Why Hackers Are Targeting MSPs and What You Can Do About It.
I get it. Your clients might not have a budget for a full-blown cyber stack that covers every single what if scenario. Even today in 2021 many of your clients may have no idea of what might even be needed to keep even their critical data secure (NIST, ISO and other security standards are probably foreign to them, too).
Your clients—comprising nearly 30 million organizations representing a significant portion of the American economy—are a gold mine for hackers. A gold mine of opportunity and the key to many of those opportunities lie squarely in your and your team’s hands.
Why Target Your MSP?
Even companies and organizations looking to your organization for co-managed opportunities, hackers are starting to realize that managed services providers provide a plethora of services to a big section of the US (or insert your country)’s economy. As attack vectors go, they now are acutely aware that your tools could make for the perfect vector to tap into millions of previously under-exploited businesses.
What does that mean for you? Growing pressures on your infrastructure, processes, and team to make sure you’re keeping everything up to date. If you’re a security-conscious MSP, you may have huge opportunities to educate and explain why your services may far-exceed those of other managed services or IT teams.
The obvious answer to the question above is that an MSP services a myriad of businesses. Having access to just one MSP opens doors to all sorts of opportunities for an attacker. Just to put MSP services in prospective, nearly two-thirds of all organizations use MSPs for at least one IT function. These are published statistics. The MSP community has a LOT of impact on the data security and protection of TONS of data.
The big problem? As MSPs, we’re not all making sure we’re doing everything in a way that prevents hackers from getting onto our systems or those of our clients. I’ve recently been hearing stories from MSPs interested in our services tell me about their horror stories about clients getting attacked by ransomware attacks under their watch.
This is what I don’t want to happen (especially within our MSP community).
Many hackers that have infiltrated MSP networks stealthily move through an RMM without being detected. The attacker know that they don’t want to shut down an MSP—they’d rather go after their more lucrative clients. For instance, the Ragnar Locker gang deployed ransomware to a variety of MSPs via RMM tools that MSPs were incapable of monitoring for threats.
Your MSP’s Security Challenge?
As you already know, cybersecurity doesn’t come for free and making sure security is done right (even if you’re spending good money on solutions) can be extremely challenging.
It’s also hard to convince some clients that don’t like spending money on anything that they need to invest in security (something they cannot tangibly see a return on investment).
Some MSPs have swallowed the costs to protect their clients themselves, eating up the small margins they already have within their MSP, which doesn’t seem like a healthy way to run and operate a business. If you’re opting for this route, you’re trading one risk for another!
What You Can Do Right Now?
There’s no one silver bullet that’s going to prevent cyberattacks from hitting you or your clients. MSPs need to be evaluating, learning, and implementing a variety of tactics to minimize their exposure.
Make sure you’re using MFA—most MSP-related applications nowadays support Multi-Factor authentication. Make sure that you’re clear with your team why this is important when you’re implementing it. In many cases, we’ve audited MSPs that previously assured us that they had MFA set up on everything, come to find a technician turned it off because it made their job more complicated, or they needed a workaround for an issue and failed to turn it back on.
Keep everything up to date—this might seem super straightforward, especially for someone who is probably invested in doing so, but you’d be surprised how many MSPs don’t have updates completely rolled out across their personal environment (and often this isn’t because they don’t have standard operation procedures (SOPs) in place to do so. From your RMM tools to remote servers to client desktops and devices, the more up to date everything is, the less chances you will have a lingering vulnerability that hackers are actively exploiting.
Make regular backups—sure, backups might be your last-ditch effort in a cyber event, but if you know you have them working and up to date at least you have something to start from! What we’ve been finding is most MSPs don’t inspect their work when it comes to backing data up. This is the easiest way to lose your clients (in case they have someone else audit their network). Another problem is that many MSPs fail to secure their backups off of their network. When I mean completely off your network, I’m saying in the event you have an attack and need your backups, make sure to access them only from a device that was NOT on your infected network. Buy a laptop from Best Buy or Walmart. Whatever you do, don’t access your backups from your primary network.
Get a Second Pair of Eyes
I know this may seem like overkill for many of you, but simply having someone double-checking and triple-checking that your team’s work is keeping your security level high may be invaluable in those instances where one hole may leave the door open to attack.
