As a managed services provider (MSP), you’ve heard loud and clear that cybersecurity is a priority for your clients. They demand effective endpoint security solutions as a part of a comprehensive, layered security strategy and contract your services to monitor activity and alert them when potentially malicious activity occurs. As a result, protecting your clients’ data and networks has become a routine, albeit critical, part of providing managed services.
But what are you doing to protect your network?
Cybercriminals see MSPs as targets that will yield a high return. Therefore, instead of targeting just one business and its computing power and data, hackers can multiply potential returns by gaining access to an MSP’s network and looking for ways to compromise all of their clients – as well as their IP, records, customers and payment data.
This threat isn’t just hypothetical. It’s real.
Five Eyes reports the number of malicious actors targeting MSPs is increasing due to the ability of actors to scale their attacks. Threats range from ransomware and denial of service (DoS) to attacks on publicly exposed services, routing protocols, and large-scale malware attacks.
Practical Advice for MSPs
MSPs aren’t defenseless against cyberthreats, however. For example, Dark Cubed (now a part of Celerium) suggests these steps minimize the chances of a security breach:
- Ensure all remote access capabilities are accessed via VPN and require multifactor authentication.
- Establish and enforce strong password policies.
- Use service accounts for MSP agents and services.
- Manage access to accounts by setting the time of day they can be used and expiration dates that align with your contracts.
- Use architecture that tiers accounts, so accounts that require higher privilege will never be accessible through lower tiers of the network.
- Use a threat analytics solution that alerts you to changes in your and your customers’ networks.
- Stay on top of alerts from government agencies such as the National Cybersecurity and Communications Integration Center (NCCIC) within the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
Keep in mind that this list is not exhaustive. There’s much more you can do to secure your network. For example, Dark Cubed suggests you refer to NIST’s Cybersecurity Framework.
“A Crisis of Credibility”
In the report, Attacking the Gatekeepers, Dark Cubed acknowledges that the pervasive threat of cyberattack has put MSPs in a difficult position. You must practice what you preach regarding cybersecurity, implementing state-of-the-art security solutions, including endpoint protection, firewalls, web security, mobile device security, and data loss prevention solutions for your networks. You must, however, balance that need with the costs of your offerings and communicate your security services value proposition in a way that doesn’t trigger your clients to look for more affordable options.
One of Dark Cubed’s MSP users commented, “We are fighting a losing battle.”
Don’t concede defeat. Your security expertise, finding cost-effective solutions tailored to specific needs, and leveraging the knowledge and support of partners can help protect your business and your clients.