Threat actors exploiting trust relationships with IT Service Providers

Most businesses, especially Small-Mid-size Businesses (SMB), outsource their IT to Managed Service Providers (MSP) to manage their network, servers, desktops, peripherals, and A/V needs. Most SMBs expect the MSPs to provide security coverage along with IT Support.

Typically, MSPs manage hundreds of networks and provide two shifts of services and maintenance activities. IT Service providers have a trusted relationship with their customer and have access to administrative privileges to multiple customers’ network and servers. MSPs simplify the process and use standardized procedures for their customers, which becomes even more important with a higher employee turnover than average.

The cybercriminals see this trusted relationship as a good opportunity to navigate the MSPs standards and gain access to multiple customers’ network and servers. The cybercriminals exploit this relationship and are more successful as opposed to attacking each SMB.

The United States Department of Homeland Security (DHS) had recognized this global issue and has recommended MSPs and their customers to implement better defense strategies to protect their infrastructure assets and disrupt any threat activities.

APTs Targeting IT Service Provider Customers

How do MSPs differ from MSSPs?

The role of Managed Security Service Providers (MSSP) is somewhat new to many SMBs. As cyber-threats have become commonplace and affecting every size of business, it is important to recognize the role of MSSP in implementing, enhancing and supplementing your cybersecurity needs.

Comparing MSP to MSSP is analogous to comparing a city’s mayor to the chief of police. The former is an administrator while the latter focuses on the necessary comprehensive security measures and allow the administrator to safely accomplish his tasks.

MSPs make the information usable to the company, while the MSSPs make the information secured from abuses and unauthorized access.

MSPs have an operational focus – keeping the company data available and enable employees to operate. The day-to-day operations are managed through Network Operations Center (NOC) and provide basic security.

MSSPs are proactive-security focused – implementing advanced techniques in Threat detection, prevention and response techniques, and are coordinated via the Security Operations Center (SOC).

What should SMBs look for?

The customers should recognize the differences in roles of MSPs and MSSPs, recognize that both the roles are required for the business operations.

If security is a priority for a company, the executives must take a proactive approach towards addressing those concerns. The businesses should not expect their IT Service Provider to provide the in-depth security that they need and instead engage the right skills, to keep the business operational and to keep the digital assets secured.

The IT Service Providers or MSPs should engage a Managed Security Service Provider to complement their services and provide an enhanced trust relationship to their customers.


abdul hafiz

Author: Abdul Hafiz

Enterprise Solution Architect