{"id":5799,"date":"2020-01-30T23:03:03","date_gmt":"2020-01-30T23:03:03","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5799"},"modified":"2025-06-25T15:45:35","modified_gmt":"2025-06-25T14:45:35","slug":"msps-and-risk-supply-chain-protecting-yourself-and-your-customers","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers","title":{"rendered":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers"},"content":{"rendered":"<p>It started with reports from\u00a0<a class=\"ext\" href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/TA17-117A\" target=\"_blank\" rel=\"noopener noreferrer\">Department of Homeland Security<\/a>\u00a0about a few managed services providers (MSPs) who were compromised, allowing threat actors to use their remote access as a pathway to multiple customers. At first, these appeared to be sophisticated, state-sponsored threat actors with specific targets in mind. Then a few more reports trickled in, where less sophisticated actors (more opportunistic cybercriminals) started to follow suit. While one small or medium-sized business might not be a valuable target, access to several through an MSP means cybercriminals could find a more valuable \u201cneedle in the haystack\u201d in an MSP\u2019s customer base. For example, gaining access to a doctor\u2019s office or other healthcare provider through an MSP could grant bad actors access to health records, which can sell for up to $1,000, according to\u00a0<a class=\"ext\" href=\"https:\/\/www.beckershospitalreview.com\/cybersecurity\/patient-medical-records-sell-for-1k-on-dark-web.html\" target=\"_blank\" rel=\"noopener noreferrer\">Becker\u2019s Hospital Review.<\/a><\/p>\n<h3><b>Capitalizing on the trend<\/b><\/h3>\n<p>Next came the real opportunists\u2014the ransomware criminals. Once this method of compromise was in the media, threat actors realized they could use the same tactics and procedures. Usually, ransomware attacks consist of gaining access to credential sets acquired through one of the many public <a href=\"https:\/\/www.n-able.com\/cyber-encyclopedia\/what-is-a-data-breach\"  data-wpil-monitor-id=\"49\">data breaches<\/a> and capitalizing on the fact that many humans like to reuse passwords across multiple accounts and services, and don\u2019t always turn on two-factor authentication (2FA) like they should.<\/p>\n<p>Cybercriminals use those credentials to access an MSP\u2019s remote management solution. From there, they have remote access to multiple networks where they can install ransomware and start encrypting data. This presents two opportunities to get paid: either by the business that is compromised, or the MSP that wants to keep their reputation.<\/p>\n<p>Even worse, now this threat of lost data is only one component. The bad actors are exfiltrating some of the data they have access to and are threatening to release it if they are not paid, as\u00a0<a class=\"ext\" href=\"https:\/\/krebsonsecurity.com\/2019\/12\/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up\/\" target=\"_blank\" rel=\"noopener noreferrer\">Brian Krebs recently reported<\/a>. This means that having backups in place can get the business back up and running with some effort, but the risk of breach and reputation loss still looms if the ransom is not paid. While it is critical to have backups, this new trend stresses that prevention using layered security and best practices are more important than ever.<\/p>\n<h3><b>Get your house in order first<\/b><\/h3>\n<p>Since the MSP is in fact the supply chain risk in this scenario, it is becoming more likely that customers will start asking what you are doing to mitigate the risk of this happening to them. This starts with ensuring your own house is in order from a security standpoint. Here are nine keys things you should do:<\/p>\n<ol>\n<li>Implement or augment layered security solutions in your own network.<\/li>\n<li>Monitor critical systems for anomalies or unauthorized access attempts (or partner with a specialized MSSP to monitor your own network).<\/li>\n<li>Ensure your own employees are trained on the tactics used by bad actors\u2014attachments, phishing, vishing, business email compromise, etc.\u2014so they are not the source of the first foothold.<\/li>\n<li>Operate on a least privilege model with all credentials. Your techs should only have the level of access that is required to complete the task at hand.<\/li>\n<li>Update any internal, on-premise systems you use to support your customers. Some of these attacks started by exploiting a vulnerability in an internal system.<\/li>\n<li>Ensure 2FA is leveraged in all systems that support it.<\/li>\n<li>Require strong passwords and use a password manager to maintain credentials and who has access to them.<\/li>\n<li>Ensure your customers have a defined mechanism to report suspicious behavior so you can quickly assess the risk level.<\/li>\n<li>Develop an incident response and communication plan with your customers so they will be aware of higher risk during an incident, should one occur.<\/li>\n<\/ol>\n<h3><b>Communicate to your customers<\/b><\/h3>\n<p>Once you have your plan in place, ensure you put together some documentation on your cybersecurity practices so you can set your customers\u2019 minds at ease. This documentation should include how you protect your own assets, how you protect access to your customers\u2019 assets and credentials, and your expectations on how your customers should partner with you to ensure their security is up to today\u2019s standards. In fact, it\u2019s a good idea, as we start 2020, to be proactive and engage all your customers\u2019 stakeholders with references to some of the recent attacks that have been taking place\u2014it\u2019s likely they have already seen some of it in the news. Then explain what you are doing to reduce the risks of these types of attacks in your environment, and what you will be recommending for improving their protection as well. This should include the same practices and services you are using to stay secure.