MSPを狙うサイバー攻撃の世界的な増加、各国のサイバーセキュリティ当局が提案する推奨事項とは?
Protecting Against Cyber Threats to Managed Service Providers and their Customers
Alert (AA22-131A) Protecting Against Cyber Threats to Managed Service Providers and their Customers Original release date: May 11, 2022
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a
1. Summary
The cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.[1] This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data. Organizations should implement these guidelines as appropriate to their unique environments, in accordance with their specific security needs, and in compliance with applicable regulations. MSP customers should verify that the contractual arrangements with their provider include cybersecurity measures in line with their particular security