News: 1717065008

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Pretty much all of the headaches affecting MSPs are due to cybersecurity

(2024/05/30)


Managed Service Partners (MSPs) say cybersecurity dwarfs all other main concerns about staying competitive in today's market.

Adding to the already notoriously strained existence of an MSP is work that even folk in the infosec industry struggle to keep up with, and leaves those looking after client systems and IT struggling to juggle it all.

Adversaries don't break into organizations – they log in...

The findings were among security shop Sophos' latest survey of MSPs across the US, UK, Australia, and Germany – although the majority of responses came from the US.

The top three challenges reported by MSPs on the whole were all related to cybersecurity, illustrating the importance placed on it by customers:

Staying on top of security technologies

Employing additional security analysts to meet the pace of customer growth

Maintaining awareness of the latest threats

Keeping up-to-date with the latest technologies and solutions was also the most commonly reported answer when MSPs were asked about the single biggest challenge their business faces.

"Given the speed of innovation in this space, it is unsurprising that many MSPs are struggling to keep up," the report reads.

"As threats evolve, so do the cyber controls that stop them. Existing technologies gain new capabilities while brand-new products are regularly released to the market. Keeping on top of all these developments is both difficult and time-consuming."

[1]

When asked about the biggest risks to their own businesses and their clients, many cited a shortage in security skills. Sophos' survey revealed that the single biggest perceived risk to both MSPs and their customers is a dearth of in-house security talent.

[2]

[3]

We won't misquote that myth that there are four million unfilled infosec jobs out there, or however many it's supposed to be now (the figure actually refers to how many qualified infoseccers there should be to meet the global demand for cyber services). However, the latest figures illustrate that the problem isn't improving, and hasn't for many years, as security becomes even more important for organizations while there just aren't the skills out there to satisfy the need.

For MSPs that offer managed detection and response (MDR) services and have an in-house security operations center (SOC), the average number of analysts staffing that SOC is 15, but there is a large variation between organizations that is largely dependent on the MSP's size.

Guess who's up 2am local time? Yep, an attacker working in a different time zone

Smaller MSPs will naturally have far fewer analysts, and delivering a robust 24/7 service, which is fairly essential given attackers' habits of timing their operations during antisocial hours, becomes nigh-on impossible.

In addition to the staffing issue, MSPs admit that having legitimate credentials stolen and bought by cybercriminals presents an equally severe danger to themselves and their clients.

[4]

"Adversaries don't break into organizations – they log in," Sophos said. "Using stolen access data and credentials, often purchased on the [5]dark web from an initial access broker (IAB), they impersonate legitimate employees to penetrate their target."

The vendor's data indicates that nearly a third of all ransomware attacks (29 percent) last year began as a result of miscreants acquiring login credentials, allowing them to gain an initial foothold in the victim's environment.

[6]US govt now bans TikTok from contractors' work gear

[7]This is what to expect when a managed service provider gets popped

[8]Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security

[9]How do China's cyber-spies snoop on governments, NGOs? Probably like this

Sophos' observation is the same across the board. Both IBM and CrowdStrike released reports earlier this year showing a huge increase in cybercrims using valid credentials to launch attacks.

IBM [10]said it noticed a 71 percent year-on-year increase, representing 30 percent of all incidents it was called in to investigate. That makes it as dangerous as [11]phishing , which also comprised 30 percent of all initial access vectors, according to its figures.

Phishing is and has been for some time considered to be the most common way attackers launch attacks, preying on human error. However, this tried and tested method was down 44 percent last year, IBM said earlier this year, thanks to, in part, the rise of credential abuse.

[12]

Sophos says that choosing partners that offer a wide variety of fully featured tools and services, and choosing a managed detection and response (MDR) partner that can alleviate that talent shortage, could go a long way in helping [13]MSPs – especially the smaller ones – keep up with customers' growing demands for infosec expertise. ®

Get our [14]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zliiocm1Pxh4-YSwxomnKwAAAEc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zliiocm1Pxh4-YSwxomnKwAAAEc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zliiocm1Pxh4-YSwxomnKwAAAEc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zliiocm1Pxh4-YSwxomnKwAAAEc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2024/02/16/dark_web_kids_limit_uk/

[6] https://www.theregister.com/2023/06/06/us_contractors_tiktok_ban/

[7] https://www.theregister.com/2022/07/30/msp_access_russia/

[8] https://www.theregister.com/2022/05/11/five_eyes_msp/

[9] https://www.theregister.com/2022/04/07/china-espionage-campaign/

[10] https://www.theregister.com/2024/02/21/identity_related_cyber_threats/

[11] https://www.theregister.com/2024/05/23/google_phishing_tests/

[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zliiocm1Pxh4-YSwxomnKwAAAEc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[13] https://www.theregister.com/2022/05/11/five_eyes_msp/

[14] https://whitepapers.theregister.com/



Obvious question:

Doctor Syntax

"nearly a third of all ransomware attacks (29 percent) last year began as a result of miscreants acquiring login credentials"

How are these credentials acquired?

Re: Obvious question:

Our Lord and Savior Rahl

Because many people use the same passwords for everything and post about where they work on social media, it's not hard to join the dots

Dave 126

I saw the headline and thought: "Not according to Private Eye", but realised that MSP probably didn't stand for Minister of Scottish Parliament in this context.

Handlebars

There's 5 weeks to go and you've already got electile dysfunction

And Level Zero Challenge: Keep it simple

EricM

As an architect I find it pretty hard a) to achieve and b) to keep a solution simple over time - even if this strategy is very successful in terms of factual security achieved.

Components that are not active, cannot be attacked - components that are not even installed are even better.

Simple components with fewer bugs are harder to attack than large, complex components with may bugs.

Simple components are easier to fully understand and defend for your own staff.

So solving this "Level Zero Challenge" will help in resolving important aspects of challenges 1-3 from the article.

However, selecting the fewest, most simple, most stripped-down components for a given task often frustrates developers, as it means they often cannot use whatever code they are used to or example code they found on the Internet (often promoting certain products) to solve a problem.

It also frustrates customers as well, as not grabbing the next-best, halfway fitting COTS-product/library and "add it to the mix" will result in longer development time for new features and potentially higher inital cost.

And arguing with security still often is an uphill battle against cost and features...

Counter trends

Mike 137

M$ used to provide detailed server hardening guides. Then they moved to instead providing scripts that could be run blind. Now we have auto-update. So as the threat landscape has become more severe we've been granted progressively less control over our attack surface. This doesn't seem the ideal way to go.

Re: And Level Zero Challenge: Keep it simple

sitta_europea

Funnily enough, just yesterday I gave to my wife the one remaining clutch pencil in the top left drawer of my desk.

With that pencil, and several others very like it, in the 20th century I and the staff of my drawing office produced thousands of engineering drawings and documents.

Those documents are still safe in the cabinets and on the shelves in my office, still completely unaffected by any and all network-borne attacks.

The street preacher looked so baffled
When I asked him why he dressed
With forty pounds of headlines
Stapled to his chest.
But he cursed me when I proved to him
I said, "Not even you can hide.
You see, you're just like me.
I hope you're satisfied."
-- Bob Dylan