Most IT service providers are used to being the defenders of the cybersecurity realm. But, a new report published today by Trustwave, a managed security services provider (MSSP), suggests services providers themselves are increasingly becoming the targets of cybersecurity attacks.
Trustwave’s Global Security Report notes that service providers now account for just over 9 percent of all the cyberattacks the MSSP tracks annually. That’s up from virtually zero a year ago, says Brian Hussey, vice president of cyber threat detection and response for Trustwave.
Cybercriminals have figured out that if they can compromise an IT service provider they can exploit that breach to move laterally to infect hundreds of customers, explains Hussey.
Cybercriminals are getting smarter
In general, Hussey says the report makes it clear cybercriminals are getting much better at targeting attacks at specific vertical industries. Banking, for example, is being targeted as part of an effort to not just steal credentials, but also actual money, adds Hussey.
The Trustwave report also finds that 30 percent of the malware examined used obfuscation to avoid detection and bypass first-line defenses and a full 90 percent used persistence techniques to reload after reboot. Cybercriminals are also making greater use of encryption to hide malware from cybersecurity technologies capable of inspecting content.
.@Trustwave report: IT service providers account for over 9% of the cyberattacks the #MSSP tracks annually, up from virtually zero a year ago @smartermsp
As cybersecurity becomes more complex it’s now only a matter of time before more IT service providers conclude they need to circle the proverbial wagons. Most IT service providers don’t have the internal skills and resources to combat sophisticated cyberattacks. Building a managed security service is not something to be undertaken casually. IT services providers would be well-advised to consider partnering with dedicated MSSPs, many of which have begun to set up their own channel programs to enable other IT service providers to resell their services. The average MSP may be able to manage a firewall on their own. But, remediation of an attack after the fact usually requires expertise that is hard to find much less retain.
Unfortunately, IT services providers and their customers need to assume their systems are already compromised. Clever social engineering attacks have generally bypassed most defenses. That doesn’t mean firewalls don’t provide a valuable capability. Things would be much worse than they are without them. But it does mean there needs to be more focus on cybersecurity threat detection, which usually requires advanced analytics capable of identifying anomalous behavior. Once discovered, the affected systems also need to be immediately quarantined to limit any further exfiltration of data.
A robust cybersecurity defense typically relies on a defense-in-depth strategy. What’s changing is that not every layer of that defense needs to be provided by the same MSP. A federated approach enables MSPs to offset the cost of delivering more advanced cybersecurity services while they continue to, for example, focus on defending the perimeter. It’s up to each MSP to decide how much they want to let the end customer know how many MSPs are involved in securing their environment. What really matters is making the customer feel that everything possible is being done to protect them.
Photo: Vladimir Arndt/Shutterstock.com