The Australian Cyber Security Centre (ACSC) has joined with international cyber security agency partners to warn of pressing cyber risks and provide guidance on how to strengthen cyber defences.
Head of the ACSC, Abigail Bradshaw said the joint Protecting Against Cyber Threats to Managed Service Providers and their Customers cybersecurity advisory would assist Managed Service Providers (MSP’s) and their customers to strengthen their defences against state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors.
In a statement, ACSC said an MSP was a company that remotely managed a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis.
Ms Bradshaw said APT groups and cyber actors were expected to increase their targeting of IT service providers and their customer networks.
“Managed Service Providers are vital to many businesses and as a result, a major target for malicious cyber actors,” Ms Bradshaw said.
“These actors use them as launch pads to breach their customers’ networks, which we see are often compromised through ransomware attacks, business email compromises and other methods,” she said.
“Effective steps can be taken to harden their own networks and to protect their client information.”
Ms Bradshaw encouraged all MSP’s to review their cyber security practices and implement the mitigation strategies outlined in the joint Cybersecurity Advisory.
She also encouraged organisations to review the Advisory for a complete list of recommended security measures and operational controls.
“Organisations should implement these guidelines in accordance with their specific security needs, and compliance with applicable regulations,” she said.
Ms Bradshaw said that along with the ACSC, the Advisory was issued in collaboration with the Canadian Centre for Cyber Security; the United Kingdom National Cyber Security Centre; the New Zealand National Cyber Security Centre; the United States (US) Cybersecurity and Infrastructure Security Agency; the US National Security Agency; and the US Federal Bureau of Investigation.
The joint Cybersecurity Advisory can be accessed at this PS News link.
