Five Eyes warns A/NZ MSPs of increased cyber threat

Five Eyes warns A/NZ MSPs of increased cyber threat

Customers urged to ensure MSPs’ contracts specify cyber security controls.

Credit: Dreamstime

Managed service providers (MSPs) are facing a heightened threat of cyber attacks and have been urged to re-evaluate security processes and contractual commitments with customers. 

A joint report by cyber security authorities in Australia and New Zealand, alongside the United States, United Kingdom and Canada, otherwise known as Five Eyes, has warned of the increased threat to MSPs due to their access to multiple customer networks and sensitive data. 

Indeed, a 2020 report by Cylance (now Blackberry), said MSPs were hot property for cyber criminals seeking a larger net of companies to attack. Worryingly, the attackers were found to be choosing ransomware as their attack method of choice.  

In the new joint report from Five Eyes, MSPs were alerted to the “cascading” risk of attacks within an IT supply chain, as seen in last year’s attack on Kaseya’s VSA product.

“Whether the customer's network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects,” the report claimed. 

“The UK, Australian, Canadian, New Zealand and US cyber security authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.” 

For example, the report noted, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against it as well as across its customer base. 

Authored alongside the Australian Cyber Security Centre (ACSC) and New Zealand’s National Cyber Security Centre (NCSC), the report issued a new set of guidelines for MSPs for protecting themselves and their customers. 

The report recommended that MSPs and their customers implement the baseline security measures and operational controls listed, while customers should ensure their contractual arrangements specify that their MSP implements these measures and controls. 

The first of the extensive list of steps to prevent any initial compromise included implementing mitigations against attack methods exploiting vulnerable devices and internet-facing services, brute-force attacks, password spraying and phishing, according to the report. 

Enabling monitoring and logging were also recommended, including storage of most important logs for at least six months and implementing endpoint detection and network defence monitoring capabilities in addition to using application allow-listing/deny-listing.   

MSPs were also urged to secure remote access applications and enforce multi-factor authentication (MFA) where possible to harden the infrastructure that enables access to networks and systems.  

Other measures included developing and exercising incident response and recovery plans, which should include roles and responsibilities for all organisational stakeholders, including executives, technical leads and procurement officers.  

Finally, they were advised to understand and proactively manage supply chain risk across security, legal and procurement groups, using risk assessments to identify and prioritise the allocation of resources.   

MSP and customer transparency were also highlighted as key issues, with both parties urged to make cyber responsibilities clear in the contracts.  

“MSPs, when negotiating the terms of a contract with their customer, should provide clear explanations of the services the customer is purchasing, services the customer is not purchasing and all contingencies for incident response and recovery,” the report said. 

“Customers should ensure that they have a thorough understanding of the security services their MSP is providing via the contractual arrangement and address any security requirements that fall out.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AustraliaFive eyesNew Zealandcyber security



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments