MSPs are being targeted by “threat actors” to access customer networks, according to a new advisory report penned by the United Kingdom, Australian, Canadian, New Zealand, and US cybersecurity authorities
The idea is that the “threat actors” are targeting MSPs to access customer networks in “efforts to exploit provider-customer network trust relationships”.
“Threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base”, the warning said.
A document released by authorities provides steps and advice for partners to bolster their security strategy.
This includes identifying and disabling accounts that are no longer in use (shadow IT), enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments and ensuring MSP-customer contracts transparently identify ownership of ICT security roles and responsibilities.
“This advisory provides specific guidance to enable transparent, well-informed discussions between MSPs and their customers that centre on securing sensitive information and data”, the document said.
“These discussions should result in a re-evaluation of security processes and contractual commitments to accommodate customer risk tolerance. A shared commitment to security will reduce risk for both MSPs and their customers, as well as the global ICT community.”
The warning released by authorities this week is the latest call to action for the channel to consider its security procedures by the government.