Advertisement

Security News

Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves

Michael Novinson

From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.

Limit Scope Of MSP Access In Customer Organization

MSPs should limit their scope of access in the customer’s organization to minimize the blast radius in the event a supplier like Kaseya is compromised, said Colin Henderson, OneTrust’s vice president of security. MSPs should document the minimum level of access needed for the services they provide to customers since many only need to deploy on a segment of the network without full access to the entire company.

If an MSP purchases a solution from a vendor and deploys it into the customer’s network while retaining access to the entire network, then any type of corrupted update or event could give the adversary unfettered access to the victim’s systems, Henderson said. MSPs should consider how far their technology needs to reach in the customer’s network and limit their access to that, Henderson said.

If customers allow only the minimum amount of MSP access necessary, then a system compromise likely cannot be leveraged by the hackers to get into other systems in the victim’s environment, according to Henderson. MSPs must treat their environment with more care since they have direct hooks into so much of their customer’s environments, Henderson said.

 
Learn More:
Advertisement
Advertisement
Sponsored Post
Advertisement
Advertisement