Managed Service Providers (MSPs) play a crucial role in businesses by handling IT services and infrastructure. These specialized entities often have privileged access to the networks and systems of multiple organizations, making them attractive targets for cyber criminals. This article explores the risks associated with such targeting and offers insights into mitigating these risks for MSPs and their clients.
Recent warnings from the Australian Signals Directorate (ASD), the United Kingdoms Cyber Security Center (NCSC-UK), the Canadian Center for Cyber Security (CCCS), Cyber Security and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) highlight a surge in malicious activities targeting MSPs. The FBI, for instance, has cautioned against North Korean cyber criminals posing as IT professionals to infiltrate networks, deploy ransomware, and divert proceeds to fund weapons programs.
The consequences of a cyber criminal infiltrating an MSP extend to its clients. For instance, if an MSP manages services for healthcare providers or businesses in a region, a successful breach of the MSP network could lead to a shutdown of vital information services in the region, coupled with ransom demands.
To minimize the risk of cyber attacks, MSPs should consider hiring local IT staff and contractors instead of outsourcing critical support services internationally. While outsourcing may seem cost-effective, it exposes MSPs to potential exploitation by rogue nations. Engaging with local professionals ensures coverage by professional liability insurance and background checks, making them less susceptible to corruption by cyber criminals or hostile states.
Clients of MSPs can mitigate risks by delegating permissions and access control judiciously. Remote access should be restricted unless absolutely necessary, and when required, clients should demand background information on the MSP's staff or contractors responsible for system maintenance. A preference for onsite maintenance over remote services, along with careful delegation of access control, can enhance security. Clients should maintain greater access control permissions than the MSP, routinely monitor and log MSP access for transparency.
While outsourcing information system access poses risks, strategic actions can mitigate them. MSPs are invaluable for maintaining information systems, but clients should avoid blindly handing over complete control to the kingdom. Choosing local IT support staff and contractors contributes to a safer, more secure environment, supporting local talent and the Australian economy, rather than inadvertently contributing to the cybercriminal economy or the North Korean ballistic missile program.