According to a study by N-able, managed service providers (MSPs) report that 82% of their customers have seen an increase in attempted cyberattacks since the pandemic. Even MSPs themselves are a target for cybercriminals, which can have wide-reaching impacts on their customers and network of resources if breached. As threats become more prevalent it’s imperative that organizations not only implement cybersecurity best practices, but that they work with strategic advisors who value the same practices.
The Cybersecurity & Infrastructure Security Agency released a report detailing how managed service providers and their customers should be protecting against cyber threats. Below you will find a summary of the report as well as BDO Digital's recommendations for keeping your company safeguarded against threats.
Here are ten cybersecurity best practices that should be top of mind for your organization.
First and foremost, your business should take every preventive measure possible to prevent cyber-attacks. Using mitigation tools and resources can help you prevent initial compromise, thus making it less likely that an attacker will disrupt business operations or pose a significant threat to your business.
82% of their customers have seen an increase in attempted cyberattacks since the pandemic*
If you’re unsure of your current level of cyber maturity, then cyber assessments
are a great place to start. An assessment can help you understand what your biggest risks are, where you should focus your efforts and investments, and how to help improve your maturity and strengthen your defenses.
*N-able State of the Market: The New Threat Landscape White Paper
Logging and monitoring are critical components of a cybersecurity program. The reality is it can be months before an incident is detected within an environment, and with so many threats and an abundance of data to continuously comb through to identify an incident, it’s critical for organizations to implement and maintain a logging and monitoring solution.
It is recommended the logging solution retains your most relevant and important logs for at least six months. Logging and monitoring provides additional visibility into incidents, aids in threat hunting, and reduces the time needed to triage and investigate a potential incident.
If you are working with an MSP to deliver a logging and monitoring solution, make sure that they can deliver upon necessary contractual obligations to help ensure success. For example, a vendor should be able to do the following:
- Implement a comprehensive security information and event management (SIEM) solution that enables logging and monitoring
- Deliver visibility and communication as it relates to the providers access, presence, activities, and connections to the customer environment (are the MSPs accounts properly monitored and audited?)
- Notify the customer when a confirmed or suspicious event/incident occurs on the provider’s infrastructure and administrative networks. The provider should conduct thorough analysis and investigation.
BDO Digital’s Managed Detection and Response (MDR)
solution combines the capabilities of Microsoft Sentinel with the continuous monitoring of our security and operations center (SOC). With a state-of-the-art and comprehensive solution such as this one, your organization will be enabled to provide 24x7x365 cyber monitoring and logging for all your important data sources, and be well positioned to rapidly identify, analyze, and respond to potential threats.
As more companies shift to a hybrid or fully remote work environment, the need for MFA is more apparent than ever. Deploying MFA adds that extra, foundational layer of security when you have employees accessing company networks from varying locations and devices. It’s important that any business advisor you work with not only mandates the use of MFA, but also requires MFA within their own business.
To touch on a previous point, you should also make sure you’re reviewing logs for unexplained failed authentication attempts. In some cases, this may indicate that an account within the organization has been compromised. Additionally, be thoughtful about who has permissions to certain accounts and disable accounts when they are not actively being used. Audit this regularly.
Lastly, use the principle of least privilege to restrict unnecessary privileges. This requires that you identify the most high-risk devices across your organizations and minimize the access in which people have to them. When working with a vendor, make sure that they apply this principle to your network environments.
As an organization, it’s important that you understand your environment and segregate your networks. By doing this, you’ll be able to isolate critical business systems and apply network security controls to reduce risk across the organization.
It is recommended that organizations verify connections they have between internal systems, their MSPs systems, and other strategic advisors and supplier networks they communicate with. Virtual private networks (VPNs) or alternative secure access solutions should be used when connecting to MSP infrastructure and all traffic should be limited to that one dedicated, secure connection.
Your organization should also ask and validate that any third-party vendor you are working with uses different admin credentials for each customer (I.e., they won’t use the same credentials that they use to log into your organization that they use for other customers). If any of those vendors’ customers get breached, those same credentials could be used to compromise other businesses, including yours.
With vendors and other trusted advisors having access to an organization’s network, it becomes increasingly important to limit network access. Limiting access of advisors to only the solutions or applications they require helps improve security hygiene. Over the past few years, ransomware actors have increasingly started to target business advisors to gain access to other organizations by abusing trusted access and a lack of segregation controls. A recent example of this targeting is Revil, targeting MSPs in the Kaseya supply chain attack. Threat actors continue to have success by leveraging a lack of controls limiting user privileges and access to data.
