Cyberattacks have been rising over the past year, with an estimated 1,862 data breaches, up nearly double from 1,108 estimated in 2020. MSPs have seen themselves become targets for attack in recent years, with the number of cyberattacks jumping nearly 70 percent in 2021 over the year prior, according to one report, with an average of 1,068 recorded attacks per week. Government and communications were the only two sectors at higher risk than MSPs.
A joint Cybersecurity Advisory issued by the Cybersecurity & Infrastructure Security Agency (CSA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international cybersecurity authorities in May underscored the severity of attacks targeting MSPs and their customers. It recommended that MSPs “adopt a shared commitment to security and implement baseline measures and controls.”
The Advisory warns that the different agencies expect to see state-sponsored groups and malicious cyber attackers “increase their targeting of MSPs.” These advanced persistent threat (APT) actors and other malicious groups represent one of the most sophisticated groups to target companies and require strong defenses and response capabilities to limit risk effectively.
“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support — why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly in a statement. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”
MSPs must take steps to mitigate the rising risk facing them, both for their businesses’ and customers’ safety. The Cybersecurity Advisory provided some guidance and recommendations on steps based on the direct risk the different intelligence and cybersecurity groups are tracking. For instance, they should implement mitigation resources to prevent initial compromise through vulnerable threat vectors, such as devices, internet-facing services, phishing, and other means.
Additionally, the Advisory recommended monitoring and logging, including endpoint detection and network defense monitoring, to detect signs of a potential attack. They should also develop incident response and recovery plans and proactively manage supply chain risk across various groups.
Finally, MSPs should specifically ensure they are leveraging multi-factor authentication (MFA) and other steps to secure remote access applications, enabling them to be a vector of attack through which to attack customers.
“Through this joint advisory, the FBI, together with our federal and international partners, aims to encourage action by MSPs and their customers, as malicious cyber actors continue to target this vector for entry to threaten networks, businesses, and organizations globally,” said FBI’s Cyber Division Assistant Director Bryan Vorndran in a statement about the Advisory. “These measures and controls should be implemented to ensure hardening of security and minimize potential harm to victims.”