<\/p>\n<h3><b>New year, new security you<\/b><\/h3>\n<p>This malicious activity shows no sign of stopping, so now&rsquo;s the perfect time to sit down and look at enhancements to your security practices and offerings, and make changes where appropriate. If people have been reluctant to invest in their own security, this is also an excellent opportunity to revisit and adjust your relationship with all your customers when it comes to your offerings.\u00a0 Since security is a shared responsibility, your customers rely on you to effectively design, implement, and monitor security solutions, and train them on best practices to adopt.\u00a0 After all, you are the expert, which is why they hired you in the first place!<\/p>\n<p>Setting the stage for a secure 2020 will allow you to sleep a little easier and let your customers know your success (and your risk) is tied directly to theirs. Let\u2019s stay safe out there.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at\u00a0<a class=\"ext\" href=\"https:\/\/twitter.com\/cybersec_nerd\" target=\"_blank\" rel=\"noopener noreferrer\">@cybersec_nerd<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves&#8230;<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5799","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able<\/title>\n<meta name=\"description\" content=\"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able\" \/>\n<meta property=\"og:description\" content=\"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-30T23:03:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-25T14:45:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gill Langston\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gill Langston\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\"},\"author\":{\"name\":\"Gill Langston\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\"},\"headline\":\"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers\",\"datePublished\":\"2020-01-30T23:03:03+00:00\",\"dateModified\":\"2025-06-25T14:45:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\"},\"wordCount\":954,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"articleSection\":[\"Head Nerds\",\"Security\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\",\"url\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\",\"name\":\"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr#website\"},\"datePublished\":\"2020-01-30T23:03:03+00:00\",\"dateModified\":\"2025-06-25T14:45:35+00:00\",\"description\":\"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/fr\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/fr#website\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/fr?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/fr#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\",\"name\":\"Gill Langston\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"caption\":\"Gill Langston\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able","description":"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers","og_locale":"fr_FR","og_type":"article","og_title":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able","og_description":"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.","og_url":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-01-30T23:03:03+00:00","article_modified_time":"2025-06-25T14:45:35+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Gill Langston","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"\u00c9crit par":"Gill Langston","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers"},"author":{"name":"Gill Langston","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/ccb02e43837727da6ab962f5357e872a"},"headline":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers","datePublished":"2020-01-30T23:03:03+00:00","dateModified":"2025-06-25T14:45:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers"},"wordCount":954,"publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"articleSection":["Head Nerds","Security"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers","url":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers","name":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr#website"},"datePublished":"2020-01-30T23:03:03+00:00","dateModified":"2025-06-25T14:45:35+00:00","description":"Using MSPs as a back door into their customers\u2019 networks is becoming and increasingly popular method of compromise. Gill Langston looks at what you should to do to secure yourselves and your customers.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/fr\/blog\/msps-and-risk-supply-chain-protecting-yourself-and-your-customers#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/fr\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"MSPs and the Risk to the Supply Chain\u2014Protecting Yourself and Your Customers"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/fr#website","url":"https:\/\/www.n-able.com\/fr","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/fr?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/fr#organization","name":"N-able","url":"https:\/\/www.n-able.com\/fr","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/ccb02e43837727da6ab962f5357e872a","name":"Gill Langston","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","caption":"Gill Langston"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/comments?post=5799"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5799\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/media?parent=5799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}