This simply can't keep happening. If the initial reports are accurate, the MSP had not enabled two-factor authentication on this critical infrastructure. That's inexcusable. This industry is better than this and we will suffer damage to our collective reputation if these attacks do not stop. While two-factor authentication does not equate to cybersecurity nirvana, everyone acknowledges that it's one of the best defenses we have at present.
It will be interesting to learn more as the facts come to light, but for now, it's an opportunity to put this in everyone's immediate focus. If you're being negligent in securing your own infrastructure, thereby becoming a significant risk to your clients, you simply should not be in this business any longer. You just don't understand the risk.
This is part of the reason why the TSP-ISAO was formed. This neutral non-profit Information Sharing and Analysis Organization exists to help MSPs confront these threats. The goal is to help MSPs be more secure and therefore better secure their clients. Member
ship is free for all of 2020 and is projected to be as low as $99 per year thereafter. If you are an MSP, you simply must belong to this organization. Full disclosure, I am the Executive Director for the TSP-ISAO. Our membership is growing daily, because those who understand the risk, understand they need our help.
The mission of the TSP-ISAO is the raise the cybersecurity resilience of the global technology solution provider industry. This encompasses MSPs, CSPs, MSSPs and all other technology solution providers, thus the overarching TSP acronym. Please join, share your threat intelligence and consume the qualified threat intelligence that the TSP-ISAO is offering. Together we can fight back!