The global interrelation of the economy and cyber operations has led to a landscape with an increasing risk of cyberthreats leading to supply chain compromise. Each organization and individual user can be connected to scores of others, creating a supply chain that is highly complex and difficult to secure.
Managed service providers (MSPs), as third-party companies that can provide the means to infiltrate other organizations, are an appealing target for cyber supply chain attacks. Ensuring the security of any organization requires due diligence in vetting supply chain partners, and this is especially true when it comes to working with MSPs.
…
Targeting MSPs also allows cybercriminals to maintain a foothold in an organization to exploit it continually. “It’s unlikely that you will find a service provider on a short-term contract,” explains Ashley Leonard, VP of Product for Syxsense, recently acquired by Absolute Security. The long-term relationship and the trust that clients place in MSPs can cause them to be more complacent regarding MSP security practices.
…
