Attackers See MSPs as the Key to a Treasure Trove of Data

MSPs need to put cybersecurity plans in place to protect client data they safeguard.

September 10, 2019

5 Min Read
Key to treasure trove

By Dror Liwer


Dror Liwer

In a Reddit section dedicated to managed service providers (MSPs), users alerted the group that cyberattackers were recently discovered to have breached three MSPs’ security infrastructures, introducing ransomware via Remote Desktop Endpoints (RDP) and ultimately infiltrating the MSPs’ customers systems. A previous occurrence in February also resulted in 1,500 to 2,000 systems in an MSP to be locked with a release demand of $2.6 million.

These attacks weren’t the first nor will they be the last time MSPs are targeted, as attackers are now actively pursuing service partners to collect vast amounts of data with much less resistance than its enterprise and government foes.

This strategy of attack isn’t new. In fact, we’ve seen it many times before with attackers now preferring to target multiple small businesses instead of one large enterprise to save time and resources without sacrificing their end goal – monetizing data collection. This causes stress on small businesses in particular who don’t have the dollars to spend on developing security policies that protect themselves from attackers. And similar to small businesses, if MSPs don’t mitigate their risks soon, they, too, will risk losing customers and business in an increasingly competitive landscape.

Rapidly Growing MSP Marketplace

MSPs have always been a trusted adviser to businesses. They manage IT infrastructures, end-user systems and, increasingly, their customers’ cybersecurity. With 60% serving up to 100 customers, most MSPs are also considered small businesses themselves and are working in a marketplace that’s only expected to grow in size and in cyber risk.

A recent report from Market Research Future forecast the managed services market to grow 11% between 2016-2022. This trend lends itself to the growing realization of benefits in partnering with an MSP in light of cybersecurity needs. Rising concerns around data protection, bring your own device (BYOD) policies and regulatory compliance as well as a shift to cloud-apps have businesses looking for help in managing these complexities.

Ironically, this explosion of growth is actually painting a big red bull’s-eye on MSPs as keys to the data treasure box.

MSPs’ Privileged Access to Data

The reason for targeting MSPs is quite logical. The numbers imply a decent client roster per MSP and estimations suggest there are about 20,000 successful MSPs within the North American market. Therefore, why go after one company for its data when an attacker can go after an MSP that has access to tens of companies’ data?

However, it’s not just the sheer number of data points that attract cybercriminals to target MSPs. The business model of MSPs suggest a tendency to serve a specific vertical, such as health care, finance, consulting, government agencies, etc., for the MSP to understand and meet the IT needs within that profession. Although an understandable business decision, this allows cyberattackers to cherry-pick victims based on the profiles the MSPs serve.

Protecting MSPs and Their Customers

It’s no longer an option for MSPs to claim ignorance if a data breach occurs. Public reporting of such incidences has brought the issue to light and actually raised the standard of…

…due care. Many small businesses have noted their willingness to sue if a data breach were to occur, even if they did not contract their MSP to provide cybersecurity. As a result, MSPs should actively take steps to mitigate not only their risks, but also customers and vendors, to fully protect the supply chain. These steps include:

  • Conduct a security audit – If an MSP or its customers cannot remember the last time a security audit was done, then it’s probably time to do one. This risk assessment helps identify weaknesses – such as outdated technology or policies in place – and shapes security posture.

  • Prepare for the worst – After conducting a security audit, implement an incident response plan that communicates openly with internal employees and third parties, such as customers, on what happened, how the attack may have happened and what steps are being taken to reduce risk in the future.

  • Standardize procedures – Don’t procrastinate on implementing policies. These allow employees to understand the proactive and reactive steps to take in case of an event and help measure success and areas of improvement.

  • Communicate, communicate, communicateMSPs and customers should have a clear, agreed-upon outline – written down, preferably – of what MSPs and customers are each responsible for. This legally protects both parties in the event of an incident. MSPs should also make it a requirement for customers to adhere to the same cybersecurity protocols as them to ensure there’s no “weakest link” in the security chain.

As the marketplace continues to grow, attackers will only invest more time and effort into compromising MSPs. Understanding that attackers are making service providers a priority means it’s time for MSPs to step up their defenses or risk being the next MSP talked about in the news as an example of what not to do.

Dror Liwer is the co-founder and CISO of Coronet, a leading provider of data breach protection for companies that use the cloud. He brings more than 25 years of technology, security and business development experience to Coronet, including posts as CIO of the IDF’s Military Police, CEO at Pose, a venture partner at RDSeed, general manager at IXI Mobile and senior VP at Publicis and Wunderman. Follow Liwer or Coronet on LinkedIn or on Twitter @coronetworks.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like