Keep your eye on the ball - even when you are supported by MSPs.
Jul 05, 2021Hat tip to Huntress Labs for the story they broke Independence Day weekend about hackers compromising the computer systems of at least 1,000 businesses by targeting managed service providers. The story provides a good reminder about the importance of supply chain management because the attacks are not going anywhere.
Recent attacks are getting more coverage, but they are a fraction of what I see as a professional in the industry. This was the concern on my mind when I invited Barry Hensley, Cal Braunstein, and Jeff Gaynor to share their thoughts with me in the Injecting Security into Supply Chain Management virtual roundtable just a few weeks ago.
Why attack 1,000 organizations when I can attack one and gain access to many? These attacks are likely to INCREASE as more companies work with a managed service provider (MSP) to support their technology and security services. According to ManageEngine, “over 75 percent of Fortune 1000 companies outsource all or at least some part of their IT infrastructure to an MSP or value-added reseller (VAR), and 39% of SMBs use managed services in some capacity.”
Shifting work to an MSP does not allow organizations to take their eye off the third-party risk management ball. We've seen this time and time again. In late 2013, hackers gained access to nearly 100 million Target customer's personal and financial data through channels related to Target's point-of-sale (POS) systems. Fast-forward six years and 22 municipalities in the State of Texas suffered ransomware attacks in August of 2019 because attackers successfully compromised the MSP supporting these government agencies. The damage from SolarWinds, Microsoft, and more recent attacks is still being assessed.
This is a brief overview of a huge, complex problem. Companies large and small will continue to rely upon MSPs for their operations. CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack is available to help people affected by the current incident respond and recovery effectively. Moving forward, individual organizations and the industry at large must work together to promote good risk management and cybersecurity programs that reinforce the wisdom of prevention to improve response when things go wrong. Most important, this is a good opportunity to review and refresh the practices in place to assess and manage service providers.
What are your thoughts? Join the conversation on LinkedIn.
Don't miss a beat!
Get regular content, event updates, cybersecurity news and much more delivered straight to your inbox.
We hate SPAM. We will never sell your information, for any reason.