12-19-20 | Blog Post
The report continues “Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.” The Secret Service alert adds substance to the reality of 2020 cybercrime reports like 540M data breaches in the first half of 2020 and HHS reporting that, by August 2020, there were 298 healthcare data breaches totaling over 8.5M records. The Secret Service alert and the high levels of opportunistic cybercrime in this pandemic year suggest a need for MSPs to reexamine the security and compliance of services they provide and their customers to assure the services they purchase are backed by industry best security practices and, if required, a certified compliant Cloud environment.
Recommendations for the MSP
The Secret Service Global Investigative Operations Center (GIOC) provides excellent guidance for a review of best practices to help avert potential MSP based Cybercrime including:
Adding to this list provided by the Secret Service, it is important for the MSP to reassure their security and data protection capabilities are well aligned to prevent attacks and recover systems, processes and data should an attack still occur.
Recommendations for the MSP Customer
The GIOC also provides MSP customer recommendations:
Many of these recommendations are explained in-depth in an earlier Otava article related to Tackling the Rising Costs of Cybercrime. There is also a pertinent discussion of security and technical considerations provided in the recent Otava blog: Best Practices for the Remote Worker.
A Final Word For the MSP
Assure that all of your Cloud Solutions are backed by services from a certified compliant CSP that also offers “industry best” design, security, service, business continuity/backup and operational assurance. As Brad Cheedle, CEO of Otava is quoted in a recent interview about partnering to provide new compliant cloud services with an important MSP partner “By joining forces, we are making it easier and faster for companies to obtain fully managed digital applications that are secure and compliant end to end — starting at the application layer and all the way through our hosted infrastructure.
Additional Information
Tools to Assist Security, Compliance and Improved Cloud Economics
The speed of change and adaptation in today’s IT arena is highly exacerbated by the buildout of hybrid and multi-cloud networks. The adoption of SaaS as a supplemental or even primary source of application and information management adds even more layers of complexity and security concerns.
What is ransomware and how do you protect against it?
Video: Ransomware preparedness with Otava, Veeam and MSPs: Our panel covered many topics in a roundtable-style discussion, starting first by reviewing the main strains of ransomware prevalent in the industry today, and what they’re seeing in terms of risk mitigation.