Is your IT service provider your biggest cyber security threat?
Adam Harling Sep 23, 2019 12:00:00 AM
Think about the access your IT service provider has to your systems, the passwords they hold, the direct access they have to your servers, systems and data. Now think about what could happen should your IT service provider suffers a breach.
The hackers have realised that gaining control or access to an MSPs systems, especially their RMM (Remote management and monitoring) platform gives them unfettered access to all the client systems managed by that IT services business. The hackers are quite clever in their thinking, instead of putting all the effort into cracking an service providers client networks, crack the service provider instead and unlock the keys to all client networks.
To do this specific malware and ransomware has appeared (Sodinokibi), written with IT service specific software in mind. Weaknesses in certain RMM platforms have been exploited, and poorly configured security systems breached using RDP brute force attacks.
You would think a managed IT service provider would have good security, right? Sadly, not all IT service providers do enough to protect themselves, implement strong security systems or even educate their own technical teams around cybersecurity (yes, even techies can fall for well-crafted phishing scams).
Tech-savvy users, like those in an IT services business, are well placed to work around security best practices and sometimes these are suggested but not enforced.
When security is lax, the IT services business could have a one access level for all policy, multiplying the attack surface by the size of your MSP technical team.
The above points are just the basics, the bare minimum you should expect from your IT partner.
As we view ourselves as a target it only stands to reason we go far beyond the above. We implement all the tools and process we use to deliver our Managed Security Service on our own infrastructure and teams. This includes our own advanced baseline security configuration, weekly vulnerability scans with immediate patching upon detection, rolling phishing test exercises, regular team security briefings, intrusion detection and zero-day threat analysis, dark web ID scanning and log file analysis.
If you would like to bring your IT cybersecurity up to enterprise-grade and know you have done everything you can to protect your business and minimise risk, please get in touch.