Why MSPs Are a Target of Cyber Attacks?
MSPs provide support for an array of IT-related services, from the remote management of end-user systems to back up their data. They are a valuable target for malicious actors as they have direct access to their customers' networks and data.
The business of MSPs has rapidly expanded during the Covid-19 pandemic due to the rise of remote work. Figures show that spending for managed services is expected to grow from $173 billion to $296 billion by 2023, translating to an estimated compound annual growth rate of 11%. This rate is higher than the rest of the IT market segments.
The growth pace was strong among MSPs as more small and medium businesses entrust their IT to them. An accelerated shift to cloud services is cited as a common reason for the increased need for MSPs.
The massive growth in the industry also presents some challenges to MSPs. Cybersecurity is a primary concern among 34% of MSPs.
As MSPs gain more clients, they are also opened up to higher security risks from vendors, customers, and partners. Supply chain and third-party vendor attacks are becoming all too common among MSPs, as the market is deemed lucrative for cybercriminals.
For instance, ransomware as a service (RaaS) operations like REvil, which have been advertised in dark web forums for some time, have earned $100 million in 2020. The highest ransom paid this year by a company for their data was $40 million.
4 Security Standards MSPs Have to Prevent Breaches
The Kaseya ransomware attack is indeed a wake-up call for the MSP market to proactively protect their IT infrastructure. "We are constantly evaluating what more we can do to become more secure and safeguard our clients," said ITS Operations Director Peter Swarowski.
Outlined below are the specific measures that managed service providers typically have in place to defend their network against similar cyber attacks:
1. Patch Management Policy
Like any other good MSP, ITS has a patching policy where it applies security updates to systems such as its remote management and monitoring (RMM) system on an ongoing basis. This helps protect us from known exploits from previous versions. Swarowski said they also check daily for any published news from the vendor about new patches and security fixes. "If a fix comes in for anything urgent, we will patch the system immediately," he said.
2. Cybersecurity Solutions
Like any other proactive MSP, Swarowski notes that ITS is always thinking about ways to help mitigate zero-day risks. He says they are investigating various products, including one that acts as a reverse proxy for the incoming agent traffic for our RMM. Another product is a web application firewall that would sit in front of the RMM application.
In addition, ITS deploys several security software within its infrastructure, most notably anti-breach and anti-foothold detection software. The company also uses endpoint detection and response (EDR) software.
The company is working to move to a zero-trust infrastructure in its methodology. It is one where all access to systems is verified, and no endpoints are considered secure. "We have this on all our internal machines where they must pass a health check before being allowed access to the virtual private network (VPN) or any corporate resources," Swarowski said.
3. Security Awareness Training
Like most MSPs, ITS conducts regular security awareness training internally. The company does internal phishing campaigns to ensure our staff is properly educated in identifying phishing emails and other cybersecurity best practices.
4. Security Information and Event Management (SIEM) Products
Finally, the company deploys a SIEM tool that sends device login information to Microsoft. Microsoft's solution looks for abnormal user behavior, such as when users access the network from a new IP or timeframe.
Bolster Your Defenses Against Cyber Attacks
Suffering a sophisticated cyber incident of the same magnitude as the Kaseya or WannaCry ransomware attack will be devastating for any business. Operations can shut down for weeks, and the financial implications of that may be challenging to bounce back from. Some companies may never even recover from an attack and close up shop.
At ITS, we have cybersecurity protocols and systems in place that ensure our IT infrastructure is protected from any compromise. We take the appropriate steps to protect our company's data security and privacy and our clients'. If you want to learn more about how we keep our network secure, including our clients, read this piece on how we identify potential security risks.
Topics: