In 2021, we saw the devastating effects that cyberattacks and vulnerabilities in remote monitoring and management (RMM) tools could have on managed services providers (MSPs) and their customers. As we enter 2022, MSPs should ensure they are taking the necessary steps to secure their RMM tools and ensure they are watching for any signs of attack.
MSPs are more and more becoming the target of cyberattackers, thanks to their high-privilege access to client networks and systems. According to one recent report, 73 percent of MSPs reported at least one security incident in the past 12 months, and 60 percent of MSP client incidents were linked to ransomware.
One example of the risk at hand was the ransomware attack we learned of last July on Kaseya, one of the leading RMM companies. This attack impacted multiple MSPs that leveraged Kaseya’s VSA software and many of their customers. While Kaseya responded and ultimately remediated the vulnerability, it highlighted the importance of securing this type of software that is essential to the MSP business.
RMM tools aren’t inherently risky, but the reality is that any software can be vulnerable. Given the deep access these tools have inside customer environments, there are many things an MSP can do to make sure they are minimizing the risk these types of tools pose to their own business and their customer environments.
MSPs should make sure they’re carefully evaluating any RMM tool they implement to ensure it has been carefully evaluated for cybersecurity vulnerabilities and discuss with the provider what precautions have been put in place. This can include evaluating data privacy, encryption, multi-factor authentication, malware protection, and more. This evaluation can also include what cyber features the RMM tool can provide to their customers, including patch management, vulnerability detection, network monitoring, asset discovery, and automation.
MSPs should also make sure that they’re only leveraging RMM tools for clients who actively need it regularly, essentially limiting any potential risk to customers that don’t need to be exposed. For customers who need RMM support, an MSP should ensure they follow least privilege access principles or only give access to those systems they need to perform their essential services. In addition, they should make sure they’re implementing best practices for using the tools, including only giving employees who need access to the tool and enforcing strong password rules.
Of course, even with all these precautions, MSPs should ensure they’re constantly monitoring for signs of attack and potential risk. This involves implementing strong cybersecurity protections inside their own business and continuous monitoring to flag potential malicious behavior as quickly as possible.
In today’s risky cyber world, it’s more important than ever that an MSP takes every precaution possible to protect its customers from attack. In doing that, they can ensure that they remain a truly trusted advisor partner instead of being the cause of a potential attack.