29
October 2021
MSPs and Ransomware - the weakest link
Mark Warren
It's an old proverb, but "a chain is as strong as its weakest link" still holds very true, especially when considering the possible ways an attacker can infect an organisation.
Quite rightly, much attention has been paid to the risks of unwitting staff being the victims of increasingly complex phishing attacks. It's too easy to dupe someone to click an unsafe link or install an infected piece of software. There are many ways to defend against that weakness, including better training and software the limits the risk of installing malware.
But an increasingly rich vein of attack opportunities is the IT supply chain. That's a wide-ranging and complex set of potential attack vectors. For example, it may include the organisation's HR system supplier, the managers of their air conditioning, the host of their web server, and hundreds of other suppliers and partners involved in a modern business.
For good business reasons, it's attractive to let external partners provide these specialists systems and services, so it's a fast-growing pattern for most IT teams to outsource systems that used to run on-premises.
But, that growing dependency is also increasing the risk of attack.
Managed Service Providers (MSPs) are a rich target for attackers. It's just a question of economics: if they can infect one MSP, then all that MSP's customers become victims of the attack without more effort. Attacks via an MSP isn't a theoretical risk; here's a recent example of how the group behind the Solarwinds attack are shifting their focus towards MSPs.
"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and [to] establish a mechanism for surveilling -- now or in the future -- targets of interest to the Russian government" - Microsoft.
Recently, Andy Harris wrote about this risk of the "buffalo jump" waterfall effect of an attack on an MSP.
To understand the situation better, Osirium commissioned independent research to gather data which you can download in this free executive summary: "The Ransomware Index - Supplier Risk."
The research shows that IT teams understand the risks to some degree but aren't yet doing enough to formalise their suppliers' protection requirements.
Encouragingly, some fundamental protection can make a big difference. Crucially, access to the MSP's systems needs protection using access management. Privileged Access Management (PAM) ensures only the right people have access to those systems such as client management systems, remote access servers, databases and much more.
For MSPs, the research shows that ransomware protection is a hot topic for their clients, so they should take more action to improve that service. It can also be a competitive differentiation in a fast-growing market.
If you'd like to know more, please get in touch.
The first part of the Ransomware Index focused on protecting backups to minimise damage from an attack and be ready to recover when an attack happens. That report is still available here.