Don’t let your MSP’s lack of security turn you into a victim
US CERT Advisory Alert for IT Managed Services Providers
In October of 2018, the US Department of Homeland Security Cyber + Infrastructure Security Administrtion (CISA) issued Alert TA18-276B which was prompted by Advanced Persistent Threat Activity Exploiting Managed Service Providers detected by the DHS National Cybersecurity and Communications Integration Center (NCCIC). This Alert calls for immediate security countermeasures to be implemented by Managed Services Providers affecting all industries and business sizes.
The alert can be found here: https://www.us-cert.gov/ncas/alerts/TA18-276B
Unfortunately, if you have been monitoring the news, you can see that this warning has largely been ignored by Managed Services Providers across the country who are prioritizing convenience of administration and their own profits over customer security.
Recent News About Managed Services Providers
Share this article - 5 Key Security Lessons From The Cloud Hopper Mega Hack
Share this article - Report: Cloud Hopper Attacks Affected More MSPs
Share this article - Ransomware at IT Services Provider Synoptek
Share this article - Ransomware at Colorado IT Provider Affects 100+ Dental Offices
Share this article - China Hacked Eight Major MSPs, Technology Services Providers: Report
Ransomware gang hacks MSPs to deploy ransomware on customer systems
Is your MSP Superhero letting your company down?
Until recently there is no definitive way to know if your MSP is compliant with the requirements of the US CERT Alert TA18-276B which is the only standard to date that directly addresses the attack vectors and vulnerabilities currently being exploited by Nation States and large autonomous hacking organizations to compromise and control Managed Services Providers toolsets and their customer networks.
Parsolvo has created a testing and validation framework that will assess a company’s security posture as well as evaluate the controls implemented by Managed Services Providers relative to the organization’s network.
Managed Services Providers are not security minded organizations regardless of how many security “solutions” they try to sell. MSPs, by nature, are focused on support and ease of use. Another term for this might be “End User Experience” or “Simplifying IT.” These concepts run directly counter to the level of sophistication modern businesses need to protect their most critical data assets and business processes. If you do not take action, it is your company and its employees that will suffer. A Managed Services Provider can always find its next customer, but will you risk your entire business operation on their word?
Do not end up as a nameless faceless “customer” reference in the news like these other companies, engage with Parsolvo and get the transparency and accountability in your MSP relationship that you really need.