Well, that certainly did not last long. After a year of pandemic and far-reaching cyber attacks (Solar Winds, Microsoft Exchange, Colonial Pipeline, JBS), everyone was ready for a nice long holiday weekend. Then just like clockwork, another major cyber attack hit the supply chain.
This may sound like a lot of techie talk and you may think it doesn’t affect you. But it does.
Let’s start with some background. Many companies and organizations outsource their Information Technology (IT) management to a Managed Service Provider (MSP). This is more cost-effective and efficient than having an in-house technology department. An MSP usually provides these services for several customers. These services include network, applications, email, etc., and it is done remotely. This allows the MSP to manage the network and devices for the client company including pushing upgrades for software and operating systems to the client’s devices.
One of the technologies that some MSPs use is a tool called VSA from Kaseya. As a supplier of technology to MSPs, this makes Kaseya part of the “supply chain”. On July 2, it was discovered that cyber criminals utilized the VSA software to push malicious code and launch a ransomware attack.
The assessment of exactly how many clients have been affected is unclear. Estimates range from less than 50 to more than 70. That is, MSP’s that were affected. The number of downstream companies (i.e., those clients of the MSPs that use the VSA) is still unknown.
Back to how this affects you. Most organizations use at least some, if not all, outsourced IT services. The end customer (you) will never know – that is, until you get a notification from a company with whom you do business saying that your information has been compromised.
So who will help you? Look no further than your friendly neighborhood MSSP. What is that? It’s a Managed Security Services Provider. An MSSP operates similar to an MSP but the focus is on cyber security – protecting the IT services provided by the MSP.
Some MSPs expand their service offerings to include cyber security and become MSSP themselves. However, it’s not as easy as just adding a firewall or updating your anti-virus. Just because both fields work with computers does not mean that they are the same. They are parallel fields with very specific issues and solutions. Therefore, in many instances, the MSPs and MSSPs work cooperatively to protect their mutual clients.