How Can MSPs Defend Against These 5 Costly Cyber Threats?


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Thursday, November 10, 2022

What are some of the biggest cyber security threats facing MSPs, and how can these firms ensure they're taking adequate steps to defend themselves?

Article 5 Minutes
How Can MSPs Defend Against These 5 Costly Cyber Threats?
  • Home
  • IT
  • Network
  • How Can MSPs Defend Against These 5 Costly Cyber Threats?

Cybersecurity threats continue to be a top business risk for enterprises of all sizes and across all sectors. But one area that's set to be particularly under attack in the months and years to come are managed service providers (MSPs).

These firms have seen major growth over the last few years as more businesses turn to expert help to undertake digital transformations and embrace technology such as cloud computing. As such, there are now a huge amount of connections between MSPs and their customers for threat actors to exploit.

Why MSPs are particularly under attack

One recent report from Coleman Parkes Research and N-able found 90% of these firms have come under attack in the last 18 months. Over half of firms report business disruption and financial losses as a result. But what is it about MSPs that makes them so attractive to criminals?

joint warning from cybersecurity authorities in the UK, Australia, Canada, New Zealand and the US - the 'Five Eyes' - explained that because MSPs connect to large numbers of customer networks, this offers hackers the opportunities to greatly increase the surface area of their attacks, using MSPs as entry points to many other businesses.

"Threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. The UK, Australian, Canadian, New Zealand, and US cybersecurity authorities expect malicious cyber actors - including state-sponsored advanced persistent threat (APT) groups - to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships." - Joint advisory, Five Eyes cybersecurity authorities

5 key threats MSPs need to defend against (and how to manage them)

Cybersecurity threats come in a wide range of forms. Understanding what the major threats are is vital in ensuring the defenses you're putting in place are up to the task and focused on the right areas. Here are five that every MSP needs to be aware of.

1. Ransomware

One of the fastest growing forms of malware, ransomware is relatively easy and cheap to deploy and offers the potential for large returns for criminals. Some attacks work by encrypting files or systems and then demanding money in exchange for encryption keys, while an increasing trend is to also steal private data and threaten to release it publicly if firms don't pay up.

The dangers of this were clearly illustrated in 2021, when MSP Kaseya was targeted by a ransomware attack. It was estimated that as many as 1,500 of its customers were also compromised as the malware made its way through the supply chain.

To tackle ransomware, there are several steps that must be taken. For starters, tools such as email security are a must-have, this is the most common source of these infections. Strong access controls and network monitoring solutions are aso vital to prevent his malware from moving within a business to access valuable data.

2. Social engineering

Human error continues to be the root cause of the majority of cyber attacks, with figures from IBM suggesting this is a factor in as many as 95% of cases. While issues such as password sharing or losing devices are common issues, hackers also seek to exploit human weaknesses by launching social engineering attacks.

Phishing attacks are the most common form of social engineering, which may try to trick users into entering their login credentials into fake sites, or even send data to criminals directly by posing as senior executives. However, baiting, pretexting and even physical social engineering such as tricking someone into granting access to a server room may also be used by criminals.

Effective user education is the best way to tackle this type of attack. You need to make sure your users know what signs to look out for and adopt a 'zero-trust' approach that says when in doubt, they should alert IT teams to any suspicious communications or activity.

3. Remote working

The growth of remote and hybrid working offers a new range of opportunities for criminals to target MSP employees. For example, this can make it easier to execute the types of social engineering attacks mentioned above, as users may be more inclined to respond positively to email requests when working outside the office.

If they’re connecting to networks via insecure Wi-Fi connections, accessing consumer-grade applications, or using personal devices that the IT department has no control over, this can also cause problems. Therefore, remote workers should be closely monitored, with their activities restricted to approved devices. Again, training on risks such as business email compromise is vital for these personnel.

4. API threats

Application programming interfaces (APIs) are essential to the success of many MSPs, as they’re increasingly used in business to integrate systems and share data. But protections for these devices are still relatively unsophisticated. According to Atos, this type of attack is likely to become a mainstream threat from 2023 onwards.

API threats are expected to exploit misconfigured authentication and authorization controls as easy initial vectors. Therefore, ensuring that all configurations are checked is vital. Attacks may also exploit unsecured API endpoints with techniques such as SQL injection attacks.

5. IoT attacks

The Internet of Things (IoT) has proven an increasingly-popular target for criminals in recent years as the number of devices has grown exponentially. MSPs may be particularly under threat, especially if they monitor and manage these devices on behalf of customers. These devices could be vulnerable to a range of attacks, from crypto mining to launching DDoS attacks or even stealing data.

However, IoT devices are often neglected by security teams. They tend to suffer from weak or default passwords, a lack of regular patches and insecure user interfaces, as well as a lack of visibility to security teams.

Ensuring that all data moving to and from these devices is encrypted is an important defense against these threats. Using tools such as strong multi-factor authentication and following best practices for applying security updates is also vital.

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...