The recent Kaseya VSA cyberattack is an important reminder of how security works best when we approach it as a community. The adversarial pivot to supply chain-based attacks for delivering ransomware underscore the role we all must play in helping to keep each other protected. Managed services providers (MSPs), in particular, provide a variety of services to help protect and secure their customers, but, if a cybercriminal gets into one MSP system, they can easily find themselves holding the key to a kingdom of small-medium-sized enterprises in one fell swoop. What happened this past weekend was an example of just that, with businesses of all types (retail, banking, healthcare, government, etc.) having their data being held ransom due to a breach of their MSP’s system. Of course, it’s no surprise that the attackers executed this on the Friday afternoon of a holiday weekend, which was an ideal attack scenario. It’s key to keep in mind that this can happen to anyone, at any time. As technology vendors, we have to realize we’re all potential targets—and the risks are steep.
The thing about MSPs is they don’t always rely on a single technology solution to get their jobs done. It’s not uncommon to find an MSP using one RMM, paired with a different help desk solution, and yet another backup product, for example. As channel vendors, we are one industry with a common goal: to help our MSP partners succeed by best supporting and protecting the customers they serve. This means that when we see a cyberattack of this multitude, it’s important we join together to understand learnings, apply best practices, and move quickly to support our own customers and the community at large. Our responsibility as an industry is to ensure that our mutual supply chain is as hardened as possible. Times like this should remind us that this is bigger than any one vendor.
It’s also true that there’s no single piece of a security program—technical or otherwise—that is able to solve this problem. For MSPs, reducing their customers’ security risks requires multiple layers of technical and security controls. It requires them to deliver the basics, like multifactor authentication, antivirus, patching, and backup, and, based upon their customers risk tolerance, may require more sophisticated solutions like endpoint detection and response (EDR), security information and event management (SIEM), and threat intelligence. On the human side, it requires building a culture of security through regular security trainings, awareness, and preparedness exercises. But more importantly, as vendors, we owe it to our customers to do everything we can to securely develop the tools they use to deliver these solutions, respond appropriately and quickly to vulnerabilities and threats, and to collaborate with the appropriate authorities to help in the response.
In short, we work in a world where security is everyone’s job, whether they signed up for it or not. It must be a part of the cultural fabric of everything each of us does—from the services MSPs deliver to the code our teams write to the employees we hire.
While we all continue to monitor the recent attack, I want to commend Kaseya for their transparency and Huntress for their deep technical analysis and community sharing. This is not a time for opportunistic plays, but rather, a time for solidarity. And when the dust settles, I am hopeful we will have used this as another important common denominator for holding ourselves accountable to even higher standards as an industry, and as technology providers.