There is no question we live in unprecedented times in many ways. However, cybersecurity threats are at an all-time high with new and alarming risks popping up for businesses each day. Many industries and business sectors take the brunt of cyberattacks. However, Managed Service Providers (MSPs) are some of the most targeted due to the nature of what MSPs do. With the wide range of cyberattacks being carried out across the board, how can MSPs prepare for cybersecurity threats in 2021 and beyond? Let’s take a look at how they can do that in the following MSP cybersecurity guide.
Increased risks of cyberattacks in 2021 and beyond
There is no question there is an increased risk of cyberattacks in 2021 and beyond. It seems like there is a major cyberattack in the news each day, week, month. This trend shows no signs of decreasing. There are two highly dangerous risks that we will cover in this post:
- Supply chain attacks
One of the major tools attackers are using to compromise businesses is ransomware. In fact, according to Cybersecurity Ventures, there is a new ransomware attack on a business every 11 seconds in 2021.
Ransomware is unnerving since it can effectively lock up business-critical data and demand large ransom payments in return. New ransomware variants are taking the threat a step further by threatening the leak of data to the Internet if ransom demands are not paid. It highlights the measures that attackers are taking to attack business data.
Not only is ransomware targeting on-premises environments. It is also targeting cloud SaaS environments as well. These include Google Workspace and Microsoft 365 environments. With the shift of many businesses to a hybrid workforce, many are now making use of the communication and collaboration features found in cloud SaaS solutions.
Businesses must protect their data, both on-premises and in the cloud with proper data protection and data security solutions. Managed Service Providers (MSPs) who manage both on-premises and cloud SaaS environments for other customers must take the necessary steps to protect, not only their own data but also the data of their customers. Despite managing a service or a solution, the data is often what the attackers are after as this is the most valuable and disruptive to businesses if inaccessible.
The fallout of ransomware attacks can have real-world consequences as seen in the ransomware attack of the Colonial Pipeline. Attackers gained access to the critical systems of Colonial and the disruption in business-critical systems lead to shutting down some 5600 miles of pipeline from the south to the northeastern United States. The fallout from this shutdown event was a shortage of gasoline along the entire Eastern Seaboard.
It shows that ransomware is not just a problem for high-tech services. It can lead to real-world challenges and hardships that may not seem directly related. It helps demonstrate the grim reality of ransomware threats today. Ransomware can hit businesses, including MSPs when they least expect it and lead to the loss or leak of business-critical data across the board.
Supply chain attacks
Additionally supply chain attacks, while much more difficult to pull off, are becoming increasingly common. With a supply chain attack, an attacker can compromise a single distribution chain and affect hundreds, if not thousands of customers in the process. How does a supply chain attack work?
Supply chain attacks target reputable and trusted hardware or software vendors. Since there is established trust between customers and a reputable vendor, most trust the hardware and software carte blanche. Most organizations do not continue to scrutinize products or solutions from these types of vendors as it is just assumed they are free from any malicious threat.
Attackers play on this implied trust and infiltrate the supply chain used by the vendor. If successful, they can implant malicious hardware, or software in the supply chain so that all the vendor’s customers receive the malicious hardware or software. Again, since there is implied trust, most customers do not scrutinize new hardware or software updates from the vendor.
Examples of significant supply chain attacks have been seen recently. In the SolarWinds hack in December 2020, hackers infiltrated SolarWinds infrastructure and implanted malicious code in the SolarWinds Orion product that was distributed via an update. This affected many SolarWinds Orion NMS customers.
An even more recent attack on Kaseya’s VSA product, used by MSPs worldwide, lead to some 800-1500 customers being attacked with ransomware. Supply chain attacks are especially one that MSPs should pay attention to as they are square in the sights of attackers with this type of attack. Attacking MSPs leads to a much larger “blast radius” and “bang for their buck” type attack. A successful attack on one MSP can yield attackers thousands of compromised customers. For their effort compromising an MSP’s network management software (NMS) software such as Orion or VSA proves incredibly fruitful.
How can MSPs prepare for cybersecurity threats in 2021 and beyond?
For Managed Service Providers (MSPs), it requires a multi-layered approach of both data protection and security to help stifle the threat posed by cyberattackers. Let’s consider the following steps MSPs can take to lessen the cybersecurity risks for their organization and customers alike.
