Five countries issued a warning on May 11 about MSPs and customers that includes 12 action steps to avoid cyber intrusions. The alert, “Protecting Against Cyber Threats to Managed Service Providers and their Customers, states: “The cybersecurity authorities… are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.”
The warning came from the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the United States Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC). The sheer number of agencies shows how big an issue this is.
While the warning gives attorneys more ammunition when they go after you because your client suffered a data breach, ransomware attack, or email scam, it is also gives you more ammunition to use in your marketing, contracts, and proposals.
In my previous articles, “How to Protect Your Clients From…You” and “MSP Sued! Are You Ready?” I wrote about things you should do to protect your MSP business and your clients.
Each one of the 12 steps included in the new warning gives you a marketing opportunity. Each also gives you a chance to convince clients to implement stronger security processes, purchase more services, and knowingly accept the risks of making bad decisions or trying to save money. The recommendations align with the NIST Cybersecurity Framework (CSF), HIPAA, DFARS/CMMC, PCI-DSS, other regulations, and cyber insurance policy requirements.
The 12 Steps
Here is a condensed summary of the 12 security recommendations.
1. Prevent initial compromise
- Improve security of vulnerable devices.
- Protect internet-facing services.
- Defend against brute force and password spraying.
- Defend against phishing.
2. Enable/improve monitoring and logging processes. Whether through a comprehensive security information and event management (SIEM) solution or discrete logging tools, implement and maintain a segregated logging regime to detect threats to networks.
3. Enforce multifactor authentication (MFA). Organizations should secure remote access applications and enforce MFA where possible to harden the infrastructure that enables access to networks and systems.
4. Manage internal architecture risks and segregate internal networks. Organizations should understand their environment and segregate their networks. Identify, group, and isolate critical business systems and apply appropriate network security controls to them to reduce the impact of a compromise across the organization.
5. Apply the principle of least privilege. Organizations should apply the principle of least privilege throughout their network environment and immediately update privileges upon changes in administrative roles.