Total Tests:

How managed service providers can pose a risk to their customers

By Lance Whitney for TechRepublic
Wednesday, July 8, 2020

The alert from the Secret Service is far from the first such notice in recent years. In October 2018, The National Cybersecurity and Communications Integration Center (NCCIC) warned of ongoing attempts from state-sponsored hacking groups to breach MSPs, especially targeting cloud-based service providers.

"Attackers concentrate their malicious efforts on MSPs because they are now a low-hanging fruit," Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, told TechRepublic. "Worse, most of the successful intrusions are never detected or reported given that the attackers have strong incentives to conceal the breach that may otherwise trigger an investigation that may depreciate the value of stolen data or even bring a SWAT team to their homes."

In its advisory, the Secret Service offered advice for both MSPs and their customers to grapple with the rise in hacks and breaches. Risk management is another area that MSP customers need to reevaluate, according to Kolochenko.

"Their third-party risk management process is, however, mostly based on obsolete one-size-fits-all questionnaires," Kolochenko said. "This bureaucratic approach can be unreasonably burdensome and complex for some small vendors; for others, they are inadequate and otherwise flawed. Organizations should rethink their third-party risk management strategies, making them adjustable and proportional to the risk on a case-per-case basis." Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential