In the wake of the pandemic, accelerated digital transformation efforts and the shift to the cloud have compelled many organizations to outsource a range of IT services to managed service providers (MSPs). At the same time, more and more MSPs are being targeted by increasingly sophisticated cybercriminal groups, including state-sponsored groups.

According to a report from N-able published in 2022: 

• “Almost all” MSPs suffered a successful cyberattack in the previous 18 months
• 90% of MSPs have seen an increase in cyberattacks since the pandemic started
• 82% of MSPs’ customers have seen an increase in attempted cyberattacks

Since they can act as gateways to hundreds or thousands of other customers, the choice to target MSPs is clearly strategic. Their systems can grant access to customers’ data, environments, and IT operating technology. Malicious actors can even gain access to security software, such as remote monitoring and management (RMM) software, which they can use to carry out a variety of other attacks.

Despite the uptick in cyber aggression, many MSPs are falling short in several key security areas. N-able’s report found that only 40% are implementing two-factor authentication (2FA), for instance, and only 40% are backing up workstations every 48 hours or less.

Yet there is a silver lining.

Small- and medium-sized enterprises (SMEs) are increasing their security budgets, which gives MSPs an opportunity to sell more and better security services – but before selling these services, MSPs must first enhance their own security posture.

5 Steps to Improving the Security Posture

According to the cybersecurity firm Perimeter 81, MSPs should follow several key steps to better protect themselves and their customers:

• Segregate internal networks. Identifying, grouping, and isolating systems can reduce the impact of a compromise. Connections between customers’ systems, internal systems, and other networks should be reviewed and verified. Customers’ and MSPs’ data sets should be separated, and administrator credentials should be unique for each customer.
• Use the principle of least privilege. The principle of least privilege should be applied across the network environment. Administrative privileges should be updated immediately upon changing roles, and unnecessary privileges should be removed with a tiering model. Risk and access should be further reduced through time-based privileges, location-based privileges, and by restricting access to high-risk devices, services, and users.
• Enforce multi-factor authentication (MFA). As mentioned, only 40% of MSPs use 2FA, but using MFA can prevent 99.9% of attacks on accounts, according to Microsoft. MSPs should therefore enforce MFA internally on all accounts that have access to customer environments, and customers should adopt MFA across all services and products provided by MSPs.
• Improve monitoring and logging. A separate logging regime should be used to detect network threats. All service delivery activities should be logged and, depending on the contractual agreement, MSPs should log both internal and customer network activities. Endpoint detection and network defense monitoring capabilities, along with application allow/deny lists, should also be implemented.
• Implement a Zero Trust security solution. A Zero Trust security solution, with technologies such as Zero Trust Network Access (ZTNA), eliminate implicit trust as much as possible and continuously reverify access requests. When compared to legacy approaches and architectures, Zero Trust security solutions can dramatically improve detection, prevention, and containment.

Recommendations such as these – along with the adoption of industry-leading Zero Trust platforms, such as that offered by Perimeter 81 – can significantly mitigate risk in an increasingly sophisticated and hostile cyber threat landscape.

If you would like to learn more about Zero Trust, ZTNA, and how a Zero Trust security solution can help safeguard you and your customers, please join us in the webinar, Securing Access with Perimeter 81 and Ingram Micro. In this session, we show how Perimeter 81’s modern, integrated cybersecurity platform can enable Zero Trust in minutes, not days.