Supply chain attack threats are growing. In 2022, the number of supply chain attacks overshadowed the number of malware-based attacks by 40 percent. The growth in this attack vector’s popularity comes down to numbers. If a hacker can succeed in breaching software used in hundreds or thousands of companies, one attack can yield more ransom, more monetizable data, and more havoc.
Remote monitoring and management (RMM) has been a target. For example, on the Fourth of July weekend in 2021, when hackers assumed there’d be fewer eyes on systems, they executed a supply chain ransomware attack by exploiting a vulnerability in Kaseya’s VSA software. The attack targeted managed services providers (MSPs) using the RMM to gain access to their clients. This attack came on the heels of the SolarWinds Orion attack in 2010-2020 that gave hackers access to about 18,000 government agencies and businesses.
Since these events raised awareness and gave the industry firsthand knowledge about supply chain attacks and recovery, MSPs, including Angel Rojas, president and CEO of DataCorps Technology Solutions and member of the ASCII Group, are strengthening their security posture.
Rojas shares the steps he’s taken and changes in his relationships with his vendor that help build a stronger defense against supply chain attacks.
How are you addressing security by protecting against supply chain attacks with your RMM solution?
Rojas: We are using advanced tools to monitor our RMM’s activity. However, our most important protection is a strong relationship with our vendor. We regularly meet and request information that assures us of their security measures. By having an open and honest conversation, the risks are understood and can then be addressed.
What types of support is your RMM vendor providing you to increase security?
Rojas: Our vendor is providing frequent communication regarding ongoing issues. When a vulnerability is discovered, a patch is released quickly, or a mitigating control is recommended so that we can take the necessary action.
What do you see on the horizon that can help mitigate the risks of using RMM?
Rojas: Transparency and accountability are essential. I think an educated MSP community that is asking our vendors the right questions is the most important risk mitigation to RMM. Those vendors who are open, transparent, and honest about their challenges will be rewarded with loyalty and expanding client bases.
Is there anything else MSPs can do to defend against supply chain attacks?
Rojas: Ask questions and do not settle for “sales” answers or empty promises. Accountability, open dialog, and transparency are the key. Do not be offended if you are asked to sign an NDA to receive the information. On the contrary, this should be expected and welcome.
Reassure Your Clients
Another challenge to overcome with supply chain attacks is convincing your clients that you are taking steps to keep their data and networks safe. Being transparent with your clients will help put them at ease and build trust in your company and the solutions you use.
While you can’t promise there will never be an attack that impacts your company, you let your clients know you have a response plan, including restoring immutable backups that allow you to get your business and your accounts up and running again as soon as possible.
About The ASCII Group, Inc.
The ASCII Group is the premier community of North American MSPs, MSSPs, VARs and solution providers. The group has over 1,300 members throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members, including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. In addition, ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs to grow their businesses. For more information, please visit www.ascii.com.