“First SolarWinds, now Kaseya. SaaS software heavily used by managed service providers (MSPs) has now been the target of two successful cyberattacks,” writes Slashdot reader storagedude.
He shares a ChannelInsider article reporting the Kaseya ransomware attack compromised roughly 1,500 “downstream” businesses — and that now managed service providers “are reassessing their approaches to managing IT” after their own upstream vendors were breached:
In many cases, rather than assuming the platforms that MSPs employ are secure, end customers will now require them to prove it via an audit of their software supply chains, says James Shank, Chief Architect of Community Services for Team Cymru, a provider of threat intelligence tools employed to conduct such audits. Shank, who also served on the Ransomware Task Force Committee set up by The Institute for Security and Technology, notes that MSPs should also assume attacks will only get worse before they get any better. “This is not the end or the middle,” he says. “It’s only the beginning.”
Others, however, don’t think there will be any widespread mandate to audit IT supply chains in the absence of any government requirement. Most organizations are simply not going to conduct or require extensive audits because of the time, effort, money and expertise required, says Mike Hamilton, chief information security officer (CISO) for Critical Insight, a provider of a managed detection and response platform.
“American companies are not going to do that unless someone holds their feet to the fire,” he says.
The challenge that creates for MSPs and their customers is it may force them to continue to place too much trust in IT platforms provided to them by a vendor, says Chris Grove, technology evangelist for Nozomi Networks, a provider of security tools for monitoring networks. “These platforms are over-trusted,” he says.
The decision many MSPs are specifically wrestling with is the degree to which they should continue to rely on IT service management (ITSM) platforms from an IT vendor that might be compromised by malware versus building and securing their own custom platform. The latter approach is not immune to malware but might be less of a target as cybercriminals increasingly focus their efforts on platforms that enable them to wreck greater downstream havoc. Alternatively, MSPs could switch to IT service management platforms provided by vendors that don’t have enough market share to attract the attention of cybercriminals… Building an IT service management platform from scratch naturally requires a level of investment many MSPs lack the funding or expertise to make, notes Eldon Sprickerhoff, chief innovation officer for eSentire, a provider of a managed detection and response platform. “It’s a difficult situation,” he says.BR>
The article points out that few small- to medium-sized businesses can afford their own internal IT security team.
Slashdot reader storagedude then suggests “on-premises installed and managed software could get another look as a result of the attacks,” while vendors who can prove high levels of security “could gain a market advantage.”
of this story at Slashdot.
Source:: Slashdot