It is recommended to use tiering models for administrative accounts to provide layered permissions that don’t create unnecessary access or privileges. Full privileged accounts should only be used when absolutely necessary and should be time-based to further restrict risk. Identifying high risk devices, applications, and users can help to minimize access and associated risks.
As an organization, you should require that the vendors you work with apply this least privilege principle across your environment as well as their own. Additionally, they should only have access to the services and resources needed to deliver the scope of work agreed upon.
Building on least privilege is the zero-trust model
. While not quite interchangeable but tightly coupled, zero trust means every organization, by default, should put zero trust in every user, endpoint, device, etc. From internal to external users, mobile devices to laptops, network components to network connections, every endpoint should be considered untrusted until authenticated and authorized.
To be fully secure and compliant, don’t just
apply routine updates. Go the extra mile and address that all aspects of patches are adhered to. When working with a vendor use their recommendations and experiences to help ensure you're getting the most out of updates. For example, organizations should prioritize patching vulnerabilities included in CISA’s catalogue of known exploited vulnerabilities (KEV)
versus only those with high Common Vulnerability Scoring System (CVSS) scores that have not been exploited (and may never be exploited).
BDO Digital can implement alternative detection and mitigation measures for when patches break things or for when there are multiple patches in a rapid succession release. If you need help with patching, BDO Digital’s managed services
team can take this off your plate entirely. Top-tier vulnerability technology coupled with support from a team of experienced security professionals helps you protect against threats and decrease the risk of compromise to your business.
Equally as important as routine updates are routine backups. Regularly backing up your critical data and systems is an important cybersecurity best practice. Data from business-critical systems should be backed up, with the frequency of backups being informed by the type of data and business requirements. Backups should be stored remotely, encrypted, and ideally have different retention spans as a best practice.
Further, keep backups separate and isolate them from network connections that could promote the spread of ransomware. Most ransomware variants attempt to find and encrypt/delete accessible backups. Isolating them will allow for the restoration of systems/data to their previous state should they fall victim to and become encrypted by ransomware.
Another important aspect of disaster recovery is that the backup and restoration process be tested frequently. You must confirm that your process works; the time of a disaster is not the appropriate time for these tests! They should be planned, scheduled, and tested at a regular cadence. Then, process and procedure documentation should be updated based on results.
BDO Digital can help you design, implement, and support best in breed backup and disaster recovery solutions to help ensure you are protecting what matters most.
Often the best way to shore up a security program is to improve internal operational procedures. Make sure your computer emergency response team (CSIRT) and crisis plans are tuned to the digital age. Don’t get caught flat footed in terms of privacy, reputation, or other impacts.
An incident response and recovery plan should outline the roles and responsibilities of all stakeholders in the organization in the event of a disaster. Make sure you keep updated hard copies of this plan on hand to help ensure the plan is accessible even if networks are inaccessible. Additionally, to be extra prepared, you should put your plan to the test often.
Vendors bring a certain level of expertise and valuable experiences to the table; however, with those connections comes increased risk. Integration of the digital supply chain creates massive conveniences but provides an increasing number of new opportunities for threat actors. Even within the secure and trusted connection of your most important digital vendors, threats can thrive with persistence and cause wide-spread damage.
Organizations should validate that their contractual agreements with third parties meet specific security requirements and that their contract specifies whether the third party or the customer owns specific responsibilities, such as hardening, detection, and incident response.
Your business must understand the risk of working with third-party vendors and subcontractors. When working with third-party vendors, make your security expectations very clear from the get-go and make sure that you understand and audit the level of access they have.
Last but certainly not least, remember that more transparency leads to enhanced security. When working with external vendors, make sure that you clearly understand what security services are being provided. Address anything that you feel your business needs but that may fall outside of the scope of the contract.
Check to make sure that your vendor clearly outlines how they will notify you in the case of an incident affecting your environment. As their customer, a vendor should want you to have as much information about your cybersecurity program as possible. Being transparent will only help benefit both of you in the long run, as it can enable better results and a more secure business environment.
Re-thinking and maturing your cyber strategy can seem like a daunting task at first. But much of it can be made easy by leveraging the full Microsoft stack and teaming with a best-in-class service provider to operationalize and provide support for cybersecurity solutions. To learn more about how you can help lower costs and minimize the tools needed to protect against cyber threats, contact BDO Digital