Over the past 24 months we have seen increasing numbers of Managed Service Providers experiencing Ransomware attacks. This is an unpleasant and concerning theme for business owners so we thought we’d put an article together to help prepare you to defend your MSP business against cyber attack.
Here are a few reminders which may help you in your defense; these might be obvious or well known, but we have seen people go through the worst times of their working lives as a result of cybercrime.
This list is not exhaustive – it covers things we have seen/heard from Service Providers like you – so hopefully they are relevant. If you have other points that might help, please share them.
Stopping for a moment and reviewing your security processes and systems might turn out to be time well spent, even if this prompts some internal questions/thoughts it might help.
Backups are your primary defense against ransomware
Ransomware attackers will seek to destroy your backups first – without backups, you may have no option but to pay them to get your data back. So not only do you need to ensure your backups are good, you need to make sure your backups are safeguarded.
Ensure your backup systems have tightly controlled access and are not accessible from the systems they are protecting, ideally your offsite copies are completely isolated. Attackers will have scripts that seek common backup systems, follow your backup vendor guidelines.
Everyone knows they should, but not everyone does – if you can, check/test your backup and recovery procedures. If you can’t test everything, at least ensure your core customer file data, databases and identity systems are well covered in your DR plans.
Upgrade from CPSM to Atria
Older versions of Citrix CPSM use Legacy TLS protocols and are often running on an older Operating Systems. We have a pain free path for upgrade and can swap in more modern server infrastructure at the same time – get in touch, we can help get this fixed.
Mandate MFA for Atria
We introduced MFA for Atria over 3 years ago. In the last few weeks, it’s become apparent that not all our customers are aware. An Atria login has potentially high privileges and users aren’t the best with passwords – ensure they are protected with MFA.
We strongly recommend you enable for all users that can login to Atria (Especially critical if Atria is public facing). If you want help, log a ticket and we’ll help get it done.
Mandate MFA for end-users everywhere
Microsoft 365 is the most attacked platform on earth? Many companies store all their corporate information in SharePoint, Teams and Email. If you do nothing else, make sure your customers and your staff all have MFA enforced on their Azure AD accounts. Security defaults were introduced a while back and are enabled for tenants created post October 2019 – many older tenants may not have this enabled. Worth checking.
If you are running hosted desktops – make sure you have an MFA solution enforced for these as well, if not this will be a potentially easy way into your internal network.
Firewall Controls
Do you think anyone in your organization has ever opened a firewall port to get round a problem and then didn’t get round to closing it? A vulnerability on a server could be the foot in the door for an attacker. Check your current state, review who needs/has firewall access, consider if your change control processes are giving you the right level of control.
Apply Updates
Everyone knows security updates are important, but it’s still common to find “unmaintainable” systems in operation. Even if you don’t think there are any (as a business owner), ask the question – somebody in your engineering team may know more than you do. Migration projects finish, but the last step of switching off the old machines gets forgotten, or one last service remains! Consider an audit/check and clean up.
File Shares and Permissions
Attackers will seek open file shares to destroy. A mistake with permissions configuration could mean file shares are exposed to an unintended audience. This could mean wider impact, or exposure of customer data. If sharing file servers across multiple customers, and with human process involved – possibly worth investigating further.
Education
Despite working in the technology business, everyone is susceptible to social engineering attacks. Helpdesk staff in particular are your frontline and often have a lot of power when it comes to access control.
There will be others, but solutions like Microsoft Defender for Office 365 Plan 2 – allow you to Simulate a phishing attack with Attack simulation training. This comes with a cost, but you can run a 90 day free trial.
Atria can also help here by reducing the administrative access your staff have to your customers data.
Cyber Insurance
Cyber protection policies have not yet become mainstream. In a recent study, the OECD estimated 70% of cyber related losses were uninsured.
Good Insurance coverage has been critical to the survival of many MSPs. Aside from the financial cover, the insurer will help steer you through the recovery process. This importantly includes handling the PR side of things.
Cyber policies come with an increasingly high premium. What we know is that:
- Premiums will continue to increase
- Insurers will demand Increased standards of security from MSPs
- The foreseeable geo-political landscape means an increasing volume of State Sponsored cyber attacks against businesses.
If you don’t yet have cover, your insurance broker should be able to help with this.
EndPoint Detection and Response (EDR) Solutions
Over the past decade Anti-virus/anti-malware solutions have transformed into the EDR category. The leaders in this field clearly offer an increased level of protection against Ransomware attacks. The majority of MSPs will already be running these systems on infrastructure.
Modern EDR solutions detect and stop abnormal behaviours occurring on a machine. They dont just look for the signature of a previously known piece of malware. We commonly hear our customers are using SentinelOne, CrowdStrike and more recently Microsoft Defender for Endpoint. Read Gartner Peer reviews of EDR solutions here.
