It has already been well documented this year that the COVID-19 pandemic has seen a sharp rise in cyberattacks, particular for those working from home. Similarly impacted of late have been those in the managed services provider (MSPs) space, according to recent incidents highlighted by the United States secret service.
According to local telecoms service provider, Vox, it is the supply chains in particular that have proved most enticing for hackers. Only this week for example, we’ve seen the COVID-19 vaccine supply chain become a prime target.
“After all, why should hackers focus on a Fortune 500 company with extensive cybersecurity resources in place when they can get access through a partner who does not have such defences? It is all about taking the path of least resistance by using a smaller company as a back door instead of taking on a Fortune 500 enterprise head-on,” explains Jurgen Sorton, head of IT (pictured in header image) and Barry Kemp, head of IaaS at Vox.
“Hacking an MSP does provide one significant advantage. These service providers are likely to manage many customers, some up to the thousands. By compromising the MSP, hackers get the veritable keys to the kingdom and can easily infect any of their clients with malware,” the pair add.
It is this model that makes MSPs in particular such highly coveted targets for cyberattacks, as one successful attempt can often result in a great ‘return on investment’.
“By compromising an MSP, the hacker gets a much better return than going after each organisation individually. One hack can therefore translate to hundreds of ransomware opportunities yielding a greater financial reward,” explain the Vox execs.
“And even though companies are advised against paying ransomware, they may have little choice especially if they are unable to restore their data,” they continue.
While the why for these cyberattacks has been explained, now we need to look at ways that MSPs can better protect themselves. On this front Vox advocates for a handful of different strategies. One of the more interesting involves deception and the honeypot technique that entices hackers to go for other databases.
“In this way, when the hackers are lured to the honeypot, the company will know someone is snooping around on the network and can take proactive steps to isolate the damage and trace how they got into the system,” says Vox.
“But whether you are an MSP or an end customer, security in a digital-centric environment depends on your budget. Keeping up with hackers can be an exceedingly expensive undertaking. To this end, honeypots are cost-effective to identify any potential nefarious actions,” they add.
Looking at its workforce, and MSP should also looking at adding increased security measures on that front. Here, two-factor authentication is proposed by Sorton and Kemp.
“This extra step means the hacker must have physical access to a secondary device, such as a mobile phone, to perpetrate the attack. And then, other basic security best practice must always apply. Things like not using easy passwords and having users change them every 30 days are fundamental,” they stress.
Looking within its own environment, Vox has outlined some of the practices to help its MSP customers with cyberattacks.
These include multi-factor authentication of course. Furthermore, sessions with customers are encrypted end-to-end, and Vox believes in session recordings. They explain that this not only does this help from a quality assurance perspective, but it allows them to see that all the required steps were taken to maintain the integrity of the environment.
“Even though MSP hacks are not a new thing, the continually evolving cyberthreat landscape means that no organisation can ignore the trends at any point in time. A considered approach to cybersecurity reflective of the immediate business requirements must be critical to help defend the network against potential compromise,” the pair conclude.