You may or may not know, but IT service providers are currently being targeted by hackers. Numerous accounts of IT service provider breach are now being reported worldwide, and once the IT service provider is breached, so are the client networks.
Think about the access your IT service provider has to your systems, the passwords they hold, the direct access they have to your servers, systems and data.
Think about what could happen should your IT service provider suffer a breach.
The hackers have realised that gaining control or access to an MSPs systems, especially their RMM (Remote management and monitoring) platform gives them unfettered access to all the client systems managed by that IT services business. The hackers are quite clever in their thinking, instead of putting all the effort into cracking an IT service providers client networks… crack the IT service provider and you have all the keys to all the client networks.
To do this specific malware and ransomware has appeared (Sodinokibi), written with IT service specific software in mind. Weaknesses in certain RMM platforms have been exploited, and poorly configured security systems breached using RDP brute force attacks.
You would think a managed IT service provider would have good security, right?
Sadly, not all IT service providers do enough to protect themselves, implement strong security systems or even educate their own technical teams around cybersecurity (yes, even techies can fall for well-crafted phishing scams – the most common attack vector).
Tech-savvy users, like those in an IT services business, are well placed to work around security best practices and sometimes these are suggested but not enforced.
When security is lax, the IT services business could have a one access level for all policy, multiplying the attack surface by the size of your MSP technical team.
Questions to ask your Managed IT service provider:
- Are you Cyber Essentials PLUS certified?
Your IT service provider should be externally verified and compliant with Cyber Essentials PLUS at a minimum.
- Are you using Multi-Factor Authentication on all your own systems?
Netitude uses multifactor authentication on all platforms including our RMM, Email, file sharing, and ERP system. Multifactor authentication is even required when our team access these systems from inside our building.
- Are your systems patched and regularly scanned for vulnerability?
Netitude carries out weekly internal and external vulnerability and patch scans on all our own systems using an industry-leading vulnerability scanning platform. This goes far beyond windows updates and includes all infrastructure, and scans for all known vulnerabilities.
- Do you restrict remote access to your systems?
Netitude enforces a strict access control policy to ensure we have complete control over the devices and users that access our systems. All remote access is via a user and device-aware VPN where required.
- Do you have advanced anti-virus, anti-malware, gateway AV and APT scanning systems in place?
Netitude has state of the art Anti-Virus and Anti-Malware, and APT enabled firewalls in place at all locations. These systems are monitored 24/7/365 and constantly updated. Our perimeter firewalls are “Sodinokibi aware” and can detect and block these attacks before they are able to enter our systems.
- Do you have a suitable backup and disaster recovery systems in place?
Netitude have a complete DR replica of all data and systems across multiple data centres. Our backups are encrypted and sandboxed (ransomware protected) from other systems. All systems are backed up including our cloud-stored data.
- Do you have any public (internet) facing RDS servers?
We do not have any public-facing RDS servers, we do not use RDS to deliver any of the internal systems, so, therefore, have no RDS servers.
- Do you train your staff about cybersecurity?
We carry out regular phishing awareness tests and have a complete security awareness training platform and training schedule in place for all users. Across all teams including technical and non-technical.
- Do you apply all security best practice internally?
It‘s easy for an IT service business to slip into the “It’s ok, we know what we’re doing” mentality. However, most breaches go undetected, this mentality does not work. We go a step further; our security standards and practices exceed those of our customers. Our state-of-the-art breach detection software has the backing of ex-NSA cybersecurity analysts, who take a human approach to identify suspicious behaviour that automated security suites can often miss.
The above points are just the basics, the bare minimum you should expect from your IT partner.
As we view ourselves as a target it only stands to reason we go far beyond the above.
We implement all the tools and process we use to deliver our Managed Security Service on our own infrastructure and teams. This includes our own advanced baseline security configuration, weekly vulnerability scans with immediate patching upon detection, rolling phishing test exercises, regular team security briefings, intrusion detection and zero-day threat analysis, dark web ID scanning and log file analysis.
If you would like to bring your IT cybersecurity up to enterprise-grade and know you have done everything you can to protect your business and minimise risk, please get in touch.