We can no longer ignore the reality that cybercriminals are targeting MSP organizations. The question is what we should do about it as a profession.
MSPWorld 2019 will be addressing this issue in great detail. Here is what we will be covering.
MSPs as Targets
Does this change anything? MSPs have been advocates for IT security for decades. What has changed is MSPs need to treat themselves like a customer.
MSPs should monitor, manage, and treat everything that goes on in their network like they would a customer. This includes watching out for unexpected internal changes which can leave your MSP practice vulnerable to external attack.
Because we know that most vulnerabilities are caused by human behavior, approaching your MSP team as possible attack vectors is probably a wise idea.
Talk with your Team
Nothing is more important than having an honest dialog about why you are implementing higher levels of scrutiny within your managed services practice. Cybercriminals targeting MSPs is a sign of the pervasive use of managed services and of how important MSPs have become in our society.
Your MSP team needs to hear that. Your team also needs to understand that with greater notoriety and adoption comes greater responsibility. MSPs need to be more cautious and mindful of what is happening. Having this dialog will help engage your team to be more effective at catching any bad cyber actors.
Increased Internal Review
To safeguard your MSP practice from external threat, you must begin watching! There are very few examples of bad MSP behavior, but it does exist, just as it does in every profession. What distinguishes a trustworthy profession from an untrustworthy one is how we handle internal threats.
MSPs need to be constantly vigilant in monitoring and reviewing internal work to be assured that there is no bad activity going on. Honest mistakes can happen. A good MSP will identify those mistakes, correct them, and implement policies to prevent those activities from happening in the future.
We live in a different world than we used to 20 years ago. The managed services profession has changed a lot. If you operate or work in an MSP practice, being aware of the threats facing your organization is an essential first step to maintaining your trusted advisor status.