Why threat actors are targeting MSSPs


MSSPs are being targeted by threat actors because they provide a relatively easy route into the heart of customer networks, or because they have attack tools threat actors want. So concerned are the cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States about the increase in malicious cyber activity targeting managed service providers (MSPs), that they issued a joint cyber security advisory to MSPs and their customers on how to minimise the risk.

Why is it important for Managed Security Service Providers (MSSPs) to have good security?

FireEye revealed in February 2021 that its systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world. Other incidences to note include Kaspersky, Bitdefender, Lastpass, and Cyberoam in 2015, and Okta in March 2022. MSS buyers should consider what security controls they should require of their MSSP and the assurance they need to be satisfied with their quality. Here are some questions to ask:

  • Can you describe what security controls you have in place that are appropriate for processing personal data?
  • What evidence do you have that your security controls work as you intend?
  • How much control do you have over the infrastructure you use to deliver the service?
  • What third parties are responsible for patching and maintaining these technologies?
  • How do you prioritise what software to patch?
  • How do you proactively fix vulnerabilities in software apps?
  • Who will have access to the data?
  • How can we be certain that individuals delivering the service are competent and trustworthy?
  • What access restrictions exist to prevent unauthorised access to data?
  • How would you know if they had been compromised?’