CISA Security Alert: Protecting Against Cyber Threats to Managed Service Providers and their Customers

On May 11, 2022, the national Cybersecurity & Infrastructure Security Agency (CISA) issued a security alert warning about the increase in malicious cyber activity targeting Managed Service Providers (MSPs).


Threat actors are focusing on infiltration of MSPs in the effort to gain access to their provider-customer network trust privileges. If breached, not only does the MSP itself become compromised but it can inadvertently enable a cascade of breaches across its entire customer base. Cybercrime such as data exfiltration, ransomware and cyber espionage are then enacted throughout multiple victim networks.


Cybersecurity authorities expect malicious cyber actors to continue-and increase efforts-to breach MSPs. MSPs and their customers are advised to implement and strengthen cybersecurity safeguards and operational controls. The CISA alert recommends that MSP customers verify that contractual agreements with their provider include cybersecurity controls in line with their firm’s security requirements and that MSPs re-evaluate security processes and contractual commitments to accommodate customer risk tolerance.


Are you interested to assess the cybersecurity of your firm? Contact FCI for more information about Security Assessment:


Are you an MSP interested in hardening cybersecurity?  Learn more about FCI Co-Managed Cybersecurity Services:


For a complete list of recommended actions that MSPs and their customers can take to reduce risk of cyber intrusion, read the complete CISA alert (AA22-131A):