The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs).
CISA – along with the National Security Agency (NSA), FBI, and cybersecurity authorities from the United Kingdom, Australia, Canada, and New Zealand – warned MSPs to take action to reduce their risk of falling victim to a cyberattack.
“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”
MSPs include entities that deliver, operate, or manage information and communications technology services and functions for their customers. According to CISA, their offerings can include “platform, software, and IT infrastructure services; business process and support functions; and cybersecurity services.”
MSPs typically manage these services on their customer’s premises or hosted in the MSP’s data center. While MSPs can also offer cloud services, CISA noted this joint advisory “does not address guidance on cloud service providers (CSPs).”
The joint advisory recommends a number of actions MSPs can take to bolster their cyber defenses, such as implementing mitigation resources to protect against attack methods like password spraying and phishing.
The advisory also recommends MSPs enable monitoring and logging, secure remote access applications and enforce multi-factor authentication, develop and exercise incident response and recovery plans, and understand and proactively manage supply chain risk.
“This joint guidance will help MSPs and customers engage in meaningful discussions on the responsibilities of securing networks and data,” said Rob Joyce, NSA’s cybersecurity director. “Our recommendations cover actions such as preventing initial compromises and managing account authentication and authorization.”
The Federal agencies and international partners recommend all MSPs review the cybersecurity advisory and implement the actions “as appropriate to their unique environments.” They also recommend all organizations share any information about incidents and unusual cyber activity with their respective cybersecurity authorities.