Cyberattacks on MSPs: Expect the Unexpected

The recent cyberattack on MSP software provider, Kaseya, was unfortunate and costly – but not unexpected. This event was preceded by other similar ransomware attacks, albeit in other industries, demonstrating the vulnerability of all networked systems no matter how much we tout our security processes. I’m speaking from experience as IT By Design (ITBD) – a proud “Master MSP” – was once a cyberattack victim itself.

Reality can break your heart.

It was June 18, 2019. I was in my office and had just finished a call when the phone immediately rang. I was stunned to learn that our systems had been compromised via one of our third-party vendors. It was a first for us. Our console was used to deploy ransomware. The attack had spread to eight of our customers. Thanks to our cybersecurity protocols, we quickly detected and quarantined the ransomware. Just 48 hours later, 96 percent of affected systems were restored and our impacted clients were operational with minimal to no data loss.

Yes, it could’ve been worse, but we did lose one client due to the event and our integrity took a hit. A big lesson we learned is that MSPs have blind faith in their third-party vendors. And we didn’t have to pay a ransom. So what did we do?

We thoroughly reviewed our infrastructure, processes, and policies to mitigate against future threats. We employed a third-party company to assist with the assessment and discovered some gaps that we had to remediate. Here they are and how we responded:

  • We weren’t SOC 2 Type 2 compliant – So we became certified via an IT consulting firm.
  • Lack of Multi-factor Authentication (MFA) on all systems – We have since implemented MFA on all tools.
  • Some of our external systems had shared accounts – We assigned individual, privilege-based accounts to all engineers who require access to our systems.
  • Weak client/partners Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) – We validated our internal acceptable downtimes and recovery points, and worked with our customers to align and document expectations should there be future incidents. Solid backup and disaster recovery systems are now a mandate.
  • A lack of vulnerability tests and patches on external partners’ systems – While our internal systems were tested on a quarterly basis, some external partners were not. We now perform audits of our partners and ensure they follow NIST and AICPA best practices.

Since risks and exposure continue to occur in any company, ITBD contracted the services of a third-party security firm to perform quarterly vulnerability tests on our systems.

Anti-Cyberattack Necessities

Here’s a checklist that will help reduce your odds of being a cyberattack victim and lighten the impact if you are:

  • Be sure that you don’t have any of the gaps noted above in your network. If nothing else, do yourself a favor and enable two-factor authentication on your RMM and security products.
  • Have the appropriate controls and programs in place that follow NIST guidelines.
  • Invest in cyber insurance, including Errors & Omissions (E&O) insurance and general liability coverage for yourself, your customers, and your third-party vendors (don’t have blind faith in your third-party vendors).
  • Make sure you have a reliable and tested data backup.

Though we all lament after a cyberattack, don’t dwell on the negative impact it incurs should you fall victim one day. Instead, view such incidents as a punch-to-the-gut reminder to always be on top of your internal and external certifications, processes, and protocols, and be prepared to respond to your clients in a timely and professional manner.

But while you’re improving your systems, know that hackers are improving their skills as well. That’s why you should always expect the unexpected.

User Avatar
Kam Kaila

Kam Attwal-Kaila is a Partner and President of IT By Design. Having been with the company since 2005, Kam is ITBD’s Brand Ambassador and responsible for building the brand worldwide. She leads the company’s Community initiatives and is the engine behind Build IT; a channel event that facilitates sharing of knowledge by channel educators through templates, tools, and scorecards that help MSPs grow. Along with being a Partner of ITBD, she is the recipient of numerous accolades for channel excellence, including multiple Woman of the Channel and Power 70 accolades, and Influencer of the Year. She is a leader in providing educational content to the IT Channel at other events, webinars, and channel publications.

Kam has a double master’s degree from Rutgers University and the New Jersey Institute of Technology. She has been a professor at Rutgers University and Hudson County College. A mother of three, she is actively involved with her family and community work.

Leave A Reply

Your email address will not be published. Required fields are marked *