Several cybersecurity agencies, including the Australian Cyber Security Centre (ASCS), have received reports of an increase in cyber attacks targeting managed service providers (MSPs) and expect that this will continue throughout 2022. To combat the threat, these agencies have issued a Cybersecurity Advisory targeted toward MSPs and businesses that utilise their services to minimise cyber risk.
With third party vendors posing a risk for businesses, as a potential attack vector – like the Kaseya incident in 2021 – it is critical for MSPs and businesses to implement security best practices.
Below are steps outlined in the advisory to improve MSP security posture:
- Prevent initial points of compromise. This can be done through improving security on existing devices, protecting internet-facing applications, and instituting cybersecurity awareness training to avoid employees falling for phishing scams.
- Implement or improve monitoring systems. Systems should be in place to monitor access points between the MSP and the organisation, and a process in place to report any flagged incidents so further investigation can be done.
- Implement multi-factor authentication (MFA) wherever possible, across systems.
- Manage insider threats and architecture risks, including not using the same credentials across accounts.
- Apply least privilege principles across all software and networks.
- Decommission obsolete accounts or infrastructure.
- Implement backup systems and a process for updating and patching vulnerabilities.
Improve your security posture and defend against cyber attacks. Our team can support your business through managed services, cybersecurity audits, and awareness training, ensuring your business maintains a strong security posture. Contact us to learn more.