“A managed service provider is viewed as an outsourced IT department,” mentioned Eugene Eychis (pictured), Underwriting Director for Cyber & Tech at Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of firms primarily based in Houston, Texas. “They provide a variety of IT services, like data hosting, backup and recovery services, network management, software updates and security monitoring.”
While bigger firms use them, smaller- and medium-sized firms are likely to depend on them closely as effectively.
MSPs permit these firms “to focus on their core business, save money by not hiring an internal IT staff member which can be costly, and trust that their IT systems are handled by IT experts,” he mentioned.
The most typical sort of coverage for MSPs is a expertise errors and omissions coverage.
“MSPs are actually the most common type of class that we see when we’re underwriting technology companies. They’re quite ubiquitous,” he mentioned. “We have a lot of experience underwriting them directly as well as a lot of their clients. MSPs are used by a variety of companies and industries, from education, manufacturing to healthcare. We see both sides of the exposure: the MSP themselves and their clients.”
Unique challenges
MSPs can function anyplace, and with that comes challenges when it pertains to cyber safety. Eychis defined: “Because of the large number of clients they have, MSPs have access to a wide range of client data, which usually makes them a valuable target for hackers.” Multiple purchasers are sometimes managed on the identical service or community, “which can increase the risk of an attack,” he mentioned. Essentially, hackers can achieve entry to a number of firms’ IT methods directly.
MSPs sometimes have administrative privileges which grant them “special system-level permissions that allow users to make certain changes.” So, hackers might abruptly discover themselves with these privileges in hand, the place they’ll “install software, and access various important files.”
Many MSPs depend on RMM (distant monitoring and administration software program) to “gain remote access to their clients’ systems. If the MSP system is compromised, then hackers can use that same RMM software to gain access to their clients’ systems and install malware or launch ransomware attacks.”
This makes an MSP a treasure trove of types to a hacker.
“From a hacker’s perspective, it’s much more valuable to get access into one MSP who has many clients with sensitive data rather than trying to get individual access into various businesses separately,” Eychis mentioned. “Once inside the MSP’s network, a hacker can potentially request a ransom demand from the MSP and/or they can request individual ransoms from individual clients of the MSP. We’ve seen this play out,” with a ransomware assault declare, the place the hacker requested a big ransom demand from the MSP, and the impacted purchasers obtained smaller ransom calls for.
This creates a state of affairs the place the MSP faces legal responsibility from their purchasers, to not point out reputational hurt.
Solutions
So what can MSPs do to stop a ransomware assault and assist higher shield themselves from such a doubtlessly ruinous state of affairs?
“There’s definitely not some type of silver bullet solution but a combination of key things will go a long way,” mentioned Eychis.
These can embody:
- Having MFA (multi-factor authentication) in place, particularly for RMM.
- Having EDR (end-point detection and response) in place for all end-points. EDR is a instrument for steady monitoring, which information and shops system-level behaviors in addition to detects suspicious system conduct.
- Having off-line system backups.
- Conduct phishing coaching with workers.
- Be selective and restrictive of who has particular administrative privileges, in addition to conducting common critiques of these accesses.
- Make positive you carry satisfactory cyber insurance coverage from a service that has expertise with MSPs.
On the final level, he explains {that a} coverage can “help mitigate the costs of a ransomware event. And coverage is relatively inexpensive in relation to the potential monetary and reputational harm of having a ransomware attack and having to handle it without insurance.”