In the words of Smash Mouth, “the years start comin’, and they don’t stop comin’…” The same could be said of cybersecurity threats. They are coming from all angles all of the time, but the good news is that you can be a cybersecurity “All Star.”
Bet you didn’t think we’d be quoting Smash Mouth’s 1999 hit “All Star” in the opening paragraph of this blog post, did you? Life’s full of surprises… Don’t let a cybersecurity breach take you by surprise.
To be a “cybersecurity All Star,” a crucial part of the equation is awareness, quickly followed by mitigation. On that note, earlier this year, the UK, Australian, Canadian, New Zealand and U.S. cybersecurity authorities issued an advisory relating to threats against Managed Service Providers (MSPs) and their customers.
In this context, the United Kingdom’s Department of Digital, Culture, Media and Sport (DCMS) outlines an MSP as “a supplier that delivers a portfolio of IT services to customers via ongoing support and active administration… These Managed Services might include:
- Cloud computing services (resale of cloud services, or an in-house public and private cloud services, built and provided by the Managed Service Providers)
- Workplace services
- Managed Network
- Security services
- Service Integration and Management
- Software Resale
- Software Engineering
- Analytics and Artificial Intelligence (AI)
- Business Continuity and Disaster Recovery services”
Utilizing a Managed Service Provider can be a good idea for many businesses as it lets them focus on their core competencies while another company focuses on their IT management or even some of their security program needs (such as log monitoring) using a managed service model.
Naturally, these MSPs often have trusted access to your network and systems. They must have in order to do their job. But, lately, cybercriminals have started targeting MSPs for infiltration in order to get privileged “super user” access to their customers’ networks and systems. Therefore, selecting your MSP carefully is essential!
The joint advisory notes that the authorities have observed: “an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.” In other words, whether you identify as an MSP or utilize the services of an MSP, you need to be aware of the current threat.
MSP customers should ensure that their agreement includes cybersecurity measures. Put another way, if you use an MSP, we recommend including contract clauses with your MSP to ensure that you’re protected and can verify that the protections are in place. SeekingFire can help provide you with sample clauses that you might want to consider.
In addition, we recommend discussing with your MSP what their security program looks like. Ideally, they have a recent third-party audit report that they share with you (under an NDA, typically) or, even better, are certified in a standard such as ISO 27001, demonstrating that they are managing a complete and mature security program.
The joint advisory issued by the five nations (AKA the “five eyes”) speaks to the scale of the challenge and also the interconnectedness of our global networks. So, for example, a vulnerable MSP in Auckland could be the initial access vector to a variety of victim networks around the globe (we’re not picking on Auckland, by the way, just using them as an example).
You may be wondering what else can be done to mitigate the threat. The advisory clocks in at 10 pages and features a variety of details and recommendations. You can read the complete advisory here. With that said, we’ve also highlighted some tactical actions detailed in the document.
According to the advisory, the following represents tactical actions MSPs (and their customers) can take to reduce their risk:
- Identify and disable accounts that are no longer in use
- Enforce Multi-Factor Authentication (MFA) on MSP accounts that access the customer environment and monitor for unexplained failed authentication
- Ensure MSP-customer contracts transparently identify ownership of ICT security roles and responsibilities (i.e. who is responsible for what)
- Apply the principle of least privilege (i.e. use a tiering model for administrative accounts so that these accounts do not have any unnecessary access or privileges)
- Defend against phishing (a persistent problem)
- Apply updates (always do your updates. If it helps, start with the most vulnerable/insecure pieces of your infrastructure and tackle them on a priority basis from there)
- Backup systems and data (this should also include testing your backups as well. It would also be wise to generate “gold images” of critical systems in case rebuilding is required)
- Develop and utilize a Security Incident Response and Recovery Plans (we can help with this)
- Promote transparency (ensure that roles and responsibilities are known and clearly defined)
At SeekingFire Consulting Inc., we offer a range of data security solutions for clients across Western Canada. Whether you’re a startup or a long-established post-secondary institution, we can help put you on a secure footing so you can get back to doing what you do best. We believe in making the digital world a safer, more secure place where people, organizations and communities thrive.
Please get in touch with us if you would like to arrange a complimentary consultation to discuss your needs.
While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.