RMM Vulnerabilities Potentially Devastating for MSPs: The 4 Security Pillars No Longer Enough

Written by Allison Francis
February 13, 2020

There are major gaps in security for MSPs using RMM tools and a concerning lack of urgency to remedy the issue.

Remote monitoring and management (RMM) platforms are the norm with the majority of managed service providers (MSPs), helping them to remotely monitor client endpoints, networks and computers.

However, MSPs that use remote monitoring and management (RMM) tools without key security precautions run the huge risk of exposing themselves — and their clients — to a disaster of epic proportions.

In a super fun twist in the threat landscape, cybercriminals have turned their greedy gaze upon an extremely lucrative new target: MSPs. MSPs are responsible for keeping business computers patched and users connected to the business applications that millions of businesses use every day. MSPs rely on RMM tools like ConnectWise Automate and Continuum’s Command in order to effectively service a dizzying network of computers and users.

RMM has had a huge and significant impact on MSP services and profitability for the last few years, and the trend for MSPs to adopt more and more RMM features is set to rise dramatically. But, if you don’t have the proper security controls in place? Sayonara, suckers.

Ingalls Information Security’s Jason Ingalls

Despite all of the warnings out there and the uptick in MSP targeting, Jason Ingalls, founder and CEO of Ingalls Information Security, says that there is an extreme lack of urgency with regard to handling security issues among MSPs. Ingalls, who has worked in Fortune 50 company breach response for over a decade and small-to-midsize business breaches (including MSP breaches) for the last five years, stresses the serious nature of these vulnerabilities, and the potential havoc they can wreak on businesses.

According to Ingalls, MSPs, in general, think about four things when it comes to cybersecurity: patch management, antivirus, firewalls and backups. Often referred to as the four pillars of MSP information security controls, they are necessary in managing information security risk.

“The problem is, cybercriminals will blow right through those,” warns Ingalls. “They don’t care about what patch level you’re using, or which firewalls or antivirus tools you have in place. They will melt through them, no problem. Now of course, those elements are necessary — they are called pillars for a reason. But MSPs must develop the level of cybersecurity risk management that prevents attacks from succeeding and minimizes the impact of a successful intrusion.”

One of the biggest gaps, explains Ingalls, is a lack of multifactor authentication (MFA). At this point, only some of the RMM tools out there require MFA to function. Datto, for example, makes it mandatory. Ryan Weeks, CISO at Datto, makes it a point to educate MSPs in this regard. But others are still a bit behind the curve. But in many cases, RMM providers offer MFA as an option that is not enabled by default. According to Ingalls, the majority of MSPs have not enabled MFA and are not enforcing its use. This means that anyone could steal RMM login credentials and log in from anywhere at any time. According to Ingalls, this has led to dozens of MSP and MSP client breaches already.

Join Ingalls and 100+ industry-leading speakers, more than 6,400 partners and 300+ key vendors, distributors and master agents at the Channel Partners Conference & Expo, March 9-12. Register now!

But fear not, friends — all is not lost.

“There are partners and MSSPs that have channel partner opportunities to offload this kind of risk,” says Ingalls. “You also need next-generation behavioral-based antivirus. This means log collection storage …