We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the United Kingdom’s National Cyber Security Center (NCSC-UK), Australian Cybersecurity Center (ACSC), Canadian Center for Cybersecurity (CCCS), New Zealand National Cyber Security Center (NZ NCSC), National Security Service (NSA), and the Federal Office of Research (FBI) released and advisory alert threats targeting MSPs.
As part of the advisory, the agencies warned that they expect “state-sponsored Advanced Persistent Threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.”
The potential for an increase in attacks against MSPs and threats to the supply chain means organizations must be prepared to closely manage relationships with third-party vendors and ensure there are no security vulnerabilities.
Securing the supply chain
The advice comes as organizations and service providers struggle to mitigate supply chain threats, particularly with the: solar wind and Kaseya breaches, which have resulted in the compromise of more than 1,100 downstream organizations.
The crux of the challenge is that many providers lack the incident response capabilities to respond to incidents in a timely manner, with 66% of suppliers in successful attacks on the supply chain not knowing or not reporting on how they have been compromised.
If the announcement is correct, organizations will have to drastically rethink how they manage relationships with third-party suppliers.
“As this joint advice makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase the downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks. protect,” said CISA Director Jen Easter.
In practice, that means a more proactive approach to identifying risks. “Businesses should focus on implementing zero-trust and increasing active threat hunting, particularly through networks and endpoints that MSPs can access,” said Tom Kellermann, former Obama administration cybersecurity commissioner and chief executive officer. of cybersecurity strategy at VMware.
Kellerman believes the war between Russia and Ukraine will fuel the increase in these attacks as Russian cyber spies deploy supply chain strategies to deploy destructive malware against entire customer bases of MSPs.
Improving security posture against supply chain threats
As threats to the supply chain increase, the advisory recommends that companies take steps to mitigate risks in the supply chain.
Specifically, the advisory says that MSP customers should review their contractual arrangements with providers to ensure the MSP will implement a set of specific security measures and controls.
These controls include implementing mitigation tools to protect against compromise attack methods, enabling monitoring and logging, implementing endpoint detection and network defense monitoring, ensuring secure remote access applications, and implementing multi-factor authentication.
It also states that MSPS should develop and implement incident response and recovery plans that break down the roles and responsibilities of stakeholders within the organization.
In addition to these checks, Kellermann recommends that companies implement micro-segmentation, implement Active Application monitoring, extend the weekly threat hunt with shared networks and services, implement just-in-time management, and ensure that all back ups are viable.
The mission of VentureBeat is a digital city square for technical decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.