Cybercriminals using IT company channels to target their clients
A recent cyber-attack on IT support companies, which impacted some New Zealand organisations – specifically local kindy’s and schools – highlights the urgent need for Kiwi IT companies to collaborate more closely on security issues.
Author of the book ‘She’ll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – and SMB cybersecurity expert Daniel Watson, says that cybercriminals have opened a new front in their attack,
International syndicates are targeting New Zealand businesses via their IT support companies which, as it stands, would be an extinction event for many companies.
“If your IT support company is used as a channel for ransomware attacks on its clients, almost all or a large chunk of businesses will likely be affected, and that means you will probably wait weeks for help.
“The most recent attack, which hurt some New Zealand schools and kindergartens, was carried out via the IT support company channel after cybercriminals used a vulnerability in the system of commonly used IT management software.”
Watson said the IT management software, which is popular amongst IT companies, is called Kaseya. IT companies use it to manage and monitor multiple client systems, including, for example, enabling bulk software updates.
“Some IT companies use Kaseya software-as-a-service (SaaS), which is cloud-hosted. Others prefer to download the licensed software to their onsite serves – it was the latter that got hit.
“There is a bit of a division in the IT industry. Most trust the cloud; some prefer onsite servers – which is more profitable – and it these latter onsite systems that are getting smashed.”
Watson says such an attack on masses of clients via an IT support company need not be an extinction event for the IT company if their peers were prepared to collaborate to combat cybercrime.
“It’s not a question of any companies being invulnerable to cyber-attacks or outsmarting the criminals – they are too sophisticated; it’s a question of when and that’s when we’re all going to have to have a plan.”
He said that New Zealand business leaders need to look at their IT service providers to make sure that the ‘sheep dogs’ have their own houses in order.
- Is your IT service provider cloud or server-based?
Watson said that onsite servers are often easy pickings for criminals.
“There’s no real excuse for using servers other than profit or if a client has an application that doesn’t work well in the cloud or your enterprise resource planning (ERP) software doesn’t have a cloud option.
“Ask your IT support company if they are cloud or server-based and the reason for their decision. Onsite servers mean you are relying on them to keep their operating systems, applications and security up-to-date.”
- Have a crisis plan
Watson says most good IT support companies will welcome a discussion about their crisis planning.
“If they do get smashed, what is their plan? Do they have good relationships with their peers – can they call on urgent resources (as somebody did with us recently) if they have 100 clients impacted by an attack? You don’t want to wait weeks for a fix.”
- Do you and your IT company have cyber insurance?
Watson said it is essential to ensure that your IT support company has professional liability and cyber cover.
“If your trusted IT support company suffers an event, gets sued and put out of business, you will suffer twice. Insurance brokers that I have spoken with tell me that, on average, just six per cent of their clients have cyber insurance – it could be the same with IT support companies.
“In the early days of our business, a large client made cyber insurance a condition of doing business with them. You should do the same.”
Watson says New Zealand’s IT companies, particularly the large number of SMEs, need to quit being stand-off and start having conversations about how they can support each other against cyber-attacks.
“We are an industry of SMEs. We can’t do it alone.”
