Author: Craig Taylor, CISSP | Chief Information Security Officer | Neoscope

Yesterday, the US Computer Emergency Readiness Team (US-CERT), issued a critical security advisory (shown below) warning of attacks against Managed Service Providers (MSP’s) clients because of the MSP’s “unfettered access to the networks of their clients”. The US-CERT rarely issues industry-wide alerts of this kind so Neoscope felt we should provide our clients with information detailing our “Defense-in-Depth” approach to protecting your networks, systems, and data from compromise by these Advanced Persistent Threats (APT’s) actors.

Neoscope has been actively preparing for and protecting against APT attacks by state-sponsored hackers, organized crime, and hacktivists for years now. Please read the US CERT and Neoscope’s counter-measures we’ve implemented to protect your networks and data from being compromise.

Source: https://www.us-cert.gov/APTs-Targeting-IT-Service-Provider-Customers

Neoscope’s 10 Defense-in-Depth Protective Counter-Measures:

Neoscope has implemented the following cybersecurity protections in how we access and support our client environments including but not limited to:

  1. Requiring 2-factor authentication by all employees into every IT Management system which grants us “access to their [our] customers’ networks”;
  2. Establishing unique, random passwords and pass phrases for privileged accounts for each client;
  3. Securely storing passwords/phrases inside an encrypted password management system;
  4. Providing monthly cybersecurity training to all Neoscope employees on hacking techniques for 3+ years;
  5. Governing employees with cybersecurity policies outlining our requirements for passwords, computer use, strong authentication, password managers, and VPN’s to name a few, while also tracking employee compliance;
  6. Deploying technical counter-measures including anti-virus, anti-spam, password managers, full-disk encryption, universal threat management firewalls, and workstation/server patching;
  7. Documenting cybersecurity processes protecting our clients and ourselves including Incident Management and Response, Vulnerability Management, and Back-up and Recovery;
  8. Implementing principles of least privilege within our own IT systems;
  9. Performing quarterly privileged account reviews across all Neoscope IT systems and tracking audit results;
  10. Employing a full-time Chief Information Security Officer (CISO) who guides our company, our IT projects, and our cybersecurity program development and management, as well as for about a dozen of our clients as their virtual CISO.

Defense-in-Depth Cybersecurity Program

Through these 10 counter-measures at Neoscope, we are protecting ourselves and our clients from “a compromise in one part of an IT service provider’s network” that could have “globally cascading effects, impacting other customers and introducing significant risk.”

Please reach out to Neoscope’s CISO (Cybersecurity@neoscsopeit.com) with any questions you might have or if you’d like to adopt some of our protective counter-measures in your ownbusiness.

Sincerely,

Craig Taylor | CISSP, BA, CTM

Chief Information Security Officer | Neoscope