Can Cyber Criminals Hack Your Business Through Your MSP?

Can your cybercriminals hack your business through your MSP?

The US Secret Service (USSS), the Federal Bureau of Investigation (FBI), the Cybersecurity & Infrastructure Security Agency (CISA), and the National Security Agency (NSA)? have all issued warnings that foreign hackers are targeting Managed Service Providers (MSPs).

In 2020, the US Secret Service sent out a security alert to the US private companies and government organizations warning about an increase in hacks of MSPs. Other federal security agencies have since voiced this concern. CISA, NSA, FBI, and four other foreign organizations published a Joint Cybersecurity Advisory to protect MSPs and their clients earlier this month. This alert details the steps MSPs and their clients must take to safeguard themselves from cybercriminals.

“The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand and the United States are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.”

This joint Cybersecurity Advisory (CSA) provides MSPs and their clients with steps they may take to lower their risk of cyber invasion. ? This guidance outlines cybersecurity best practices for IT services and functions, with a focus on recommendations that enables MSPs and their clients to engage in meaningful discussions regarding the security of sensitive data. The advisory also provides MSPs and their clients with a thorough list of recommendations.

Why are MSPs a cyber-attack target?

There are various reasons why cybercriminals target MSPs. The primary reason, though, is that if a hacker breaks into an MSP, they may have unrestricted access to all the systems the MSP manages. Why struggle to get into multiple businesses when you can invade only one and win the jackpot?

MSPs utilize RMM software to access customer computers and networks. This program allows tech support teams to monitor, update, and connect to clients' PCs and equipment. By compromising these technologies, hackers can access customer networks in the guise of the MSPs.

Cracking management software isn't the only technique to target MSPs. MSPs may store usernames, passwords, and technical reports in unencrypted files. MSPs save this data in Word and Excel. Criminals can hack a business using this information. Even if the MSP fixes its own breach, sensitive information lost leaves its clients still at risk.

We have all heard the story where a housecleaner has a dirty house or a roofer needs a mechanic who has a car that needs work. These scenarios are not isolated. MSPs may also focus more on client systems more than their own. To be genuinely secure, your MSP must put into practice what they preach. All the best practices, technology investments, and security rules they recommend for your organization should be implemented on their own.

What's next for my MSP?

Your Master Service Agreement outlines your business relationship with your MSP. What are your options if your MSP systems are breached? What are the costs? Does the company have cyber insurance? Is your MSA breach-related?

Ask your MSP if an independent business has audited its security. MSPs might use cyber security businesses that specialize in the MSP industry to verify their security practices. If your MSP replies yes, request an audit summary. If no, consider a different MSP.

When evaluating an MSP ask these questions:

1. Have a security officer?
2. Is your security audited by a third party?
3. Do you employ a 24/7 Security Operations Center (SOC) to monitor traffic??
4. Does your company employ multi-factor authentication (MFA)?
5. Does your firm perform phishing tests?
6. Cyber liability insurance?
7. How do you safeguard our company's privacy??

What's the takeaway?

You should immediately meet with your MSP to discuss business risk. Armed with the aforementioned knowledge and the Joint Cybersecurity Advisory, you now know how and why to ask the correct questions.

Don't accept "Don't worry, we've got this!" as an answer from your MSP.

At Custom Information Services our culture is what sets us apart and it is a culture of cyber security. We have been serving the community as a technology leader for over 30 years. Just as cybercriminals have been increasing their capabilities we have been highly committed to intelligent, strategic, and business-focused cybersecurity solutions. Protecting and defending your most valuable business assets is what we do best.

The MSP Overwatch? Badge and being recognized as a TISC-2020 Certified, Trusted Provider for managed IT services is a perfect example of our extraordinary commitment to cybersecurity best practices. Read more about our award and our commitment to excellent customer service.

???????? ?????????????? ??????’?? ???????? ?? ??????????, ???? ???? ??????’?? ????????????.