The U.S. CISA has released a plan to address systemic cybersecurity risks in remote monitoring and management software.
The Remote Monitoring and Management Cyber Defense Plan was created to address the issue wherein cyberthreat actors gain footholds via RMM software into managed service providers and manage security service providers’ servers.
Once after gaining access, the attackers can cause cascading impacts for small to medium-sized enterprises that are customers of these providers.
The plan provides cyber defense leaders in government and industry with a collective plan for mitigating threats to the RMM ecosystem. It addresses issues facing the top-down exploitation of RMM software.
There are two pillars to the plan.
Pillar 1, Operational Collaboration, is said to encourage collective action across the RMM community to enhance information sharing, increase visibility, and fuel creative cybersecurity solutions. So-called “lines of effort” include cyber threat and vulnerability information and enduring RMM operational community.
Pillar 2, Cyber Defense Guidance is all about educating RMM end-users on the dangers and risks to the infrastructure they rely on and how they can help promote security best practices. Lines of effort for the second pillar include end-user education and amplification.
The downstream effect of this effort to mitigate threats to the ecosystem will be more secure customers as a result of better-secured MSPs.