Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves
From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.
Conduct Due Diligence During Acquisition Process
MSPs generally ramp up their services offering through acquisitions, which can result in tool sprawl as the MSP acquires different companies and tries to promote their services globally, said Gee Rittenhouse, senior vice president and general manager of Cisco Secure. It’s hard to examine a company’s tools and source code before a deal closes, which Rittenhouse said can result in temporary exposure for the MSP.
The developers coming in through acquisition often have a different level of security awareness than the developers already working at the MSP, and often have different build systems and development tools based on a different development pipeline, according to Rittenhouse. MSPs need to level set and bring all developers up to the same level of security awareness knowledge, Rittenhouse said.
Tool sprawl is problematic following an acquisition by an MSP, and Rittenhouse said MSPs need to deal with it fairly quickly to ensure there’s a uniform, world-class process for pushing out updates as quickly as possible.