Assess Your Vendors’ Use of Network-Wide Access Tools and Ask Questions Like These.
Kaseya is the latest company to be victimized by a cyberattack. Like the SolarWinds event earlier this year, this attack not only affects Kaseya but also hundreds of its clients.
A remote monitoring and management tool, Kaseya is one of the largest and best in the business. Managed service providers and enterprises use Kaseya to remotely manage their PCs, servers and laptops. The tools allow companies to do such things as monitor performance, connect remotely, and manage software updates.
The tools are pervasive and powerful, installed across networks. Unfortunately, this also makes them a big target for hackers, as they can provide access to large numbers of people and systems and the control to push software, like ransomware, to an entire network.
What can organizational leaders do to mitigate this kind of risk?
1. Vendor Assessment
Find out what tools and services your vendors are using—not just in your network to perform service, but what they use themselves. A business can be infected by a vendor that is managed by a company that is managed by an MSP that uses Kaseya. Ransomware can traverse networks!
2. Ask Questions
After discovery, leaders need to ask questions. Don’t relax if your providers don’t use Kaseya. Ask questions like these:
- Why are you using the RMM?
- Is it possible to deliver the services currently deployed in the RMM in some other way?
- If not, how well can you restrict the RMM’s capabilities to only have access to perform the tasks that it must?
- Have you spoken to the RMM vendor to find what steps they are taking to protect themselves from becoming the next victim of a cyberattack?
- How are you monitoring RMM traffic and usage to alert us to any suspicious behavior?
RMMs will continue to be targets. They are gold for hackers, but so are many systems that are used for remote management. That said, the solution can’t be to halt usage of those tools—they provide important functions, such as remote patching, which keeps servers and operating systems up to date and secure.
However, an alternative is moving more to the cloud and decommissioning the use of traditional servers and workstations, which can begin to decrease the importance and need for RMMs.
Platforms like Office 365, AWS, Azure are more like data centers than clouds. Clients buy fractional use of those data centers, which are robust and give the client control to secure and protect their data just like a traditional data center, as well as the opportunity to design, build and layer on security products. These platforms are not shared, like some software as a service options, so they are less appealing to hackers. They can’t hack multiple systems at one time.
The Kaseya ransomware attack is yet another reminder to take cybersecurity seriously. Governance of your network and data is critical. There is no magic bullet—using computers on the internet is dangerous. But if you ask the right questions, hold vendors accountable and find partners that have the capabilities to support you and secure your networks, you will position your organization to do well in navigating these treacherous and uncertain situations.
About the Author
Chris Sachse, CEO
Chris started Think|Stack in 2011 to serve organizations who serve their communities. Chris saw the important role tech and cybersecurity played in the financial services space. For over a decade Chris and his team have made it their mission to support, secure and empower credit unions to innovate through continuous technology improvement. He is an educator at heart and passionate about helping leaders and their teams understand how technology can support their goals while delivering seamless, enjoyable technology experiences to their people. As a cloud and cybersecurity leader, Chris is proud to sit on the MD Governor's Workforce Development Board as Vice Chair as well as the Cybersecurity Association of MD as Chair.