Cyberattacks on managed service providers (MSPs) have become a particularly vexing challenge for today’s cyber security professionals. Hackers who are intent on compromising service provider infrastructure not only impact the provider itself, but potentially all of its customers as well. According to NTT, about 38 percent of businesses today use a third party to manage and control over half of their IT needs, and revenue for MSPs is expected to surpass $274 billion by 2026. The more popular MSPs become, the greater the appetite cybercriminals have to reach an even larger set of targets.
CEH (v12) - Certified Ethical Hacking Course
Get trained on advanced methodologies hackers useView Course
Cyberattacks on MSPs Are Growing Rapidly
Recent research has uncovered a number of troubling trends for MSPs and their customers:
- In the past 18 months, 90 percent of MSPs have experienced a successful attack on their infrastructure, and 82 percent saw attacks on their customers increase.
- More than half have experienced financial loss and disruption of business after an attack; 46 percent reported losing business, and 45 percent found their reputation impacted.
- The most common attack vectors were phishing attacks (reported by 75 percent of companies), DDoS attacks (at 56 percent), and ransomware attacks (at 42 percent).
If there is a silver lining it is that MSPs did prevent almost double the number of attacks that were attempted, from six to 11 on average.
MSP Cyberattack Trends
A recent report from Datto Holding Corp. investigating Asia-based MSPs found a number of trends that are driving MSPs to reevaluate their methods for protecting their infrastructures against cyberattacks. Among them:
- MSPs often use a number of different technology platforms and tools, and they have a broad range of customers, making it harder to defend so many targets against attack. As a result, 55 percent are now investing in heightened cyber security measures.
- MSPs are increasingly bound by compliance mandates in cyber security, privacy, and data sovereignty. Their customers expect them to be compliant, and there are legal and financial consequences if they do not. Many are investing in enhanced backup and recovery solutions as a result, as well as attaining industry-recognized information security certifications such as ISO/IEC 27001 to protect supplier and supply chain attacks.
- MSP IT organizations often have insufficiently skilled cyber security skill sets personnel. Lack of skill sets, human error, and bad cyber security hygiene can make MSPs more vulnerable to attacks on their networks and customers.
What MSPs Can Do to Improve Cyber Security
Fortunately, government agencies around the world are collaborating on providing defense frameworks that MSPs can follow. CISA (the U.S. Cybersecurity Infrastructure Security Agency), along with the NSA, FBI, and counterparts in various other countries have recently issued a warning about cyberattacks on MSPs, with the understanding that attacks are expected to continue. These agencies have issued cyber security steps for MSPs to follow, including:
- Initial Access: MSPs should harden access protocols such as VPNs to prevent initial network access, scan regularly for security vulnerabilities, take concrete steps to protect web apps, and educate employees on the dangers of bad cyber hygiene.
- Monitoring: Logs should be stored for six months (it can take that long to actually detect an attack, and bad actors are able to hide within networks). The groups also recommend better endpoint protection and network defense monitoring.
- Multi-factor Authentication (MFA): Remote access to networks should be enforced by multiple levels of user authentication. Accounts should be monitored for failed login attempts, which may be an impending signal of an attack.
- Separate Networks: Networks and business systems, both for MSPs and for their customers, should be segmented in order to isolate them. Segmentation is also an important step for implementing zero-trust access policies. Defunct accounts should be deleted and accounts with shared passwords should be changed when employees leave.
- Audits and Backup: MSPs must also continually audit their infrastructure, focusing on the MSP-customer boundary to identify and dismantle unused services. Software should always stay updated, and system backups should be a regular activity. MSPs should also be sure to develop sufficient incident response and recovery plans.
Looking forward to a career in Cyber Security? Then check out the Certified Ethical Hacking Course and get skilled. Enroll now!
Cyber Skills Can Make the Difference for MSPs
Well-trained cyber security personnel are even more vital for service providers because they have an impact on the security of dozens or even hundreds of companies that rely on their infrastructure. Several certifications provide a great foundation for security teams that need to protect against cyberattacks on MSPs, including:
- Certified Information Systems Security Professional (CISSP) who are trained to design and deploy enterprise-wide security protocol
- Certified Information Security Manager (CISM) who is trained to manage, design, oversee and assess information security posture of an organization like an MSP
- Certified Information Systems Auditor (CISA) who receives training on how to govern and control enterprise IT, particularly in performing an effective and efficient security audit on an IT organization
- And the Certified Ethical Hacker (CEH) who is a crucial asset for companies to understand how hackers hone their techniques from the inside out.
