Cybersecurity

Federal agencies issue warning to third-party security firms

U.S. federal agencies and a number of international partners issued a joint advisory on Wednesday on the best cybersecurity practices for managed service providers to protect their customers and secure sensitive data.

The agencies said they expect malicious cyber actors to increase their targeting of managed service providers, third-party companies that remotely manage and update information technology systems and provide technical support to clients. 

The advisory provided several steps that organizations can take to minimize the risks of falling victim to malicious cyber activity. The recommendations include securing remote access applications, enforcing multifactor authentication, and developing and exercising incident response and recovery plans.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), in a statement. 

The advisory was signed by CISA, the FBI, the National Security Agency, and cybersecurity agencies in the United Kingdom, Australia, Canada and New Zealand. 

The warning is the latest joint advisory on malicious cyber threats. In April, the same group of agencies issued two separate advisories.

One of the alerts urged organizations to protect themselves against common vulnerabilities that tend to be “frequently exploited by malicious cyber actors.” 

The other advisory warned against Russian cyber threats targeting critical sectors that could affect “organizations both within and beyond Ukraine.”

U.S. cyber agencies have regularly issued warnings of possible hacks amid Russia’s war on Ukraine and the Western sanctions levied against Moscow in response.

Experts have also warned that Russia could seek to interfere in the upcoming midterms due to its track record of such behavior in the U.S. and across Europe.

Tags cybersecurity Jen Easterly service providers

The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.

Most Popular

Load more

Video

See all Video