https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Cloaked hacker

Security Alert: MSPs Facing Higher Risk of Cyberattacks

  • Written by Edward Gately
  • May 12, 2022
MSPs need to understand the outsized level of cybersecurity risk.

MSPs are once again under increasing risk of cyberattacks and this heightened risk shouldn’t end anytime soon. That’s according to a new multinational security alert.

The cybersecurity authorities of the United States, United Kingdom, Canada and New Zealand issued the security alert. The US. authorities include the FBI, National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA).

Whether the customer’s network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. The authorities expect malicious cyber actors, including state-sponsored advanced persistent threat (APT) groups, to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.

Destructive Follow-On Activity

Threat actors successfully compromising an MSP could enable follow-on activity, such as ransomware and cyber espionage, against the MSP as well as across the MSP’s customer base, according to the security alert.

“MSPs provide services that usually require both trusted network connectivity, and privileged access to and from customer systems,” the authorities said. “Many organizations, ranging from large critical infrastructure organizations to SMBs, use MSPs to manage information communications technology (ICT) systems, store data, or support sensitive processes. Many organizations make use of MSPs to scale and support network environments and processes without expanding their internal staff or having to develop the capabilities internally.”

The security alert recommends MSPs prevent initial compromise by improving security of vulnerable devices, protecting internet-facing users, defending against brute force and password spraying, and defending against phishing.

It also recommends enabling/improving monitoring and logging practices, enforcing multifactor authentication (MFA), managing internal architecture risks and segregating internal networks, and more.

The authorities have previously issued general guidance for MSPs and their customers. A shared commitment to security will reduce risk for both MSPs and their customers, as well as the global ICT community.

‘Serious, Serious’ Issue

Roger Grimes is KnowBe4‘s data-driven defense evangelist. He said this is a “serious, serious issue” and has been going on for nearly a decade now.

KnowBe4's Roger Grimes

KnowBe4’s Roger Grimes

“MSPs need to become as strongly secured as the top security at trusted government top-secret sites,” he said. “Every device must be locked down with strict application controls, phishing-resistant MFA, great security awareness training for employees, and the strongest security they themselves can implement. Most people would be surprised, but most MSPs aren’t configured in the strongest security configuration possible. That’s because for a long time it wasn’t needed. But now as they are increasingly under direct attack by nation-states and ransomware gangs, they have to treat themselves like top-secret government agencies with no quarter for half-measures.”

Chris Clements is vice president of solutions architecture at Cerberus Sentinel, an MSSP.

Cerberus Sentinel's Chris Clements“MSPs often necessarily have complete control over their customer’s environments in order to do their job,” he said. “Unfortunately, many do not have robust internal security programs themselves and can be soft targets for cybercriminals who in turn can leverage the MSP’s elevated access to compromise dozens or hundreds of downstream organizations. This makes MSP’s compelling targets for cybercriminals. After all, why work to compromise dozens of organizations one at a time when you can instead focus efforts on a single MSP that can give the same results in a single attack?”

Immediate Action Needed

MSPs need to understand the outsized level of cybersecurity risk and take immediate action to ensure they have addressed today’s most popular attack vectors, Clements said.

“To keep themselves and their customers safe in the long run, however, they must adopt a culture of security that ingrains awareness, controls and monitoring into every business operation,” he said. “Cybercriminals are continuously adapting their techniques to bypass controls and evade detection. Defending against these evolving threats takes a holistic organization-wide approach.”

At the same time, MSPs’ customers need to ask hard questions about their security posture as well as their provider’s own internal cybersecurity maturity level, Clements said.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs Best Practices Mobility & Wireless Security Technologies

Most Recent


  • 21st century technology vision for Oracle Cloud
    The Gately Report: Cybersecurity Fundamental to Oracle's 21st Century Technology Vision
    Plus, Exabeam's CEO weighs in on Cisco's acquisition of Splunk.
  • Conversational AI
    Kore.ai Hires Nextiva, ThreatProtector Vet to Lead NA TSDs
    The new channel sales leader is building a new TSD partner program.
  • Partners Balance Multicloud Opportunity, Complexity
    Partners Balance Multicloud Opportunity, Complexity
    Partners offering multicloud services and consulting can enable customers to fully exploit the native services of each cloud type while providing the consistency and standardization that development, operations and security teams need.
  • Avant Communications makes new hire
    Intelisys Alum Michael Sterl Joins Bridgepointe in New COO Role
    Sterl was at Intelisys for two years.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cash
    Pathlock Gains $200 Million in Funding, Merges with Appsian, Security Weaver
  • Cybersecurity digital lock
    Telarus Cybersecurity Assessment Software Latest in TSB Tools Arms Race
  • Managed Security Services
    Palo Alto Networks, Deloitte Offering Managed Security Services
  • North America
    Kaspersky Channel Vet Joins Cyware to Lead its North America Channel

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

2023 MSP 501 Channel Disruptors: These Companies Are Shaking Things Up

September 25, 2023

The Gately Report: Cybersecurity Fundamental to Oracle’s 21st Century Technology Vision

September 25, 2023

Kore.ai Hires Nextiva, ThreatProtector Vet to Lead NA TSDs

September 25, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X