- Enforce multi-factor authentication
- Least privilege access enforcement
- Enforce network segmentation
- Ensure data backups of on-premises and cloud SaaS
1. Enforce multi-factor authentication
More often than not ransomware and other cybersecurity breaches are a result of compromised credentials. Stolen credentials allow an attacker to assume all the expressed rights and permissions of a legitimate user and the date they can access.
According to the IBM Cost of a Data Breach 2021 report, 20% of breaches are initially caused by compromised credentials and was the most common initial attack vector. All an attacker needs to know is the username and password and they have access to the environment. These can easily be retrieved using a phishing attack through email, or even a brute force attack and password spraying.
Multi-factor authentication requires multiple “factors” of information before a user is authenticated. With multi-factor authentication and specifically two-factor authentication which is the most popular today, users must know the password AND have possession of a one-time password that is generally delivered using a smartphone or other device. It makes compromising an account exponentially more difficult.
MSPs must ensure they have multi-factor authentication enabled on their own systems as well as customer systems as possible. This helps to drastically strengthen the overall cybersecurity posture of the MSP and customer environments.
2. Least privilege access enforcement
Closely related to enforcing multi-factor authentication is enforcing least privilege access. It has to do with the privileges assigned to users. With least privilege access, users only have the permissions they absolutely need and no more than that. All too often user accounts are drastically overprovisioned from a permissions standpoint because this is the easy route. It ensures users can access what they need. However, it doesn’t take security into consideration.
MSPs must ensure their systems are provisioned with least privilege access and customer environments are managed in this way also. If there is a compromise due to stolen credentials, it helps ensure the privileges of the stolen account are minimal.
3. Enforce network segmentation
MSPs must make sure systems are properly segmented from a network perspective. All too often SMB environments have one giant flat layer 2 network that includes servers, devices, and client devices. Open, flat, layer-2 networks allow attackers to easily move laterally once they are inside the network. Business-critical servers and other critical data are at risk on networks that are not segmented.
Also, ensuring MSP networks are properly segmented from customer networks also helps to reduce the attack surface if anyone environment is compromised or infected with ransomware.
4. Ensure data backups of on-premises and cloud SaaS
Last but not least, as MSPs prepare for cybersecurity threats in 2021 and beyond, they must ensure data backups of on-premises and cloud SaaS environments. Backups are the absolutely critical component to any disaster recovery and data recovery plan. If ransomware or other data disaster hits, having proper backups of on-premises and cloud SaaS environments helps ensure data is protected from disaster.
It means MSPs must leverage capable and fully-featured backup solutions able to protect data in modern hybrid environments that include both on-premises, cloud, and hybrid cloud solutions, featuring cloud SaaS environments. NAKIVO Backup & Replication is a modern backup solution that provides robust capabilities to protect business-critical data. Take note of the key feature of recent releases of NAKIVO Backup & Replication:
- Two-factor authentication
- Immutable ransomware-proof local repositoreis
- Direct Connect (No-VPN)
- Backup and recovery of Exchange Online contacts and calendars
- Backup & Recovery of SharePoint Online
- Lock Backup Object sin AWS S3
- Backup & Recovery of Microsoft OneDrive for Business
NAKIVO provides the modern data center backup tools to protect the needs of businesses today that span across multiple infrastructures and “as-a-Service” cloud SaaS environments.
- Learn more about the latest release of NAKIVO Backup & Replication here.
Read my other posts covering NAKIVO functionality:
- NAKIVO Backup and Replication v10.4 GA Released for Download
- How to Recover from a Ransomware Attack with NAKIVO
- Backup Microsoft Office 365 for Remote Workers with NAKIVO
- Backup and Restore OneDrive for Business with NAKIVO
- Configure Wasabi Backup Repository in NAKIVO
As MSPs prepare for cybersecurity threats in 2021, they must give due attention to modern cybersecurity threats as these can destroy, leak, or otherwise steal sensitive business-critical data. Ransomware and supply chain attacks are two very dangerous modern threats to MSPs and others. MSPs are a hot target for attackers since compromising a single environment can lead to the compromise of hundreds or thousands of customers.
MSPs must give attention to best practice security hygiene, including the areas mentioned in this post. Also, MSPs must use effective data protection solutions like NAKIVO Backup & Replication to ensure data is protected and able to be recovered in a disaster recovery scenario.