Over the holiday weekend, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) jointly issued multiple alerts in regards to attackers who carried out a supply chain ransomware attack by leveraging a vulnerability in technology services firm Kaseya’s Virtual System Administrator (VSA) software against multiple management service providers (MSP) and their customers.
As many MSPs typically serve clients in the small and medium enterprise (SME) and middle market arena, it is important for organizations to be vigilant in understanding the systemic impact within their organizations and in their IT supply chain. The CISA and the FBI have provided several recommendations in response to the incident as well as additional remediation efforts and patches offered by Kaseya. For additional information, please review this resource.
- If your organization and/or an MSP vendor that you contract with has been impacted by the Kaseya incident or is unsure of the impact and you have a cyber insurance policy, you should notify your cyber insurance carrier promptly. Your MMA representative can assist you with this. Coordination of legal and forensic services and with other vendors related to incident response needs to be in conjunction with your cyber insurance carrier to preserve rights to the most coverage available. Early notice can avoid later disputes over what services are covered. Cyber insurance policies can also cover claims that are received subsequent to the policy period if the carrier is put on notice during the policy period of the event that gave rise to the later claim.
- If your company has been impacted but you do not have a cyber insurance policy, please reach out to your MMA representative who can provide guidance and recommendations regarding resources to assist your full investigation and response.
- If your organization has not been impacted, there is no need to notify your cyber insurance carrier.
Evolving security incidents such as the Kaseya matter reminds us of the opportunity to test your organization’s cyber resiliency both internally and externally. Reevaluating your critical suppliers and vendors is especially important given the increased interdependence of technology many organizations experience. In the event of a vendor’s security failure, being able to maneuver to alternative providers is imperative to minimize disruption to your operations and should be incorporated into your organization’s incident response plan and preparation.
MMA’s Cyber Center of Excellence team is available to you at any time to provide best-in-class answers, service, and solutions for cyber incident response and management, cyber coverage review or placement, and cyber risk management planning and optimization. Please contact your local MMA representative for further guidance.