According to ZDNet US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. The US Secret Service sent out a security alert last month to the US private sector and government organisations warning about an increase in hacks of managed service providers (MSPs). MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer’s entire computer fleet. Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a cloud infrastructure or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients.
Enterprises have been hard at work modernizing their infrastructure and transitioning to the digital world to provide better, faster, and economically more efficient services to their constituents. As a result of this transformation, they become increasingly vulnerable to cybercriminals looking for softer targets to attack; and unfortunately, they often are softer.
Transitioning to cloud services and utilizing MSSP (Managed Security Service Provider) with vertical-specific expertise is probably one of the most cost-efficient solutions. Sharing resources and cybersecurity products across a large number of small, but similar in function organisations can achieve economies of scale, by partnering with managed service providers (MSPs) to achieve the best-of-breed technologies and experienced cybersecurity professionals that they couldn\\\’t afford otherwise.
Reports that managed service providers are increasingly targeted by ransomware attacks and other exploits prove that security is not understood to the extent that it should be. Organisations that process sensitive information should prioritize security; this means increasing the budget for cybersecurity and conducting courses to educate employees about how to best protect delicate information. Even though it may seem expensive, it will be significantly cheaper than a data breach. It is important to remember that even though you rely on an MSP or MSSP, you are still culpable for the information that you own.