12 Days of Passwords: Access Management to Privileged Credentials
It was not long ago when an ethical hacker penetrated a $40M MSP...
And they were successfully exploited, leaving the MSP and their clients credentials and data vulnerable. Passportal's President, Dan Wensley, himself delves deep with the ethical hackers themselves in a recent webinar into how exactly this happened and how easily it could have been prevented.
The market today has proven that MSPs are becoming increasingly attractive to external forces. The group most commonly targeting managed service providers is the actor group, Advanced Persistent Threat (APT) 10 geolocated internationally, yet hitting so close to home. This was the hacking group that emerged yet again for the reported MSP and RMM exfiltrations. According to threat intelligence agency FireEye, APT10 targets North American, European and Japanese governments, and MSPs in the industries of construction and engineering, aerospace, and telecom firms.
Hacking can happen within the MSP
Not only do you need to be aware of external threats and phishing scams, you need to be aware of which technicians have access to what. Does your MSP have control? If you are unable to identify the permissions and privileges through a technician hierarchy, how comfortable would you be telling how your clients sensitive data is being handled.
What if technicians leave the company? Technicians typically know or have access to the vital information to the internal working of your MSP and your clients. Now, let's let that stew.
MSP Quick Tip Takeaways...
- Implement a Password & Documentation Management solution will relieve that worry of who knows what. Use automation and permissions to your advantage.
- Advance your service offering and security posture in the market through branded Password Management-as-a-Service (PMaaS)
Continue reading Passportal's 12 Days of Passwords:
- 12 Days of Passwords: Educate Your MSP on Cybersecurity & Password Best Practice
- 12 Days of Passwords: Use Multi-Factor Authentication (MFA)
- 12 Days of Passwords: Access Management to Privileged Credentials (You're already here!)