According to ChannelInsider, the Kaseya ransomware attack compromised roughly 1,500 "downstream" businesses — and that now managed service providers "are reassessing their approaches to managing IT" after their own upstream vendors were breached:
Rather than assuming the platforms that MSPs employ are secure, end customers will are requiring them to prove it via an audit of their software supply chains.
Chief Architect of Community Services for Team Cymru James Shank said business is suddenly booming. Shank, who also served on the Ransomware Task Force Committee set up by The Institute for Security and Technology, and now makes a crust , providing threat intelligence tools employed to conduct MSP audits.
He expects that attacks on MSPs will only get worse before they get any better. "This is not the end or the middle", he says. "It's only the beginning."
Mike Hamilton, chief information security officer (CISO) for Critical Insight, a provider of a managed detection and response platform does not believe that auditing IT supply chains is going to happen in any great numbers unless the government gets involved.
"American companies are not going to do that unless someone holds their feet to the fire", he says.
At the key to the problem are the IT service management (ITSM) platforms from an IT vendor that might be compromised by malware versus building and securing their own custom platform. The latter approach is not immune to malware but might be less of a target as cybercriminals increasingly focus their efforts on platforms that enable them to wreck greater downstream havoc.
Alternatively, MSPs could switch to IT service management platforms provided by vendors that do not have enough market share to attract the attention of cybercriminals. But this requires a level of investment many MSPs lack the funding or expertise to make.
What this means is that vendors who can prove high levels of security "could gain a market advantage".