In 2021, managed security service providers (MSSPs) and their clients faced a significantly altered ransomware risk. The popular Virtual System Administrator (VSA) remote administration program’s vulnerability was exploited by the Kaseya hack to infect an estimated 1,500 small-to-medium-sized enterprises (SMBs) globally with ransomware. The Cybersecurity and Infrastructure Security Agency (CISA) issues a warning that 2022 will bring more of the same.
Clients are naturally worried given the growing threats posed by ransomware. Are you outlining for yourself and your clients where your obligations as an MSSP begin and end? Misunderstandings about cybersecurity and ransomware duties and responsibilities can result in blame-games, inaction during a security event, and even discontent with the business partnership.
MSSPs are being actively targeted by cybercriminals as a gateway to targeted client accounts and other supply-chain partners.
Clients also anticipate the following mitigations and hardening within MSSP control:
- Putting in place effective network monitoring
- Closing any remote access ports that are no longer required for service provision
- Implementing the least privilege concept in client settings to restrict system access
- Logging data preservation, aggregation, and correlation
- Keeping lateral movement from occurring in the MSSP and client contexts
- As part of your services, managing client data backups and maintaining backups offsite
- Ensuring that cloud storage and services are set up
Clarity regarding who is in charge of what areas of cybersecurity management is crucial for MSSPs and their clients. MSSPs should use clear language when describing ransomware and cybersecurity roles and responsibilities to avoid any misunderstandings, especially when serving SMBs with minimal in-house IT or security knowledge. A Solution That Makes It Easier for MSSPs and Their Clients: Predict. Prevent. Detect. Learn more on protecting your business here.
