Ransomware attacks are not only growing in number, but they are also targeting an increasing number of critical companies and operations. Several municipal governments and hospital systems were hit with attacks during the past several years: The recent Colonial Pipeline attack (which caused fuel shortages and price spikes in some areas of the United States), the health service in Ireland, the Massachusetts Steamship Authority and other entities have drawn attention to just how vulnerable key pieces of infrastructure are to cyberattacks.
The Colonial attack is instructive (and typical): Hackers launched the attack via a compromised password to a disused virtual private network (VPN) account that wasn’t protected by multi-factor authentication.
The White House issued an Executive Order on Improving the Nation’s Cybersecurity in May. The order focuses on beefing up cybersecurity standards, with a specific focus on zero-trust architecture solutions. That could open up some new opportunities for security-centric MSPs, provided they have the right solution set in place.
Urgent Security Initiatives
According to the executive order:
“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.”
The order further outlines several focus areas:
- Removing barriers to sharing threat information between the public and private sectors. Service providers will be required to share threat and incident information with agencies.
- Leveraging zero-trust architecture to modernize and strengthen cybersecurity. The order also will help accelerate the shift among federal agencies to cloud security services, including SaaS, IaaS and PaaS. The order further calls for federal agencies to centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks and invest in technology and personnel to match these modernization goals.
- Establishing baseline security standards for software used by government agencies. Software vendors will be required to provide security data visibility.
- Establishing a standard playbook for cyber incident response within 120 days of the order. According to the order: “The cybersecurity vulnerability and incident response procedures currently used to identify, remediate, and recover from vulnerabilities and incidents affecting their systems vary across agencies, hindering the ability of lead agencies to analyze vulnerabilities and incidents more comprehensively across agencies.”
- Improving cyberthreat detection, investigation, and remediation processes by establishing an Endpoint Detection and Response (EDR) initiative. Recommendations for the initiative are expected within 30 days, with requirements issued 90 days later.
Within 60 days of the executive order, the head of each federal agency was expected to develop a plan to implement a zero-trust architecture. The migration to cloud technology will be required to follow a zero-trust methodology (as far as is practical).
While the impact of the executive order could take a while to affect the market for security solutions, it lays out an accelerated timeline and could help encourage other industries to adopt similar measures.
The fact that the Colonial attack occurred via an exposed VPN connection should serve as a reminder that remote access approaches need to evolve–particularly given the increased reliance on remote work that emerged during the pandemic and will likely continue.
Traditional remote access solutions are vulnerable because each login serves as a verification. A compromised device can quickly gain access to the network. With zero-trust network access (ZTNA), the user and device must be verified before given access, which significantly minimizes risk.
With the U.S. government making zero-trust a fundamental building block of its cybersecurity plans, MSPs can discuss the adoption of this technology with their entire client base (whether they’re a government entity or not). MSPs that are already operating under a security-centric model are likely already providing tools and services that leverage zero-trust, multi-factor authentication, and other approaches that fall in line with the Executive Order.
For anyone paying attention to the expanding ransomware threat landscape, the recent attack shouldn’t have come as a surprise. Organizations that were comfortable with their security posture, or that thought their networks were of little interest to cybercriminals, just received a wake-up call that no network is out of reach of these attacks. The current orders from the federal government reflect what security-minded MSPs already knew–that the methods used to protect vital networks need to evolve to meet this growing threat.
This article originally appeared in Channel Futures.
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management. Connect with him on LinkedIn here.