Companies everyday invest in working with outsourced third-party IT providers to handle their day-to-day IT support, their backups or general cybersecurity. The goal typically when hiring an outsourced IT provider is to be MORE secure by leveraging their team.
However, over the last few years cyber criminals have realized that one of the best ways to break into small-to-medium businesses is by breaking into the systems of IT providers. This new threat means that if a cyber-criminal can break into an IT provider, they immediately have access to the dozens or potentially hundreds of small business clients that IT provider supports.
This has proven to be a goldmine for cyber criminals over the last few years, as criminals have managed to break into THOUSANDS of companies around the world through the systems of their IT providers. This threat of IT vulnerability is only going to get worse, which means if your IT provider does not take cybersecurity seriously, their systems could be one of the biggest security risks to your business.
Background on Two Major Security Breaches of IT Providers
SolarWinds
SolarWinds is a large publicly traded software provider that makes software for both internal IT departments and IT providers. In December of 2020, it was discovered that cybercriminals had previously inserted malicious code into the update system of their software. When their customers installed their latest software updates, they unknowingly also infected their systems with a virus that allowed cyber criminals to remotely access all their data and even potentially install more viruses or backdoor access tools.
THOUSANDS of companies fell victim to this vulnerability, including Microsoft, Cisco, the US Treasury Department, the US Department of Homeland Security and countless other smaller companies.
The scariest part of this whole attack is that it’s believed that the criminals originally got access starting around September of 2019, meaning the cyber criminals potentially had remote access to thousands of companies FOR OVER A YEAR!
Kaseya
Kaseya is a Florida-based company that, similar to SolarWinds, provides various software and services for both internal IT departments and IT providers. Their products are primarily used to remotely manage client’s computer systems or to provide additional protection to clients (such as backups or security tools).
Amongst IT providers, Kaseya is virtually a “household name”, with the overwhelming majority of U.S. IT providers using at least one of their products or services.
On Friday, July 2nd, just seven months after the SolarWinds cyberattack was disclosed, while many companies and IT teams were preparing for a long 4th of July weekend, cybercriminals launched a near simultaneous attack against dozens of IT providers all around the world, exploiting a vulnerability they had found in Kaseya’s remote management software.
As a result of this attack, cyber criminals were able to successfully take control of the systems of approximately 50 IT providers, which then gave the criminals the ability to deploy ransomware to an estimated 800 – 1500 businesses that were clients of these IT providers.
The ransomware quickly spread across client computers, making it impossible for the businesses to work by locking the clients out of their critical data and in many cases also wiping out their backups at the same time. This attack was the LARGEST publicly disclosed ransomware attack in history, and it was done USING IT PROVIDERS!
The New Reality – IT Companies Have a Bullseye on Their Backs!
The Kaseya and SolarWinds attacks show that just like any other business, IT companies can become victims of cyber-attacks as well. However, due to the unique role that IT providers play in supporting other businesses, their risks now become risks for their clients too. Cyber criminals have realized that it is more efficient for them to target one IT provider than dozens of individual businesses and now that they’ve found this “more efficient path”, these criminals aren’t likely to stop anytime soon.
The new reality is that IT providers are now a high value target for cyber criminals and that they continually have a giant bullseye on their backs.
When Choosing an IT Provider, choose one that takes cybersecurity seriously!
No IT company is bulletproof, anyone can get broken into. However, to help avoid a disaster for YOUR business, it is CRITICAL that your IT provider is continually working to reduce the risks of themselves falling victim to a cyberattack, while simultaneously having systems and processes in place to quickly detect and respond to a cyber event if it happens.
When evaluating an IT provider, here’s some initial questions you might want to ask:
- Do they have an ongoing process for evaluating and improving their own internal security?
- Are they continually looking for new vulnerabilities or security issues within their own systems?
- Do they have their systems locked down to only allow authorized programs to run?
- Have they separated your backup systems to reduce the chances of criminals wiping out all your data AND all your backups at the same time?
- Do they have ongoing monitoring & detection to help them quickly detect potential breaches of their systems?
- Is their staff regularly trained on new cybersecurity threats and how to avoid them?
- Do they have certified cybersecurity professionals on staff?
- Do they have a plan in place for what to do if a cyber event happens?
- Do they have cyber liability insurance?
Our Certified Cybersecurity Professionals at Antisyn are Here to Help!
We understand that small-to-medium businesses need someone they can trust to help keep them safe. Our team of certified cybersecurity professionals are available to help you evaluate ways to improve your cybersecurity and help reduce risks. If you’re worried about your company’s IT systems or cybersecurity, reach out to us and we’d be happy to provide a free consultation.