MSP Cybersecurity Initiative: NIST, NCCoE Seek Comments
The National Cybersecurity Center of Excellence (NCCoE), part of NIST, has announced “Improving Cybersecurity of Managed Service Providers,” a project designed to deliver a cybersecurity reference model that MSPs can customize to fit their cybersecurity program needs.
NCCoE’s project helps MSPs implement IT architecture that reduces security vulnerabilities, according to the organization. It also provides MSPs with guidance so they can adopt cybersecurity technologies and techniques that result in better security for themselves and their small and medium-sized business (SMB) customers.
What Does NCCoE’s Project Mean for MSPs?
NCCoE will build a standards-based, modular and end-to-end example solution(s) to help MSPs address cybersecurity challenges aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework v1.1, the organization stated. This approach may include architectural model definition, logical design, build development, test and evaluation and security control mapping.
In addition, NCCoE will use the project to produce a publicly available NIST Cybersecurity Practice Guide. With this guide, MSPs can implement a cybersecurity reference architecture model.
NCCoE is seeking comments to help refine the challenge and scope of its project, and it will accept project feedback until Nov. 8.
MSPs, CSPs Susceptible to Ransomware Attacks
Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Still, the attacks continue. The fallout has included:
- An MSP paying hackers $150,000 to unlock data;
- hackers specifically targeting MSP software platforms to launch ransomware attacks; and
- Ryuk ransomware hitting a CSP that works closely with MSPs.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
Additional insights from Joe Panettieri.