Research has identified that managed service providers (MSPs) are a high value target for cyber criminals.
Malicious attacks are on the up on MSPs, as hackers are able to infiltrate networks enticed by the chance to victimise multiple companies with one hack.
Hackers are systematically carrying out attacks according to new research; it isn’t a surprise given that MSPs have access to the systems of multiple customers, meaning one hack can launch malicious attacks on a number of organisations.
From the research, almost three quarters of MSPs have themselves suffered at least one cyber attack, while 83% report that SME customers have experienced one attack.
Guy Lloyd at CySure said that SMEs now have to ask “hard questions” in order to ensure risks are managed.
With that in mind, he has outlined five key questions for IT service providers.
They cover five areas: governance framework, secure development, personnel security, operational security, and supply chain security.
For governance framework, internet service providers need to know which type is used; MSPs should have a security governance framework, and any technical controls deployed outside of this will be “fundamentally undermined, so SMEs should check what framework the MSP is adhering to and that it meets their needs.”
For secure development, it is important to find out if the services offered to an SME by an MSP are designed with security in mind; for personnel security, and in particular where MSP employees have access to company systems and data, it is vital that the organisations trust these people, as well as their expertise, so questions should be asked about the screening process.
In terms of operational security, SMEs should check with the MSP that the services is managed securely so attacks are detected and ultimately prevented.
Finally, a company’s MSP should be able to show that its supply chain satisfactorily supports all security principles which it claims to implement, as mistakes can be very costly indeed.