Are Managed Service Providers the new target for ransomware hackers?SecurEnvoy 24/09/2019, Industry News
Dozens of dental clinics in Oregon and Washington faced disruption with blocked access to patients’ records due to the recent ransomware attack on Portland based PM Consultants Inc. These Managed Service Providers (MSP) are the latest targets for ransomware hackers.
Weak and vulnerable cybersecurity continues to be the lead cause for hacking attacks as PM Consultants Inc. become the latest victim. If the importance of multi-factor authentication is still overlooked, this latest attack should make you think otherwise.
Poor levels of cybersecurity resulted in the breach of this MSP who handled software updates, firewalls and data backups for the dental clinics. MSPs are beneficial as they provide such facilities to dental clinics, local governments, medical clinics and various other SMEs who don’t always have enough funds for their own IT services. The lack of technical know-how and shortage of time for research on IT infrastructure, makes these MSPs an attractive option.
However, it’s fair to say that this high level of reliance on MSPs makes them an attractive target for ransomware, whilst indirectly putting the many dependent companies at risk. Generally, with MSPs having unrestricted access to their customers’ networks, by attacking and compromising them, hackers can infiltrate and quickly cause damage to many other firms. Attackers have infiltrated these MSPs by exploiting their lapses in security including weak passwords and failure to use two factor authentication. These low levels of cybersecurity at MSPs make it easy for ransomware hackers to conduct and encourage one of the world’s most common cybercrimes.
The breach against this MSP could have easily been avoided. The solution? Strong two factor or multi-factor authentication (MFA) with a trusted organisation that focuses on this issue exclusively. We would say this, of course, but it’s not just us: The value of MFA is recognised everywhere as one of the easiest ways to improve security online.
As all our customers know, MFA is easy to implement and manage, and at a stroke removes the fragile reliance on passwords for security.