Providing Security as a Service After High-Profile Ransomware Attacks

Supply chain attacks are raising questions among business owners – be straightforward and transparent when you provide the answers.

Ransomware Attack

Managed services providers (MSPs) offering Security as a Service are facing some tough questions. Clients want to know their risk of supply chain attacks, and prospects want assurance that you can help them fight back against cyberattacks and not add to their risk if they sign a contract with your business. Expect your clients to bring up high-profile attacks, such as the 2021 ransomware attack on Kaseya VSA, a remote monitoring and management (RMM), endpoint management and network monitoring solution.

In the attack, nearly 50 MSPs using Kaseya inadvertently gave attackers access to about 1,500 end user systems. A few months later, a ransomware group attacked SolarWinds’ Orion platform for network and infrastructure monitoring, gaining access to nearly 18,000 government entities and businesses. Hackers had inserted malicious code into software updates that created a back door that they used to install spyware and other malware.

Be Transparent

Few people missed the news of these ransomware attacks, billed as some of the largest in history. So, even if you’d rather avoid the topic, you probably can’t. “You have to talk about it,” says John Hammond, Senior Security Researcher at Huntress. “It’s best to be fully transparent and communicate.”

It may take some time to explain to businesses precisely what happens in a supply chain attack, but thoroughly answering your clients’ questions can build trust in your company and your solutions. In this type of attack, hackers or ransomware groups target businesses, like MSPs, that provide services to other companies. The strategy is sinister but effective. If the actor can gain access to the provider’s system, they can infect their clients’ systems or lock them for ransom.

Your clients need to know that some of the software you use gives you access to their networks and the endpoints you monitor for them. However, stress that you’re doing all you can to evaluate your software’s security and implement controls that alert you immediately to suspicious activity. But are you doing all you can to protect your clients’ systems and your own business? Again, Hammond stresses that MSPs must do more.

“Hold vendors of any product or solution you use accountable,” he says. For example, it’s crucial to ask how often vendors conduct code reviews and vulnerability assessments on their software solutions in the current cyberthreat landscape.

Hammond also suggests asking vendors to institute a bug bounty program, incentivizing community members to “stress test” products and validate their security.

He adds, “Be in the mix and stay informed of new threats. We need to make sure everyone is involved.”

A Practical Approach to Security as a Service

Hammond also says it’s crucial to manage your clients’ expectations about preventing an attack.

“Prevention is hard. There is no silver bullet,” says Hammond. “It’s more practical to understand the threat and stop it as soon as possible.” Also, work with your customers on their plans to respond, recover and remediate following an attack.

Hammond reminds MSPs, “Cybersecurity is never solved. It’s something you have to earn every day. Security isn’t ‘set it and forget it.’ It’s an active fight.”

Keeping Customers Safe is a Big Opportunity – and Responsibility

If your MSP business has the resources and skills to provide Security as a Service solutions, you are meeting a great need. Mordor Intelligence forecasts the global Security as a Service market will grow 16.9 percent CAGR from 2020 to 2026, from approximately $9.2 billion to more than $22 billion. In addition, your clients are digitizing more of their data and automating their processes, requiring monitoring of those services. Your Security as a Service offerings can help keep your clients’ businesses safe if you can help them detect threats and get back to business as quickly as possible after an incident.

Do your part to mitigate supply chain attacks, protect your ecosystem and provide the Security as a Service solutions your clients need.