Organisations have been urged to secure their supply chains following Russia’s invasion of Ukraine in a joint advisory by the Five Eyes nations.
The document, ‘Protecting Against Cyber Threats to Managed Service Providers and their Customers,’ has been issued jointly by relevant government agencies from the Five Eyes security alliance. These are the UK’s National Cyber Security Centre (NCSC), the US’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS) and the New Zealand National Cyber Security Centre (NZ NCSC).
The advisory includes the latest security advice managed service providers (MSPs) and their customers can take to reduce the risk of falling victim to cyber intrusion. This is designed to enable transparent discussions between MSPs and their customers on securing sensitive data; for example, encouraging customers to ensure their contractual arrangement specifies that their MSP implements these measures and controls.
Among the practical measures outlined are implementing tools to prevent initial access methods such as phishing, enabling/improving monitoring and logging processes, enforcing multi-factor authentication (MFA), managing internal architecture and segregating internal networks and applying the principle of least privilege.
Impact of supply chain attacks
The advisory follows an earlier UK government report proposing that MSPs should be added to a list of companies which provide essential services. If they don’t have effective cybersecurity measures in place they will be subject to a £17 million fine.
“What’s interesting about the latest advisory is that while it issues practical advice on improving cyber resilience, it is not aimed wholly at MSPs,” said Daniel Hurel, VP Westcon EMEA – cybersecurity & next gen solutions at IT distributor Westcon.
You might also like
“Instead, it is aimed at building awareness around the impact of supply chain attacks which is a positive move from Five Eyes leaders. MSPs have an important role in securing the IT channel and businesses but putting the responsibility of security solely on them sends the signal that the onus is on them to step up to protect organisations. This could lead to companies becoming complacent about their own security practices when businesses should really be working together with their MSPs to secure their IT and their people.
“That said, software is not the main vulnerability for businesses, it’s the human element within a computer system. Human error is the most direct and cost-effective route for hackers and as a result, it’s the one that’s most targeted. The latest advisory even cited phishing techniques as one of the primary technique’s hackers are using to begin their supply chain campaign. As advised, businesses and MSPs should focus on endpoint security protection such as multi-factor authentication. This not only acts as an initial buffer against bad actors, but also provides a robust shield against ransomware. Like any other individual cybersecurity tool, though, this is not a full proof solution and security awareness needs to be a priority amongst your staff.”
Hurel said that businesses can have all the security technologies, solutions, and engineers at their disposal, but the most effective way to avoid ransomware attacks is still” a well-informed, educated team trained to properly identify risks.”
Security a team sport
The Fire Eye advisory refers to N-able’s latest MSP Threat report which was published in March. Dave Mackinnon, CSO at N-able said the firm’s research has found that nine in 10 MSPs have experienced a successful cyberattack in the last 18 months with, some of the most common attacks being phishing, vulnerability exploitation, and credential abuse.
“I’m sure that MSPs will follow the government’s advice in bolstering their cybersecurity over the next few months, but security is a team sport. The MSP community must communicate with their partners and clients about improving their security internally and share information collaboratively across the space. Supply chain attacks cannot thrive if everyone communicates and understand the role that they can play.”