Three Ways MSPs Can Improve Supply Chain Security

Recently, we have heard some harrowing examples of how nation state adversaries and ransomware gangs have abused supply chain vulnerabilities to gain access to sensitive information from high-profile organizations.

While the ultimate target for a cybercriminal may be a government or military organization that will potentially pay a high ransom, the reality is that every organization is a potential target because we are all links in someone’s supply chain. If a cybercriminal can’t immediately hack into the high-value organization they’re after, they will look for backdoors and other ways to get in, starting with the path of least resistance.

Unfortunately, we have seen several instances where the weakest link in a supply chain was a managed service provider (MSP) or managed security service provider (MSSP). In these cases, the MSP or MSSP served as the entry point into customer organizations. For example, hundreds of dental office customers were hit by ransomware back in 2019 after their shared MSP was compromised.

MSPs and MSSPs are extremely attractive targets to cybercriminals for this reason, meaning there is tremendous opportunity to improve supply chain security defenses – both to protect themselves and their customers. Here are three important areas where MSPs can focus to improve their supply chain security posture:

1. Authentication

While it may sound like common sense, service providers need to stop sharing passwords. Using a single, shared password for remote access software to manage thousands of customer accounts is not an acceptable security practice, but, sadly, this happens more than you may think.

Phishing just one member of an MSP’s support team could potentially be enough to destroy a service provider’s reputation and their entire business in one blow. To prevent this from happening, accounts that have privileged access should be used only when needed, and they should always require multi-factor authentication. All user sessions should also be logged and reviewed frequently.

2. Access Rights

Logging and reviewing access on a regular basis can also help an IT department detect unusual access behaviors. For example, if a user is accessing an account assigned to a different team or signing in at odd hours, that may be a sign of insider fraud or an external threat actor preparing to launch a ransomware attack.

Setting boundaries so that only the necessary teams have access to the appropriate client accounts can prevent unauthorized access, raise any red flags well in advance of an actual security incident and help contain risk.

3. Monitoring for Compromise

Although threat prevention should always be the goal, it isn’t always 100% achievable. This means monitoring for the failure of preventative controls is crucial, but even this is often under resourced and too reactive. Once an attack becomes obvious, it is usually too late. By the time a criminal launches the ransomware, they have already stolen critical data and, typically, have had access to the network for 30 days or more.

More diligent monitoring can help identify suspicious use of legitimate accounts and tools, otherwise known as Living Off the Land (LotL). Detecting this requires vigilance and skill. To a trained security operations center analyst, these abnormalities stand out clearly and the attack can be thwarted before the bulk of the damage is done. For an MSP, it’s important to invest in security monitoring training for staff or engage with outside experts to monitor for this type of behavior on their behalf.

Taking Supply Chain Security to the Next Level

By implementing these three important practices into their security strategies, MSPs and MSSPs will significantly reduce supply chain security risks for themselves and their customers, ensuring they are no longer the weakest link in the chain. Prioritizing supply chain security defenses can also be a significant competitive advantage for service providers in acquiring new customers and retaining the ones they already serve.

Staying vigilant and incorporating these security practices into a service provider’s culture is important, but MSPs can’t always achieve perfect supply chain security alone. Sourcing help from external teams like Sophos Managed Threat Response can make monitoring more proactive and effective in identifying those early indicators, further strengthening the MSP’s security posture within the supply chain.

These tips are simply starting points to avoid common pitfalls typical to security incidents we’ve seen in the past. It’s important to remember that security is a journey, and securing the supply chain is just one way MSPs and customers can make it more difficult for cybercriminals to carry out their nefarious attacks.

This guest blog is part of a Channel Futures sponsorship.