Increased Attacks On Critical Infrastructures Provide Great Opportunities For MSPs
By Christine Kern, contributing writer
How MSPs can help mitigate the impact of cyber attacks on critical infrastructures.
As the number of cyber attacks on critical infrastructure skyrockets, MSPs have a tremendous opportunity in 2016 — assuming they know how to leverage it. According to MSPMentor, the rise in cloud computing to run IT systems and networks by more critical infrastructure companies has led to a spike in risk of cyber attacks against everything from electric grids to nuclear reactors. In fact, such attacks already have occurred, as in the case of a 2014 hack of a German steel mill via booby-trapped emails that allowed cyber attackers to access the corporate networks to control the mill’s systems.
The Department of Homeland Security lists 16 critical infrastructure sectors that include assets, systems, and networks vital to the U.S. that, if were destroyed or otherwise incapacitated, would wreak havoc on national security and safety. As Trend Micro pointed out in a recent report, these infrastructures are presenting increasingly fertile soil for cyber attacks.
According to OAS Ambassador Albert R. Ramdin, “Exploitations that can affect countries’ infrastructure are usually infiltrated by simple or sophisticated tools that can access mobile and other personal devices to infiltrate high-value sectors, such as transportation, energy, or financial systems.”
As Adam Blackwell, Secretary for Multidimensional Security, OAS, explained, “There is no doubt that this hyper-connectivity is a powerful development tool and opportunity for growth for governments, business, and individuals alike — a tool that must remain open and accessible despite the inherent risks. The challenge lies in our ability to balance and manage these risks for the foreseeable future.”
This provides a vast array of opportunities for MSPs, who can take charge of the proactive measures that can safeguard against cyber attacks.
According to Security Today, MSPs can help clients protect these critical infrastructures by providing serious risk analysis; helping to craft and implement policies and procedures to serve as guidance to those who have access to critical components; developing and delivering training for staff to underscore cyber security measures; helping to integrate physical and cyber security; helping to isolate cyber assets from all but specifically authorized personnel; establishing authentication for users and devices/systems to layer a cyber fortress architecture; helping to strictly enforce the access and authentication privileges; establishing dynamic password methodologies; and adopting physical device recognition systems.
MSP Mentor concludes, “As more critical infrastructure organizations get connected and migrate data operations to the cloud, they will need to architect their systems to better protect against the threat of cyber breaches. Whether internal IT departments possess the deep technical skills to handle more than routine maintenance is problematic. That state of affairs will present MSPs with an opening, given the depth of their technical bench, both on the design and operational aspects of the technical process.”
In January, the MSP Alliance forecast the role of MSPs and Cloud Service Providers (CSPs) is becoming increasingly more prominent, and in 2016 the likelihood of new legislation that has an impact on MSPs is high. China has already enacted such laws, requiring the assistance of technology companies when the Chinese government must engage in terror-related investigations.
MSPs are beginning to adopt password management as standard operation procedure, with some MSPs offering password management solutions to their clients in 2015. MSPs also need to pay closer attention to providing stronger security to clients, including multi-factor authentication, single-sign-on, identity and access management, data privacy and security protection, and more comprehensive data backup and restoration options.