We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Today, there are multiple government agencies worldwide, including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA in conjunction with the UK’s National Cyber Security Center (NCSC-UK), as well as the Australian Cyber Security Center (ACSC), Canadian Center for Cybersecurity (CCCS), New Zealand National Cyber Security Center (NZ NCSC) — released and advisory alert threats targeting managed service providers (MSPs).
As part of the advisory, the agencies warned that they expect “state-sponsored Advanced Persistent Threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.”
The potential for an increase in attacks against MSPs and threats to the supply chain means organizations must be prepared to closely manage relationships with third-party vendors and ensure there are no security vulnerabilities.
Securing the supply chain
The advice comes as organizations and service providers struggle to mitigate supply chain threats, particularly with the: solar wind and Kaseya breaches, which have resulted in the compromise of more than 1,100 downstream organizations.
At the heart of the challenge is that many providers and executives lack the incident response capabilities to respond to incidents in a timely manner, with 66% of suppliers in successful attacks on the supply chain not knowing or not reporting on how they have been compromised.
If the announcement is correct, organizations will have to drastically rethink how they manage relationships with third-party suppliers.
“As this joint advice makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase the downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks. protect,” says Jen. Eastern director of CISA.
In practice, that means a more proactive approach to identifying risks.
“Businesses should focus on implementing zero-trust and increasing active threat hunting, particularly through networks and endpoints that MSPs can access,” said Tom Kellermann, former Obama administration cybersecurity commissioner and chief executive officer. of cybersecurity strategy at VMware.
Kellerman believes the war between Russia and Ukraine will fuel the increase in these attacks as Russian cyber spies deploy supply chain strategies to deploy destructive malware against entire customer bases of MSPs.
Improving security posture against supply chain threats
With supply chain threats on the riserecommends that companies take steps to mitigate risks in the supply chain.
Specifically, the advisory says that MSP customers should review their contractual arrangements with providers to ensure the MSP will implement a set of specific security measures and controls.
These controls include implementing mitigation tools to protect against compromised attack methods, enabling monitoring and logging, implementing endpoint detection and network defense monitoring, ensuring secure remote access applications, and implementing multi-factor authentication.
It also states that MSPS should develop and implement incident response and recovery plans that break down the roles and responsibilities of stakeholders within the organization.
In addition to these checks, Kellermann recommends that companies implement micro-segmentation, implement Active Application monitoring, extend the weekly threat hunt with shared networks and services, implement just-in-time management, and ensure that all back ups are viable.
The mission of VentureBeat is a digital city square for technical decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.