Managed service providers (MSPs) have direct access to their customers’ networks and applications – reason enough for hackers to use their infrastructures as a starting point to launch malicious attacks against third parties. A new CISO guideline recommends measures that MSPs should implement to protect themselves and others.
Published in IT-Markt No. 08/2022 by author Kay-Uwe Wirtz, Regional Account Director DACH, Barracuda MSP
Managed service providers (MSPs) are being prompted to update their IT protection and introduce new security guidelines on an increasingly regular basis. Malicious cyber activities that specifically target MSPs are on the rise. This trend is set to continue.
Best practices for optimal protection
MSPs have direct access to their customers’ networks and applications. Criminals who successfully manage to compromise an MSP by using its infrastructure as a starting point are able to launch all sorts of malicious attacks against customers or other companies. National and international security organizations as well as the new Cybersecurity and Infrastructure Security Agency (CISA) guidelines recommend that MSPs implement the following best-practice measures:
MSP customers are advised to implement comprehensive security event management and ensure MSP accounts are monitored or audited. They should also ensure that MSP contracts include backup services.
Preventing consequential costs of successful attacks
Full implementation of these recommendations is likely to increase the cost of providing services for most MSPs. With inflation set to increase further and technology supply chains still affected by the pandemic and the war in Ukraine, rising costs are the last thing MSPs want to talk about. However, companies would be wise not to ignore the reality that a successful ransomware attack is likely to be at least as expensive. The costs associated with restoring the system is just one element to consider. Potential liability issues caused by security loopholes following inadequate advice from the MSP are another major cause for concern. Not to mention huge reputational damage and a potential drop in sales for the MSP. It is quite common for MSPs to be locked out of their systems following a ransomware attack or to be used as Trojan horses for criminals looking to infect customers with CryptoLockers and demand large ransoms.
Take warnings seriously
MSPs should heed the warnings that they are fast becoming a prime target for cyberattacks. Service providers should therefore take full advantage of the security solutions they offer their customers for their internal processes (such as current AI-based monitoring and containment tools). The following steps can help during the implementation phase:
For experience and expertise, look no further than DataStore and Barracuda
MSPs are attractive targets for cyberattacks, especially given the current climate of geopolitical volatility. However, service providers who invest in time, training and the right technology are literally on the safer side and are armed against becoming the unwitting accomplices in criminal attacks. DataStore and Barracuda offer expert support in the battle against cybercrime. Barracuda delivers innovative, cloud-enabled security solutions for companies of all sizes. DataStore offers individual consultation and implementation services, a training center authorized by Barracuda, demo equipment and the necessary managed services.
Interested? If you have any questions, please contact:
Michael Ulrich
Senior Business Development Manager
E-Mail: michael.ulrich@datastore.ch