CISA Releases Advisory on Intensifying Cyber Threats Targeting MSPs

May 13, 2022
On May 11, CISA, the federal Cybersecurity and Infrastructure Security Agency, together with other security agencies, released a joint advisory on best practices regarding clear communication between managed services providers and customers

On May 11,  the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the United Kingdom’s National Cyber Security Centre (NCSC-UK), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) announced via a press release that it released an advisory regarding cybersecurity best practices for information and communications technology (ICT), concentrating on clear discussions between managed service providers (MSPs) and their customers on securing sensitive data.

The agencies expect state-sponsored advanced persistent threat (APT) groups and other bad actors to intensify targeting MSPs against both provider and customer networks.

The release states that “The advisory provides several actions that organizations can take to reduce their risk of becoming a victim to malicious cyber activity. Additionally, MSP customers should ensure their contractual arrangements specify that their MSP implements the measures and controls in this advisory, such as:

  • Prevent initial compromise by implementing mitigation resources to protect initial compromise attack methods from vulnerable devices, internet-facing services, brute force and password spraying, and phishing. 
  • Enable monitoring and logging, including storage of most important logs for at least six months, and implement endpoint detection and network defense monitoring capabilities in addition to using application allowlisting/denylisting. 
  • Secure remote access applications and enforce multifactor authentication (MFA) where possible to harden the infrastructure that enables access to networks and systems.
  • Develop and exercise incident response and recovery plans, which should include roles and responsibilities for all organizational stakeholders, including executives, technical leads, and procurement officers.
  • Understand and proactively manage supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources.”

Jen Easterly, CISA Director, was quoted in the release saying that “As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support—why it’s critical that MSPs and their customers take action to protect their networks. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

The full advisory can be accessed here.

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...