In honor of Cybersecurity Awareness Month, cybersecurity authorities are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers and expect this trend to continue with efforts that exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on threats—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base.
Here are 10 steps every MSP should implement as baseline security measures and operational controls:
Prevent initial compromise by improving security of vulnerable devices (VPNs), protecting internet-facing services and defending against brute force attacks and phishing techniques. (Side note, check out our related blog on how to more securely share passwords with your users.)
Enable logging and monitoring processes by implementing and maintaining a segregated logging regime to detect threats to networks for at least six months.
Manage account authentication and authorization by adhering to best practices for password and permission management and reviewing logs for unexplained failed authentication attempts.
Enforce multifactor authentication (MFA) where possible on all accounts that have access to customer environments and treat those accounts as privileged.
Manage internal architecture risks and segregate internal networks by identifying and verifying all connections between internal systems, customer systems, and other networks.
Apply the principle of least privilege to both internal and customer environments (avoiding default administrative privileges) and immediately updating privileges upon changes in administrative roles.
Deprecate obsolete accounts and infrastructure such as disabling user accounts when personnel transition and disabling unused systems and services.
Apply updates on software (including operating systems, applications, and firmware) and prioritize applying security updates to software containing known exploited vulnerabilities.
Backup systems and internal data regularly and maintain offline backups encrypted with separate, offline encryption keys and perform regular testing.
Develop and exercise incident response and recovery plans including up-to-date hard copies of plans to ensure responders can access them should the network be inaccessible in an attack.