Protecting Your Business from Managed Service Provider Cyberthreats

Co-authored by Waleey Fatai, Law Clerk

The cybersecurity authorities of the United States, the United Kingdom, Australia, Canada and New Zealand recently issued an advisory alerting organizations and service providers of the rise in malicious cyberattacks against managed service providers (MSPs). The advisory defines MSPs as entities that deliver, operate or manage information and communication technology (ICT) services and functions for their customers via a contractual arrangement, such as a service level agreement. This advisory is timely in light of recent cybersecurity attacks and incidents. For example, T-Mobile, Nvidia and Okta were recently reported to have been victims of ransomware attacks by international hacker group, Lapsus$. Another ransomware group, Conti, recently compromised more than 60,000 messages dating back to January 2021 from the backend of a Jabber server.

While organizations typically engage MSPs to provide them with various ICT management and operation services, the organizations could themselves also be victims of these attacks. As such, even before addressing MSP-related vulnerabilities, risk professionals should first consider how to help their organizations mitigate their own risks of such attacks.