A Key Cybersecurity Threat: Targeting of IT Vendors by Cybercriminals

A managed service provider (MSP) is a company that remotely manages IT infrastructure for customers on a proactive basis, typically under a subscription model. Many small businesses rely on MSPs on varying levels from supporting internal IT resources to outsourcing an entire IT operation and everything in between. Overall, the relationship between a small business and an MSP can be very deeply interconnected.

Rose & Kiernan, Inc. uses Beazley Breach Response (BBR) Services for a large number of our clients. Recently, Beazley reported an increase in ransomware attacks on MSPs. We know from previous analyses that small businesses can be more vulnerable to cyber-attacks. According to Beazley, they made up 63% of all ransomware incidents reported to BBR Services in 2019. They also noted a 37% increase in incidents targeting IT vendors (MSPs) in Q3 2019.

Why the increase? According to Joshua Dann of Lodestone Security, “MSPs have to balance a need for speed and convenience when it comes to being able to respond to clients, with ensuring the right security controls are in place. Too often, speed and convenience win out over security controls.” This should not (and cannot) be the case.

It’s vital for companies to thoroughly vet potential IT vendors (MSPs). To help you out, Beazley provides the following checklist questions:

  1. Does the organization have a security program in place? This would include period risk assessments.
  2. Does the organization have ongoing security awareness training?
  3. Does the organization have a SSAE 18 SOC 2 Type II report or similar type of report available to customers?
  4. Are security and availability requirements enforced in master service agreement contracts with the organization?
  5. How does the organization protect protected health information (PHI)?

As a business owner, it’s imperative to be aware of any and all risks. You take measures to protect your data, and as such, you want your vendors that you work with to do the same.

Of course, cybersecurity insurance is important and recommended, as it helps a business recover from a security breach or other cyber event. For more information on Rose & Kiernan’s cybersecurity risk management, please contact us at techrisksolutions@rkinsurance.comClick here to learn more about cybersecurity insurance.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

cloud-based email compromises
A Key Cybersecurity Threat: Banking Trojans

A banking Trojan is a type of malicious computer program that is designed to gain access to confidential information stored or processed through an online banking system.

Read More

cloud-based email compromises
A Key Cybersecurity Threat: Business Email Compromises (BEC)

Business email compromises (BEC) are on the rise as a major cybersecurity threat. There are steps business owners can take, including getting cybersecurity insurance coverage.

Read More

ransomware attacks
A Ransomware Attack on a Local Business Reminds Us of the Importance of Cybersecurity

A recent story ran in the Albany Business Review that talked about a local company, Dimension Fabricators, and how they were hit with a ransomware attack.

Read More