In case you missed it, on December 19, 2021 global IT consulting firm Inetum Group suffered a ransomware attack. The attack impacted internal operations in France but did not impact Inetum’s operations outside of the country, according to a statement from the company.
While it seems like bad news on the surface, Inetum’s cyberattack is actually a success story. Among other details of the attack, Inetum disclosed that the isolated event:
- Did not affect any of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients
- Within the affected Inetum perimeter, all servers have been isolated and client VPNs have been switched off
What does this mean in laymen’s terms? The cyberattack did not extend from the MSP’s servers to downstream customers. In other words, the external cybersecurity framework and protective tools in place by Inetum protected its customers from a supply chain cyberattack.
Why the external protections of MSPs and MSSPs matter
Managed services providers have become frequent and valued targets of cybercriminals (see the recent Kaseya breach for an example). From an attacker’s standpoint, compromising the network of a singular enterprise may provide a modest return in the form of ransom and extortion payments. But compromising the network of an MSP or MSSP, and, by extension, all its clients, may increase that return exponentially.
For this reason, one of the first things you should look for in an MSP or MSSP is that it has robust external cybersecurity protections to protect its Remote Monitoring and Management (RMM) platform from attack. An RMM is what allows the MSP/MSSP to control its customers’ IT systems (such as network devices, desktops, servers and mobile devices) by means of locally installed agents. The RMM also allows MSPs and MSSPs to install new or updated software remotely, detect new devices and automatically install the RMM agent, and provide alerts and reports of activity across all the managed servers and devices.
Because an RMM platform extends an MSP/MSSP’s scope of control to the networks of all of its clients, this platform needs to be protected in the event of a cyberattack to maintain the integrity of clients’ data.
Choose an MSP or MSSP with strong external cyber protections
While a robust cybersecurity framework and mature cyber policies can protect organizations from cyberattacks, there is no magic bullet when it comes to cybersecurity. Security incidents can still happen. But in the case of an incident or event, MSPs and MSSPs should have protections in place to prevent their RMMs, and by extension, their clients, from being compromised.
At Corsica Technologies, we employ web application firewalls (WAF) and anti-distributed denial of service (anti-DDoS) controls to protect our platforms and our clients’ data from attacks.
The WAF decrypts incoming traffic from the internet and filters it through a comprehensive set of Intrusion Prevention System (IPS) inspections that are designed to detect and block web-based attacks. This inspection happens before traffic ever reaches Corsica Technologies’ RMM platform.
Another popular attack in the cybercriminal’s arsenal is DDoS, in which an untenable volume of network traffic is directed at a targeted system. The goal of such an attack is to overwhelm the targeted system and make it unusable. If the Corsica Technologies RMM server were targeted by a DDoS attack, our anti-DDoS control will intercept and drop the offending traffic before it reaches our RMM, thereby preserving the availability and security of this critical resource.
Ransomware and supply chain attacks are showing no signs of stopping. If you haven’t yet, now is the perfect time to sit down and look at the external cyber protections used by your MSP/MSSP to make sure that it is adequately protecting your organization against cyberattack.
Interested in learning more about cybersecurity protections and services from Corsica Technologies? Check out our cybersecurity offerings and get started on a posture review here.