Krebs on Security writes about a hacking incident in Colorado late in 2019:
A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.
We’ve started talking about this in verbal conversations with prospects: today your biggest risk may be your IT provider.
Most IT providers (MSPs) put an RMM agent or remote-control software on each computer that they manage. This agent then connects back to a central source where the MSP can push out security updates, backups and other such measures to keep customers secure.
However, if the MSP’s central source is hacked then it is easily possible for all of their customers to be hacked at the same time.
The active targetting of MSPs is going to reach epidemic levels soon.
We’ll unpack what all of these means in a later post. For now, the top takeaway is that you should be asking your IT provider (1) how they are securing their own house, (2) what changes they have made / are making as the security threats change.