Privacy Plus+

Privacy, Technology and Perspective

New MSP Guidance and U.S. Government Ransomware Website.  This week, the US Cybersecurity and Infrastructure Security Agency (CISA) released new guidance for managed service providers (“MSPs”) and the U.S. Government launched a new website to help public and private organizations defend against ransomware.

MSP Guidance: Many businesses use MSPs to manage IT systems, store data, or support other sensitive businesses processes, making MSPs prominent targets for malicious cyber actors.   The recent ransomware attacks leveraging a vulnerability in the software of Kaseya VSA products is just one example of how compromises of MSPs can have cascading effects on their downstream customers.

CISA’s new guidance recommends that MSPs and businesses that rely on them take certain steps to mitigate risk and harden their infrastructure, including but not limited to:

  • ·       Managing supply chain risks;

  • ·       Implementing strong operational controls;

  • ·       Managing architecture risks;

  • ·       Managing authentication, authorization, and accounting procedure risks; and

  • ·       Reviewing contractual relationships with all service providers to ensure that those contracts include security controls, among other things.

A link to the guidance follows:

Ransomware Website:

The U.S. Government has also launched a new website that provides a central location for ransomware resources and alerts. The website is an interagency resource that provides information about ransomware protection, detection, and response. It includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal agencies.

Countering destructive cyber threats may not be easy.  But it is essential.  And for national security, we think that it is important that the U.S. Government lead these efforts, especially where, in the past, protecting critical infrastructures through public-private partnerships has failed.

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.