CISA Warns of Enhanced Risk of Ransomware and Cyber Espionage to Business

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert warning to businesses that they were squarely within cybercriminals’ sights. The alert stated that “The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of businesses and service providers in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base.”

The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors including state-sponsored advanced persistent threat (APT) groups to step up their targeting of businesses

The alert goes on to note that authorities from those same nations had previously issued general guidance for MSPs and their customers. However, this particular advisory was intended to provide specific guidance to encourage “transparent, well-informed discussions” between MSPs and their customers that centre on securing sensitive information and data.

Officials are hoping that those discussions result in revisiting security plans to ensure that they’re ready for today’s threats, including a re-evaluation-evaluation of security processes and contractual commitments to accommodate customer risk tolerance. The aim is to bolster a shared commitment to security between MSPs and their clients that will reduce supply chain risk for both MSPs and their customers.

What Do Experts Recommend that Companies Do to Mitigate Their Risk?

Attacks on businesses and service providers offer cybercriminals a wealth of tools, options, and opportunities that they can exploit for further gain. Service providers are attractive targets for cyber criminals, especially ransomware groups as they tend to store and handle valuable information, including customer data and information about operational technology (OT).

Attacks on companies also offer the threat actors with chances to obtain access to their operational and administrative environments, allowing them to potentially penetrate security at another company that has been targeted.

A successful attack at an MSP can even offer cybercriminals the advantage that they need to plant a backdoor in that MSPs client’s environment, enabling the bad guys to return at their leisure. In this alert, CISA offered a variety of recommendations that will help reduce cyber-attack risk for both MSPs and their clients. Here are four major areas for MSPs to consider.

Read our Blog - Threat Monitoring and How it can Support Your Organisation

Preventing Initial Compromise

Cybercriminals n the majority of cases will often exploit vulnerable devices and internet-facing services when launching attacks. Sometimes these are brute force attacks, and other times their sneakier attacks that are perpetrated through phishing.

It is recommended that all companies and their third parties should ensure they are mitigating these attack methods.

Read our Blog - Ransomware - Defence and Response

Eliminate Old User Accounts & Obsolete Infrastructure

Businesses should take a hard look at their active and disabled user accounts and take steps to disable accounts that are no longer in use. Eliminating old user accounts is especially important when you or your clients have a personnel transition. Over 80% of former employees in a survey said they could access accounts at their previous place of employment even after leaving the company. CISA also advises that Organisations should also take care to identify and disable unused systems and services. Port scanning tools and automated system inventories can assist organisations in confirming the roles and responsibilities of systems.

Read our Blog - Zombie Accounts Can Take A Bite Out Of Your Business!

Develop & Exercise Incident Response & Recovery Plans

1 in 3 businesses is flirting with disaster by either not having an incident response plan or not having an up-to-date and workable plan. Neither you nor your clients should be on the list of organisations that aren’t ready for incident response. All organisations (large and small) should maintain up-to-date hard copies of plans to ensure that incident responders can access them should the network be inaccessible, as would possibly be the case in a ransomware scenario.

Organisations should also develop and regularly exercise internal incident response and recovery plans and encourage trusted third parties and clients to do the same. As a minimum, incident response and recovery plans should include roles and responsibilities for all organisational stakeholders, including executives, technical leads and procurement officers and the tasks of which they have been assigned to assist with the identification and containment of an incident.

Read our Blog - Planning for the Inevitable - Incident Response Activities

Understand & Proactively Manage Supply Chain Risk

It is also recommended that all organisations should proactively manage information and communications technology (ICT) services supply chain risk. Organisations should use risk assessments to identify and prioritise the allocation of resources, with the caution that MSPs need to make sure that they understand their own supply chain risk and concentrate some of their efforts on managing the potential for cascading risk that it poses to customers. In a recent survey, more than 80% of CISOs said that they believe that their software supply chains are vulnerable.

Read our Blog - Unified Support Capability

It Pays to Invest in Incident Response

Want to know a secret that can help you avoid a cyber attack? Companies that invest in a formal, tested incident response plan are less likely to have a cybersecurity incident than companies that don’t have an incident response plan and they save money if they do have an incident. Incident response planning is a win-win for every business.

It’s true. IBM researchers announced that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan.  That’s a big benefit that you gain immediately and enjoy even if you never use the plan.  

Unfortunately, 1 in 3 companies hasn’t got an incident response plan, and that’s a disaster waiting to happen. If you’re not ready for trouble, you’ll be scrambling when trouble finds you. Save time, money and maybe even your company by talking to your MSP and making or updating your incident response plan right away.

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to us at info@forint.co.uk or through our contact page - https://www.forint.co.uk/contact.