A new advisory from the cybersecurity authorities of the US, UK, Canada, Australia and New Zealand warns of an increase in malicious attacks against MSPs and their customers. The countries worked together on a joint Cybersecurity Advisory offering actions that service providers and customers may take to reduce their chances of becoming victimized.
The new advisory provides guidelines and best practices for information and communications (ICT) services and functions to facilitate important discussions between MSPs and their customers with the goal of securing sensitive data. The joint cybersecurity authorities recommend MSPs and their customers implement the security measures and operational controls outlined in the advisory and also recommend customers ensure their contracts specify that their MSP implements the measures.
The guidelines recommend MSPs prevent initial compromise of their infrastructure by improving the security of vulnerable devices and protecting internet-facing services. They should also defend against brute force and password spraying as well as defend against phishing.
The next recommendation is that MSPs enable or improve their monitoring and logging processes by storing important logs for at least six months. Organizations should also implement endpoint detection and network defense monitoring capabilities, either on their own or through an arrangement with their MSP. Organizations should also enforce multi-factor authentication (MFA) and secure remote access applications to harden their overall infrastructure.
Other recommendations include managing internal architecture risks as well as segregating internal networks. Organizations can identify, group and isolate their critical business systems and apply the appropriate network security controls to reduce the impact should they become compromised. Companies can also apply the principle of least privilege throughout their network environments and immediately update privileges when changes in administrative roles occur.
Another recommended measure includes addressing obsolete accounts and infrastructure like disabling users accounts during periods of personnel transition. Applying updates to software, operating systems, applications and firmware can also go a long way toward protecting an organization. Of course, backing up systems and data on a regular basis and storing backups separately and isolating them from network connections can prevent the spread of ransomware.
Additional recommendations include developing and exercising incident response and recovery plans while also maintaining up-to-date hard copies of those plans. Organizations should also understand and proactively manage supply chain risk across security, legal and procurement groups as well as use risk assessments to identify and prioritize resource allocation.
Finally, organizations are encouraged to promote transparency by clearly defining contractual responsibilities for both MSPs and customers. And proper account authentication and authorization management is also critical for pinpointing and preventing malicious activity.
For the latest information about the MSP cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security. MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.
Edited by
Erik Linask
