The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is now focusing on fixing systematic risks in the remote monitoring and management (RMM) tools that most managed service providers (MSPs) employ.
The agency, as part of a Joint Cyber Defense Collaborative (JCDC) Remote Monitoring and Management Cyber Defense Plan, is now specifically calling for developing and coordinating cyber defense plans across the RMM community. The goal of this is to share threat and vulnerability information and improve operational resiliency by developing, coordinating, and executing plans for cyber defense operations.
At the same time, CISA is also planning on educating end-user organizations on the dangers and risks to the RMM infrastructure as part of an effort to promote the adoption of security best practices.
The United Kingdom, Australia, Canada, New Zealand, and U.S. cybersecurity authorities – including the FBI, National Security Agency, and CISA, have been asking MSPs to enhance their security for more than a year now. RMM tools are not inherently insecure, but they are often compromised using a stolen set of credentials that were most likely acquired via a phishing attack. Those credentials enable cybercriminals to mimic the behavior of end users of those tools while they surreptitiously plant malware that might not be activated for months.
More challenging still, the rise of generative artificial intelligence (AI) will make it more difficult to detect phishing campaigns. Cybercriminals will be using generative AI to mimic all kinds of normal behavior through which they will be able to steal even more credentials. The only way to combat that threat is to invest more in AI platforms that surface anomalous behavior in near real-time. The sooner that behavior is detected, the faster it becomes possible to determine where and how malware has been deposited.
MSPs should be aware of potential RMM challenges
Ultimately, MSPs, in the wake of the CISA initiative, will need to come to terms with two issues. The first issue is covering the cost of hardening RMM tools. That may mean everything from investing more in multi-factor authentication (MFA) to adopting a cybersecurity platform infused with AI to identify anomalous behavior.
The second potentially more troublesome issue is that many customers might conclude that RMM tools are unsafe. There’s not much in the way of alternatives, but there will be a bias toward relying on an internal IT team to manage RMM tools rather than an MSP that is more likely to be targeted by cybercriminals. MSPs in the months ahead will need to reassure customers that they have locked down access to the RMM tools that play a role in almost every service provided.
Hopefully, the sharing of threat and vulnerability information to improve cyber defense operations will go a long way in reassuring customers that managed services are secure. It’s already challenging enough to sell managed services without federal agencies, no matter how well-intentioned, casting additional shade in the form of warnings about RMM tools.
In the meantime, it’s clear customers are going to be more interested than ever in the cybersecurity practices that MSPs are using to secure their IT environments. Savvy MSPs that make the right investments will turn those conversations into an opportunity to better differentiate themselves from both rivals and internal IT teams that often lack the expertise needed to implement and maintain best cybersecurity practices.
Photo: VideoFlow / Shutterstock