CISA Issues MSP Security Advisory Amid Continued Cyberattacks Targeting MSPs
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a 12-step security advisory to help MSPs safeguard their businesses and customer networks from cyberattacks.
The advisory was “created in response to reports of increased activity against MSPs and their customers,” the CISA indicated. Among the basic first steps MSPs should take, the CISA recommended that MSPs and their end-customers:
- Identify and disable accounts that are no longer in use.
- Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
- Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.
The more expansive 12-step security advisory also describes how to:
- Prevent initial compromise
- Enable and improve monitoring and logging processes
- Enforce multi-factor authentication
- Manage internal architecture risks and segregate internal networks
- Apply the principle of least privilege
- Depreciate obsolete accounts and infrastructure
- Apply updates
- Backup systems and data
- Develop and exercise incident response and recovery plans
- Understand and proactively manage supply chain risk
- Promote transparency
- Manage account authentication and authorization
Department of Homeland Security, FBI, CISA: Multiple Cybersecurity Warnings to MSPs
The latest CISA advisory for MSPs surfaces nearly four years after the U.S. Department of Homeland Security in October 2018 warned MSPs about attacks targeting their networks. Amid continued attacks, the MSP industry faced a cybersecurity judgement day in 2019, ChannelE2E wrote at the time.
Fast forward to 2022, and the MSP industry (from software providers to service providers) has improved its cybersecurity posture in many ways — though more work needs to be done amid the CISA’s May 2022 advisory to MSPs.