Top 3 Ways to Prevent Your VAR or MSP Business from Being Compromised

Learn why MSPs and VARs are a target for cyberattacks and what you can do to protect your business.

MSP cyberattack

If you’re an MSP, consider your business a prime target for sophisticated hackers overseas. It’s not a surprise that highly developed hacking groups, backed by state-run intelligence agencies, have found a way to get more for their efforts by targeting MSPs as a means to gaining access to multiple companies at one time.

Last year, members of the hacker group APT 10 were indicted by the U.S. Justice Department after they successfully obtained unauthorized access to the computers of more than 45 companies and government agencies. Using malware that evaded antivirus software, the group was able to monitor the MSP’s computers remotely, steal user credentials, invade customers’ networks, and ransack their confidential business data and commercial secrets.

Hackers like to one-up each other, and with unlimited funding and government incentives to carry out more sophisticated attacks, APT 10 is only the beginning of a trend that could wreak havoc for years to come.

You don’t want your company to be the gaping hole in your customers’ security posture. It’s not only detrimental to them, but consider the devastation to your reputation and ability to ever build trust again.

Here are the top 3 ways you can protect your business from foreign (and domestic) malicious attacks, and in turn keep your customers, and you, safe.

1. Monitor Your Network Traffic

Having clear visibility into what’s coming into your network and what’s going out of your network is key. Think of it as a cyber stake-out. You’re looking for any activity that is out of the ordinary.

  • Is the inbound and outbound network traffic busier or more congested that normal?
  • Are chunks of sensitive data being accessed at an unexpected rate?
  • Who is accessing that data — is it part of their role to use this data or is this unusual behavior?
  • Where are they accessing it from? This one can be tricky, since some hackers disguise their whereabouts making it hard to pinpoint their true geographic location.

2. Anomaly Detection

Being able to identify suspicious items, events and observations that differ significantly from the majority of your data — anomalies — can improve the overall state of your security. Anomaly detection enables early identification of ongoing attacks — both insider threats and external attacks — and enable you to rapidly respond so you’re not ambushed.

  • Choose an anomaly detection solution that fits your business, like Darktrace, Fireye, Cynet or @RISC. These tools detect positive and negative trends, changes in the dynamic range of values, and spikes and dips which could indicate abnormal behavior.
  • Add Endpoint Detection and Response (EDR) solutions that focus on detecting and investigating suspicious activities on hosts/endpoints.
  • Know the types of attacks out there by creating a dossier of new stories from reputable sources that report on the latest attacks, such as Security Magazine, Security Week and Threatpost, just to name a few.

3. Positive Security Model

The two steps above focus on looking for the odd and out-of-the-ordinary. Step 3 is the more “positive” approach, defining what is allowed and rejecting everything else. Where a negative security model focuses on blocking anything that looks wrong or malicious, the positive security model focuses only on what is permitted and rejects access to everything else.

  • Implements tighter security controls by severely limiting the vectors an attacker can exploit simply because everything that is not expressly allowed is automatically blocked.
  • Keeps up with the unknowns, making it harder for even sophisticated cyberattacks to infiltrate your network.
  • Gives you more control over what is granted access, however, it can be more burdensome keeping up with new applications and updates.

Strength in Numbers

If this seems like too much for your small MSP business to handle, then think about partnering with an MSSP. Combining the strength of a variety of MSP talents, MSSPs can help you build stronger technical and support capabilities, not only for your customers, but to protect your business. Look for a partner that is focused on security and who has a track record of best practices that they can share. Utilize their expertise in order to strengthen your security posture.

Taking more proactive security measures to protect your network upstream can, in turn, secure your customers’ networks and therefore their reliance on you.  MSP cyberattack