Last month, the United States Secret Service issued a warning titled "Compromised Managed Service Providers." The summary of this warning is that the Secret Service has seen increasing evidence of compromised MSPs. "Cyber criminals are leveraging MSPs to conduct a variety of attacks including point-of-sale intrusion, business email compromise (BEC), and specifically ransomware attacks.
If you are an MSP, this is not good news. The MSP market stands to be damaged by increasing attacks and warning like this. While this isn't the first time we've seen a warning about MSPs being hacked, we need to be doing better as an industry to prevent them.
As an MSP, you need to up your game, considerably. Becoming better at cybersecurity can be an expensive and complicated undertaking, but it doesn't really have to be. Get your team educated, so they understand the cyber landscape. Consider industry standard certification paths, like CompTIA's Security+, CySA+, PenTest+ and CASP+.
Another very important thing to do is get engaged as a member of the CompTIA ISAO. I've very excited to be the Executive Director of this important initiative that will help all MSPs raise their cybersecurity resilience and defend against these attacks. The CompTIA ISAO is presently in soft-launch with a new website at www.comptiaisao.org and a Cyber Forum to promote collaboration and trust among the members. If you are not already registered for CompTIA ChannelCon Online August 4-6, get registered as we will be formally launching the CompTIA ISAO during this event.
Getting certified and belonging to a vendor-neutral, member-led, non-profit Information Sharing and Analysis Organization like the CompTIA ISAO are some of the easiest best practices you can undertake to fight back against cyber criminals.
The only way to head off more attacks and not see more notices like the Secret Service alert mentioned previously, is to take important steps like these. The integrity of our industry and our global economy depends on it.