Why good security practices begin at home when defending against supply chain attacks

Global AI-based email security vendor talks protecting one billion mailboxes worldwide, and how it's helping MSPs, SMBs, and ISPs to grow

clock • 4 min read
Why good security practices begin at home when defending against supply chain attacks

Many MSPs have turned their attention to cybersecurity, branching out to offer their customers managed security services. However, making sure that their own cybersecurity is always top of mind is just as important as ensuring their partners are protected from adversaries.

MSPs increasingly find themselves the target of supply chain or "island hopping" attacks, as successfully breaching an MSP means gaining access to their customers' networks and data. As such, they are a lucrative target, with 2021 seeing a 650 per cent increase in supply chain attacks.  

These attacks can be devastating for both MSPs and customers, leading to data loss, lengthy downtime, and reputational damage.

The importance of the supply chain

The infamous attack on the SolarWinds IT management platform—in which an attacker modified code in SolarWinds' Orion products and then pushed the malicious update to around 18,000 SolarWinds' customers including enterprises, IT companies and government organisations—is a stark example.

While SolarWinds later announced "the actual number of customers who were hacked through SUNBURST to be fewer than 100",  it demonstrates how weaknesses in an MSP's security can impact organisations throughout its ecosystem.

A recent joint advisory from the cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States details actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. It describes supply chain attacks as "amongst the most significant cyber threats facing organisations today."

A range of steps are set out for MSPs and their customers in the advisory, including taking actions to mitigate initial compromise attack methods, improve monitoring and logging processes, enforce multifactor authentication, apply the principle of least privilege, deprecate obsolete accounts and infrastructure, backup systems and data, proactively manage supply chain risk, and promote transparency.

Understanding your security

It is clear that any MSP looking to grow their business must ensure they fortify their cyber security posture. However, many lack the resources to do this alone.

The starting point should be a full audit of your IT environment, as a good level of visibility is vital to understanding and improving your cyber security practices. This includes having a detailed knowledge of the software and hardware within your environment, the cloud services being used, the data and network integrations between these environments, and all the vendors you interact with.

From there it is possible to develop an incident response plan and mitigate the impact of a successful attack.

It is also important to understand what data your organisation and vendors are handling, so you can ensure it is stored securely and can only be accessed by the right people. MSPs must also establish what their vendors are doing to protect the privacy, integrity and availability of their organisations' and customers' data.

Processes and partnerships

Having the right cyber protection measures in place is also essential. This includes creating regular backups, investing in patch management, implementing a zero-trust model, or acquiring autonomous threat detection and response capabilities.

Taking these steps calls for specialised solutions and expertise that may go beyond what an MSP can handle in-house.

For example, MSPs need sophisticated threat detection and response capabilities that fortify their cyber security—including email security, the top vulnerability for supply chain attacks—and this requires advanced technology. Rather than developing the technology internally, MSPs often benefit by partnering with vendors that can provide the right solutions.

When evaluating vendors, MSPs should look for partners that can optimise their cybersecurity without consuming their time, resources, or attention.

Working with a trustworthy cybersecurity partner that is willing to share knowledge, provide the right tools, and be on-hand to offer technical support will help bolster internal security.

MSPs preparing to offer security services should be certain their own cybersecurity strategies and processes have been successfully implemented before they start working with customers.

By staying on top of your own security, you can protect your customers from compromise and begin providing the security services of most value to their business and your bottom line.

By strengthening your own cyber security posture, you prove your reliability as a trusted and credible partner to your customers. They, in turn, can benefit from the same cybersecurity solutions your business is utilising and be confident their own security posture will not be compromised by weak links in the supply chain. 

To find out more about MSP cybersecurity, visit here.

This is a sponsored post in collaboration with Vade.

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Vendor

Google exec on 60 per cent workspace partner margins, besting Microsoft

Google exec on 60 per cent workspace partner margins, besting Microsoft

“I don’t think you could point to another large technology company that’s ever done something like this: 60 per cent margin. And that’s not ‘up to’ 60 per cent, but actually 60 per cent,” Google’s Kevin Ichhpurani tells CRN.

Mark Haranas
clock 23 April 2024 • 11 min read
Salesforce drops $11bn Informatica acquisition pursuit

Salesforce drops $11bn Informatica acquisition pursuit

Salesforce has dropped its acquisition plans to buy data management software company Informatica for an estimated $11bn, reports indicate

Mark Haranas
clock 22 April 2024 • 2 min read
Qualys reintroduces itself to the channel under new sales leadership

Qualys reintroduces itself to the channel under new sales leadership

CRO Dino DiMarino and SVP channels and alliances Barb Huelskamp speak to CRN about the vendor's revamped channel strategy and MSSP focus

clock 22 April 2024 • 3 min read

Highlights

Staff & Salaries 2022

Staff & Salaries 2022

A snapshot of pay and headcount trends in the UK channel

Doug Woodburn
clock 09 March 2022 • 1 min read
Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Stephen Fenby talks to CRN after Midwich’s 2021 results in which profitability exceeded pre-pandemic levels

Josh Budd
clock 08 March 2022 • 3 min read
4 more vendors suspend sales in Russia following Ukraine invasion

4 more vendors suspend sales in Russia following Ukraine invasion

IBM and Microsoft are among a number of vendors which have also announced that they will halt sales in Russia following the invasion of Ukraine.

clock 08 March 2022 • 3 min read