According to cyber-liability insurance provider Beazley Insurance Company, ransomware attacks increased thirty-seven percent in the third quarter of 2019. Twenty-five percent of those incidents were against managed service providers.
What are Managed Service Providers?
Managed service providers (MSPs) assist small- to medium-sized businesses (SMBs) with IT infrastructure and services, either on-site or virtually. MSPs provide services to numerous clients, and support clients remotely to provide the services in a cost-effect manner. It’s often cheaper and more convenient for municipalities and SMBs with limited technical needs and resources to rely on an MSP rather than hire full-time IT employees. However, cybercriminals are beginning to launch ransomware attacks on MSPs in order to infect the clients these providers have.
Ransomware Attacks on MSPs
Twenty-five percent of ransomware attacks in the third quarter were on MSPs. On July 3, employees at Arbor Dental in Longview, Washington, noticed glitches in their system and couldn’t view X-rays. Arbor Dental was one of dozens of dental clinics in Oregon and Washington affected by a ransomware attack on Portland-based PM Consultants Inc. Another attack on PerCSoft of West Allis, Wisconsin, deprived 400 dental practices around the country from access to electronic files.
Remember the ransomware attack that crippled 22 cities and towns in Texas? That was the result of a ransomware attack on TSM Consulting Services Inc. of Rockwall, Texas, who handled the cybersecurity for these cities and towns.
While ransomware attacks on MSPs are just now making headlines, cybercriminals have been after these targets since the beginning of the year. More interestingly, the National Cybersecurity and Communications Integration Center (NCCIC) published an advisory in October of 2018 warning MSPs of the impending threat. In the advisory, the NCCIC theorized that cybercriminals are looking to exploit the privileged trust relationship that MSPs have with their customers and access to their networks. It warned that attackers could exploit this IT supply-chain relationship to target clients of MSPs.
How to Select Your MSP
Gartner, a research and advisory company, recently predicted that worldwide spending on cybersecurity products and services will reach $124 billion by the end of 2019. A cybersecurity skills shortage coupled with changing regulatory and compliance regulations has more companies than ever turning to MSPs to manage part or all of their security needs. However, given the recent influx in cyberattacks against MSPs, it’s extremely important to do your research to ensure you are selecting the right MSP to manage your cybersecurity well-being. Here are five questions to consider when selecting an MSP.
Do they provide continuous monitoring?
While most MSPs tout their 24/7/365 monitoring policies, make sure you clarify that this applies to all levels of their managed services offerings, not just a ‘premium’ level that you may or may not subscribe to. Furthermore, what are their plans to communicate, investigate, and respond to an incident should it occur?
What kind of reports and updates will your MSP provide and how often?
Ask your MSP what type of reports and updates they will provide your organization on a regular basis. Also, inquire as to the exact frequency. No, you don’t need to know every alert; however, it’s important to know whether your company was a potential target of a cyberattack. These reports also help with reporting on regulatory and compliance requirements. Lastly, they can help with rationalizing cybersecurity controls and needs before these alerts become incidents.
What’s your shared security responsibility model?
Make sure you know what pieces of this relationship you and your company are responsible for. You need a clear delineation between what your organization is responsible for and what your MSP is responsible for in terms of security. Leave no wiggle room as the cost of an attack is no small matter.
Who does the MSP partner with?
It’s easy to assume that when you hire an MSP, they take care of everything themselves. However, most MSPs depend on third-party tools to help take care of the security infrastructure. This is a common practice and can work in your favor as you’re now receiving managed services and the best cybersecurity tools there are to offer. However, make sure you know who these vendors are upfront, so finger pointing can’t occur on the backend of a cybersecurity incident.
WatchPoint Fully Managed – Layered Security
Selecting an MSP who has the proper infrastructure and provides the best services can prove to be one of the most important aspects of not only protecting your business but keeping your business… in business. WatchPoint has bundled all of the security you need into one low-cost package, which we call WatchPoint Fully Managed. It is the most affordable comprehensive cybersecurity package for small and medium-sized businesses.
To learn more about the WatchPoint Fully Managed, contact WatchPoint today.
Photo courtesy of Mimecast