The cybersecurity authorities of the Five Eyes intelligence alliance — the U.S., U.K., Australia, Canada and New Zealand — say they expect managed service providers (MSPs) and their customers to continue to be targets of malicious cyber activity.
On May 11, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partner nations issued a 12-step security advisory to help MSPs safeguard their businesses and customer networks from cyberattacks, according to ChannelE2E, an SC Media partner site.
Among the basic first steps MSPs should take, CISA recommended MSPs and their customers:
- Identify and disable accounts that are no longer in use.
- Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
- Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.
ChannelE2E noted that CISA’s latest advisory for MSPs comes nearly four years after the U.S. Department of Homeland Security in October 2018 warned MSPs about attacks targeting their networks. Amid continued attacks, the MSP industry faced a cybersecurity judgment day in 2019, ChannelE2E wrote at the time.
The more expansive 12-step security advisory also describes how to:
- Prevent initial compromise
- Enable and improve monitoring and logging processes
- Enforce multi-factor authentication
- Manage internal architecture risks and segregate internal networks
- Apply the principle of least privilege
- Depreciate obsolete accounts and infrastructure
- Apply updates
- Backup systems and data
- Develop and exercise incident response and recovery plans
- Understand and proactively manage supply chain risk
- Promote transparency
- Manage account authentication and authorization
