The cybersecurity authorities of the United Kingdom (NCSC�UK), Australia (ACSC), Canada (CCCS), New Zealand
(NCSC-NZ), and the United States (CISA), (NSA), (FBI) are
aware of recent reports that observe an increase in
malicious cyber activity targeting managed service providers
(MSPs) and expect this trend to continue. This joint
Cybersecurity Advisory (CSA) provides actions MSPs and
their customers can take to reduce their risk of falling victim
to a cyber intrusion.
This advisory describes cybersecurity best practices for
information and communications technology (ICT) services
and functions, focusing on guidance that enables
transparent discussions between MSPs and their customers
on securing sensitive data.
Organizations should implement
these guidelines as appropriate to their unique
environments, in accordance with their specific security
needs, and in compliance with applicable regulations. MSP
customers should verify that the contractual arrangements with their provider include cybersecurity
measures in line with their particular security requirements.
The guidance provided in this advisory is specifically tailored for both MSPs and their customers and
is the result of a collaborative effort from the United Kingdom National Cyber Security Centre (NCSUK), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS),
the New Zealand National Cyber Security Centre (NCSC-NZ), the United States’ Cybersecurity and
Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of
Investigation (FBI) with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC). Organizations should read this advisory in conjunction with NCSC-UK guidance on actions to
take when the cyber threat is heightened, CCCS guidance on Cyber Security Considerations for
Consumers of Managed Services, and CISA guidance provided on the Shields Up and Shields Up
Technical Guidance webpages.
To read the full details go HERE