to attack those same customers. Early last year, Wipro, the Indian IT company, fell victim to a phishing campaign that compromised employee accounts and enabled hackers to launch attacks against its customers.

Risks And Vulnerabilities Of MSPs

We’ve noticed that industrywide some prioritize revenue-generating work over emphasizing internal security measures that protect themselves and their clients. However, it’s crucial to have a strong cybersecurity strategy in place because expert hackers know they can gain access to hundreds or even thousands of client computer systems through an MSP.

One of the biggest risks are the tools used to oversee and maintain customer IT systems, such as SolarWinds, Kaseya, and ConnectWise – these tools can be exploited to attack the same customers. Going back to the Wipro example, the hackers were believed to have used ConnectWise Control to connect to Wipro client systems, which allowed for deeper access into Wipro customer networks. This eventually led to a ransomware attack that resulted in 22 Texas town and county networks being locked behind encryption keys.

Since MSPs are usually predictable in implementing RMM and PSA tools, this leaves them more vulnerable to cyberattacks. If hackers gain control of remote management tools that upkeep client systems and servers, they can run remote commands, gain complete access to the database and even lock clients out from their systems.

Another significant threat is ransomware, particularly because cybercriminals know they have a great deal of leverage over MSPs because client data and privacy are involved. In ransomware situations, MSPs may try to quickly mitigate any client operation disturbances with a financial payout to avoid loss of crucial data. With this being a major vulnerability for MSPs, cybersecurity should be at the forefront of every provider’s business strategy.

If MSPs fail to meet regulatory compliance requirements, this also can increase vulnerability to cyberattacks. MSPs need to understand their compliance needs to lessen risk. Regulations have flow-down language, meaning that MSPs also need to comply with HIPAA, PCI-DSS, and/or NYS 23 CFR 500. Whether you’re a small organization trying to comply with the latest iteration of the General Data Protection Regulation (GDPR), or a larger organization that needs to ensure strong compliance across their entire IT infrastructure, it’s best to partner with an MSSP that has a solution for all compliance needs. This will help ensure you’re meeting the standards to keep your customer information secure.

MSPs typically have their hands full with day-to-day operations and may not have the time, resources or dedicated cybersecurity team for the level of security they require. Despite these challenges, cybersecurity cannot be pushed to the backburner for MSPs.

Data breaches are damaging for any business, but when MSPs are hacked, the impact is exponentially worse because the company was used as a vehicle for an attack on the customer base. After your clients are affected by a data breach, they are going to lose their trust in you. The level of impact is much higher and could potentially end your business altogether – would you expect your customers to continue working with you if you posed an extreme security threat for their business?

Establishing A Cybersecurity Program For Your MSP

Cybersecurity is a 24/7 commitment. Don’t let cybersecurity-related internal projects get delayed – they must be a priority. So, how can MSPs build a dependable cybersecurity program?

It starts with the most vulnerable part of your network: your users. Protect your users from potential attacks by limiting internal administrator permissions, training your staff, and giving them the time to understand the implications.

Since the tools you use to monitor and secure your clients internally are at risk, you should utilize the security features that exist within all of the tools (TLS 1.2 HTTPS connections, MFA, alerting and monitoring, auto-updates, etc.) Most vendors will give NFR licenses to their partners at a reduced rate.

While these are great starting points, prevention isn’t enough. To detect, monitor, and respond to security incidents as they happen, ask these questions:

  • Does your MSP have an internal security policy and corresponding plan? If so, does it include BCP/DRP?
  • What about lesser incidents – do you have plans on how to manage those?
  • What features are there to limit who can log in? Additionally, can you control where your users are logging in?
  • Are there alerts set up in case of suspicious activity? What about a SIEM that can interrupt an attack in progress?

Takeaway

MSPs face a unique set of threats and vulnerabilities when it comes to cybersecurity for both themselves and their customers. Given the level of access and trust MSPs have into their client’s networks, hackers will continue attempting to use MSPs as an entry point into their customers’ endpoints. Having a better understanding of the cybersecurity risks specific to MSPs puts a greater urgency on the need to develop a sound program to safeguard your customers, and ultimately keep your business afloat. Partnering with an MSSP can help MSPs greatly reduce the burden of responsibility for cybersecurity and give peace of mind that critical IT infrastructure is safeguarded.

MSP IMichael Schenck, Kaytuso 02.20About The Author

Michael is the Director of Security Services at Kaytuso, a New York City-based IT firm that provides world-class cybersecurity solutions to SMBs nationwide that want to protect themselves from cybercriminals. A seasoned veteran, he has been working in IT security for nearly 20 years, with 11 of those spent servicing the United States Air Force, as well as private sector Defense and Aerospace contracting firms. Michael maintains several certifications issued by CompTIA, ISC2, and Microsoft – including Security+ and Certified Information Systems Security.