MSPs have unfortunately become a target for ransomware attacks. Learn what you can do to prevent cyberattacks and ensure the safety of your business and clients.
In February of 2022, the Cybersecurity & Infrastructure Security Agency (CISA) issued Alert AA22-040A arising from a cooperative effort by security agencies from the U.S., U.K., and Australia. Together, these nations observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally – specifically noting that MSPs have become a focused target for ransomware hackers. Full trend data can be found in the complete cybersecurity advisory, 2021 Trends Show Increased Globalized Threat of Ransomware.
The three-nation team specifically warned organizations to beware of ransomware hackers targeting MSPs, as they hack into client organizations via trusted MSP access routes. Such was the case in the cyberattack against Kaseya and the previous attack on SolarWinds.
“MSPs have widespread and trusted accesses into client organizations. By compromising an MSP, a ransomware threat actor could access multiple victims through one initial compromise. Cybersecurity authorities in the United States, Australia, and the United Kingdom assess there will be an increase in ransomware incidents where threat actors target MSPs to reach their clients.” – Joint U.S./U.K./Australia cybersecurity advisory
What is the fallout for MSPs?
As an MSP, you will need to harden your cybersecurity defenses and gain more insight into threats that may be developing across your technology. Second, you will want to reduce your liability in the event of a breach, as much as possible. Here are some pragmatic steps to address both issues.
Leverage MSP technologies that provide robust log data
Many MSPs have started investigating the purchase of security information and event management (SIEM) tools. They have grown in popularity, because they can give cybersecurity teams full visibility into IT infrastructure to augment threat detection and provide an additional layer of defense. An SIEM platform combines security information management and security event management into a single platform that offers real-time visibility across an organization’s security landscape.
If seeking an SIEM tool, you should look for one that includes features for advanced log search, event log archiving, network forensics and regulatory compliance auditing. These features are critical to fast reporting in the event of a cybersecurity incident or breach.
Leverage log data from all your tools, not just your security tools. You never know where threat actors are attempting to penetrate your network or your users’ devices. So, you will want the ability to spot anomalies anywhere and everywhere.
For example, look for a remote access and support solution like Splashtop, which provides log data in real time and in historical format. When any Splashtop remote access or remote support session ends, the session is logged and easily reported. This information can prove valuable as you perform cyber threat forensics or demonstrate compliance with regulations such as GDPR, CCA, HIPAA, and FERPA.
Boost your ransomware mitigation techniques
Referring back to the three-nation cybersecurity advisory, the authors use the term ‘ransomware’ 76 times in the 1-page advisory. It is, far and away, their main concern with MSP services becoming compromised and exposing clients’ to cyberthreats. These are the ransomware mitigation techniques they advise all MSPs take as soon as possible:
Keep all operating systems and software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize exposure.
Limit access to resources over internal networks. Especially by restricting remote desktop protocol (RDP). While this can be achieved by using virtual desktop infrastructure, a remote access and support solution is a more resource and cost-efficient alternative.
Implement a user training program. Include phishing exercises to raise awareness about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.
Enforce MFA for all accounts. Particularly email, VPNs, and accounts that access critical systems.
Require strong, unique passwords for all accounts with password logins. e.g., service account, admin accounts, and domain admin accounts.
If using Linux, use a Linux security module. SELinux, AppArmor, or SecComp, for defense in depth.
Protect cloud storage by backing up to multiple locations, requiring MFA for access and encrypting data in the cloud. If using cloud-based key management for encryption, ensure that storage and key administration roles are separated.
Stay up-to-date on new threats. Refer to StopRansomware.gov, a centralized, U.S. whole-of-government webpage providing ransomware resources and alerts.
Obtain liability insurance against cybersecurity incidents
With MSPs being such a popular target for cyberattacks, it only makes sense to insure your company against them. Yet, a recent survey by NinjaOne and Coveware revealed that 35% of MSPs did not have cyber insurance when they experienced a cyber incident or are victim of a cybercrime, escalating unnecessary business risks.
“The MSP is the perfect supply chain attack. If I want a high ROI on my hacking dollars, an MSP is a far better target,” said Benjamin Dynkin, co-founder and CEO of Atlas Cybersecurity and a member of CompTIA ISAO’s SME Champions Council. “If clients have cyber insurance, MSPs still need to carry it too. It’s still about mitigating the cyber risk. You just can’t pass the buck to clients, or you could face a very serious economic reality of six or seven-figure harm.”
For an MSP, professional liability insurance is vital when a client experiences a breach on your watch. This is specifically important if the client believes that negligence played a role in the attack. While this seems critical, 35% of MSPs claimed not to have liability insurance when their client experienced an attack. If this is the case, when a client experiences a breach, the MSP may fail, leaving their remaining clients without service or protection. So, while liability insurance may seem complex and expensive, it is essential for the survival of your organization.
Become a secure business partner
By following these measures, you’ll improve the security of your MSP business. For more information on how to become a safer business partner for all your clients, check out the security insights from Splashtop’s MSP Advisory Council. Splashtop created the MSP Advisory Council to help keep us up-to-date on MSPs’ challenges, insights, and ideas so we can better serve this important market.