MSPs: The Preferred Cyberattack Target in 2021

Amy Luby, chief channel evangelist, Acronis
Author: Amy Luby, chief channel evangelist, Acronis

As the end of the year approaches, experts from across the IT industry are looking into their crystal balls to see what the future might hold. After looking at their research findings and observations from the tumultuous year that was 2020, the cybersecurity analysts at the global network of Acronis Cyber Protection Centers identified several threat trends that managed service providers (MSPs) can expect to encounter in 2021.

In general, there are a few trends most of these projections seem to agree will continue. The industrialization of cybercrime will continue to ramp up as attackers use advanced technologies such as AI and automation to make their malware more effective. Remote workers will still be targeted since their systems outside the company network are less secure than those inside the network. Attacks on business processes will increase.

For the channel, however, the most pressing warning is that managed service providers and cloud services in general will be the target of choice during the coming year.

Why MSPs are being targeted

Cybercriminals are motivated by one thing: profit. As the 2020 Acronis Cyberthreats Report details, they will be looking to maximize the impact and profitability in the coming year by increasing the efficiency of their attacks.

Trying to break into the networks of multiple companies takes time and is inefficient. On the other hand, one successful attack against an MSP gives them access not only to the service provider’s network but also to all of their clients’ data as well. The potential revenue from a single attack increases exponentially in that situation.

There are steps that service providers of all types can take now, and they apply equally to clients as they do to their own systems.

Six steps MSPs can take now to prepare

To prepare for the coming increase in targeted cyberattacks, MSPs should adopt the following recommendations:

  1. Require strong authentication. The cutting-edge technologies cybercriminals now use have raised the stakes, as brute-force attacks can crack weak passwords quickly. If you haven’t already, requiring strong, unique passwords with multi-factor authentication wherever possible should be the default for your networks and your clients. You should also ensure the password reset function, shared cloud access tokens, etc. are safe and secure. Even better? Go one step further and have close monitoring of user logins and apply behavior analytics or zero trust verification.
  2. Update all of your software. With more than 1,000 vulnerabilities being identified every month, timely patching of software is critical to preventing it from being exploited in an attack. In addition to automating patching as much as possible, having an inventory of all devices and all software being used is also important to ensuring everything is kept up-to-date.
  3. Look for any existing threats on your system. Being aware that cyberattacks are likely coming is helpful, but do you know if you have a threat lurking in your system already? Unless you regularly run threat-hunting exercises, probably not – and cyberattackers generally have access to a victim’s network for an average of 220 days before ever being detected. Ensure your IT team is performing threat hunting so they become more familiar with all the logs and tools. Using the MITRE ATT&CK framework can help identify blind spots in your visibility.
  4. Secure backups and test restores and rollbacks. Given cybercriminals’ focus on MSPs and their clients, having integrated cybersecurity that specifically protects backed up data and DR systems is a must. Being able to scan backup files for hidden malware is also needed to ensure the data is clean and reliable for any restores needed. Then, make sure you’re running the exercises to test DR rollbacks. Confirming their effectiveness now ensures they are done quickly when the need is real.
  5. Centralize security orchestration. Security silos increase complexity and create opportunities for attackers. In addition to consolidating and automating your cybersecurity as much as possible, you should ensure visibility across silos – especially on cloud services where the logs might not yet be ingested – in a central place that allows for efficient orchestration of security actions across the network.
  6. Confirm who has access to what. Verify all of your clients’ cloud service configurations. An estimated 53% of organizations that use cloud services have accidentally left access open to the public, putting all of that data at risk. This includes cloud buckets, APIs and containers. Make sure you know who can connect to the elasticsearch DB and that no AWS buckets are mistakenly open to the public. If you don’t enforce the principle of “least privilege” – only giving users access that is essential to do their job – then now is the time to start.

Some of these recommendations may be familiar best practices – but if they have not been implemented yet, doing so now can have an immediate impact on the cybersecurity posture of your MSP business and your clients.

As cyberattackers turn their attention toward the IT channel in the coming year, the actions taken now can put you on a more secure footing. These simple steps are a highly recommended place to start.

Author Amy Luby is chief channel evangelist at Acronis. Read more guest blogs from Acronis here.