OT Security, MSP, Content

CISA Issues MSP Security Advisory Amid Continued Cyberattacks Targeting MSPs

An abstract design of a terminal display, warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warnings and single character exclamation marks. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, anti-virus failure, etc…

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a 12-step security advisory to help MSPs safeguard their businesses and customer networks from cyberattacks.

The advisory was "created in response to reports of increased activity against MSPs and their customers," the CISA indicated. Among the basic first steps MSPs should take, the CISA recommended that MSPs and their end-customers:

  • Identify and disable accounts that are no longer in use.
  • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  • Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

The more expansive 12-step security advisory also describes how to:

  1. Prevent initial compromise
  2. Enable and improve monitoring and logging processes
  3. Enforce multi-factor authentication
  4. Manage internal architecture risks and segregate internal networks
  5. Apply the principle of least privilege
  6. Depreciate obsolete accounts and infrastructure
  7. Apply updates
  8. Backup systems and data
  9. Develop and exercise incident response and recovery plans
  10. Understand and proactively manage supply chain risk
  11. Promote transparency
  12. Manage account authentication and authorization

Department of Homeland Security, FBI, CISA: Multiple Cybersecurity Warnings to MSPs

The latest CISA advisory for MSPs surfaces nearly four years after the U.S. Department of Homeland Security in October 2018 warned MSPs about attacks targeting their networks. Amid continued attacks, the MSP industry faced a cybersecurity judgement day in 2019, ChannelE2E wrote at the time.

Fast forward to 2022, and the MSP industry (from software providers to service providers) has improved its cybersecurity posture in many ways -- though more work needs to be done amid the CISA's May 2022 advisory to MSPs.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.