Do you remember your 3rd grade schoolteacher?
Linda Hogendyke – she was mine. In addition to having an excellent prize drawer and a massive stash of Mike-and-Ikes, she was also a great storyteller. One story I distinctly remember her sharing was the popular Dutch tale – The Hero of Harlem
It’s likely you are familiar with it – a young Dutch boy notices a leak in the dike. So, he sticks his finger right in and plugs the leak. He stands there all night long, keeping the water at bay, until workers find him in the morning and were able to repair the dike. He singlehandedly saves Holland with one finger and a whole lot of patience.
As an IT service provider, do you ever feel like that boy? Like you are all that stands between your clients and total cyber-ruin? Is that ever overwhelming? What do you do when you notice a vulnerability in your client’s systems? Surely, you do your best to stop the leak – shore up the dike and prevent any further breaches. But what do you do when you notice 11 leaks in the dike and realize you only have 10 fingers? Maybe you just live with a few leaks. When they get bad enough, you’ll get around to repairing the dike – eventually.
No one is suggesting you feel great about this. It is what it is. After all, you’re doing the best you can, right? At least you’re not the biggest fish in the pond. They don’t target mid-sized MSPs anyway, right? The flood will likely just flow conveniently around you, right?
Unfortunately, it is far worse than just a few small leaks in the dike – we are riddled with vulnerabilities across so many vectors – and a multibillion-dollar industry has been built around exploiting them.
Microsoft has recently shared something alarming – Nobelium, the same threat group responsible for the infamous SolarWinds hack in 2020, has been specifically targeting managed service providers this year and has been successfully breaching many that we know of. And this is just one bad actor in an ocean of thousands, and 43% of all their attacks are not on the big guys – they are targeting small businesses. These are highly sophisticated and organized cybercriminals, and they are targeting you.
Considering some of the biggest guys in the industry are failing to repel the massive flood of cyberattacks, (Kaseya, SolarWinds, Ubiquiti, etc), how can you be expected to measure up with only a fraction of the same dedicated resources and tactical agility? A single finger in the dike won’t cut it this time.
So, what can be done? With so many vectors to guard and vulnerabilities for bad actors to exploit, an equally daunting number of solutions and providers have risen to the surface – each one claiming to be the critical plate in your security armor. How should you start?
In the case of the recent spree of Nobelium attacks, we can find some incites to guide us. They have been aggressively employing a host of strategies specifically targeting privileged credentials, including malware, password sprays, and more. With 63% of data breaches in 2020 involving privileged credential abuse, one powerful step IT providers can take is to simply stop sharing passwords, but for most MSPs that is easier said than done.
We know targeting privileged credentials is the most direct vector for a bad actor to access the networks and data they want, and yet, for MSPs, the practice of sharing those critical accounts is commonplace – even expected at times. Not only is this practice non-compliant with industry standard security frameworks, such as HIPAA and PCI for example, but it is also a tremendous risk to MSPs and their clients.
We can plug 63% of those data-breaches in the proverbial dike by ensuring the following:
1st -> each relevant identity has their own unique account on every domain they need to access.
This eliminates the need for account sharing, creates an accurate and traceable log of activities on every network, and allows administrators to enable/disable access at the identity level.
2nd -> fully administrate the rights and privileges for those accounts.
Not only should you be able to fully control who has access, but you should also be able to control what each identity is allowed to do with that access.
3rd -> rotate credentials automatically every day.
This could seem excessive to some, but in most cases bad actors do not make their presence in a network immediately known. In some cases, they will remain a silent observer on the network for days or even weeks before you even realize you’ve been compromised. By automatically rotating passwords daily, you can revoke a bad actor’s access almost as soon as they have stolen it.
4th -> make the creation, management, and use of these accounts as simple as possible.
If you create policies and procedures that are compliant and safe, it can be a formidable beast to manually manage and enforce. Humans will typically choose what is easiest or most convenient over what is safe – unless you create a tenable process that enables them to be effective and efficient.
All of these are fully realized in our secure and efficient platform for MSPs – TechIDManager. You are the IT Provider you are the hero who must step up and prevent the dike from breaching.
Let us show you how today.