Managed service providers who provide network administration and other information technology services to businesses worldwide, remain at high risk of cyberattacks, according to a joint multinational security alert advisory.
That heightened security risk won't be going away any time soon, according to Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a May 11 news release issuing the advisory.
"As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it's critical that MSPs and their customers take action to protect their networks," Easterly said in the release. "Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain."
Joining CISA in issuing the advisory are the National Security Agency, the Federal Bureau of Investigation, the United Kingdom's National Cyber Security Centre, Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre.
The cyber security agencies' joint advisory warned managed service providers can expect to be increasingly targeted by state-sponsored advanced persistent threat groups and other malicious cyber actors. Targeted attacks against provider and customer networks can be expected, according to the news release.
Managed service providers targeted by malicious cyber actors because of the vital role the providers offer, Abigail Bradshaw, head of the Australian Cyber Security Centre, said in the news release.
'These actors use them as launch pads to breach their customers' networks, which we see are often compromised through ransomware attacks, business email compromises and other methods," Bradshaw said. "Effective steps can be taken to harden their own networks and to protect their client information."
Managed service providers are encouraged to review their cyber security practices and to implement mitigation strategies outlined in the advisory, Bradshaw said.
Those strategies include implementing mitigation resources to protect against initial compromise attacks, enable monitoring and logging, securing remote access, developing and exercising incident response and recovery plans and proactively managing supply chain risk across security, legal and procurement groups.
Guidance in the joint advisory will help managed service providers and their customers "customers engage in meaningful discussions on the responsibilities of securing networks and data," NSA Cybersecurity Director Rob Joyce said in the news release. "Our recommendations cover actions such as preventing initial compromises and managing account authentication and authorization."
