CISA Issues MSP Security Advisory Amid Continued Cyberattacks Targeting MSPs -

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a 12-step security advisory to help MSPs safeguard their businesses and customer networks from cyberattacks.

The advisory was "created in response to reports of increased activity against MSPs and their customers," the CISA indicated. Among the basic first steps MSPs should take, the CISA recommended that MSPs and their end-customers:

Identify and disable accounts that are no longer in use.

Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.

Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

The more expansive 12-step security advisory also describes how to:

Prevent initial compromise

Enable and improve monitoring and logging processes

Enforce multi-factor authentication

Manage internal architecture risks and segregate internal networks

Apply the principle of least privilege

Depreciate obsolete accounts and infrastructure

Apply updates

Backup systems and data

Develop and exercise incident response and recovery plans

Understand and proactively manage supply chain risk

Promote transparency

Manage account authentication and authorization

Department of Homeland Security, FBI, CISA: Multiple Cybersecurity Warnings to MSPs

The latest CISA advisory for MSPs surfaces nearly four years after the U.S. Department of Homeland Security in October 2018 warned MSPs about attacks targeting their networks. Amid continued attacks, the MSP industry faced a cybersecurity judgement day in 2019, ChannelE2E wrote at the time.

Fast forward to 2022, and the MSP industry (from software providers to service providers) has improved its cybersecurity posture in many ways -- though more work needs to be done amid the CISA's May 2022 advisory to MSPs.