How Not To Handle a Security Breach as an MSP -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

How Not To Handle a Security Breach as an MSP

The ongoing security and public relations mess at Wipro, a massive IT outsourcing company based in India with many major U.S. customers, provides an object lesson in how not to handle a security incident as a managed service provider (MSP).

The story was broken this week by Brian Krebs at his respected security blog Krebs on Security. Official information from Wipro has been slow to come out and inconsistent, which is part of the problem.

Krebs approached Wipro earlier this month after hearing about a breach from several sources. According to his latest reporting, a first Wipro employee fell victim to a phishing attack on March 11, with another 22 employees falling for a second round of phishing attacks on March 16 to 19. As of Wednesday, the attack was still ongoing with more than 100 Wipro endpoints "seeded with" a ConnectWise product for remote control of client systems, as Krebs phrased it. Using the compromised Wipro systems as a jumping-off point, attacks have been launched against at least 12 clients, Krebs reported.

One Wipro customer source that Krebs spoke to worked at a large retailer and said the attackers used the access for gift card fraud at the retailer's stores.

Yet Wipro at first stonewalled Krebs' requests for comment, then released a non-informative statement before eventually acknowledging the breach to an Indian newspaper after Krebs published his first blog. Additionally, the company contested Krebs' timeline without providing one of its own, and appears to be passing off the forensic work of its customers as its own.

Krebs summarized Wipro's ham-handed public response this way:

Ignore reporter's questions for days and then pick nits in his story during a public investor conference call.
Question the stated timing of breach, but refuse to provide an alternative timeline.
Downplay the severity of the incident and characterize it as handled, even when they've only just hired an outside forensics firm.
Say the intruders deployed a "zero-day attack," and then refuse to discuss details of said zero-day.
Claim the [indicators of compromise] you're sharing with affected clients were discovered by you when they weren't.

The PR and communication lessons are important, but the substantive security component is even bigger. A major aspect of the market value of an MSP is the expectation that the MSP will be the strongest link in a customer's security chain and be more aware of security all along the chain than the customer could be. For an MSP to be the weakest link, and have to be alerted to its own security problems by customers, is pretty tough to recover from.

Posted by Scott Bekker on April 18, 2019

Free Webcast! Learn about Password Management Best Practices

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Introduces Pay-Per-Use AI Agents to Microsoft 365

A new Microsoft 365 tool called Microsoft 365 Copilot Chat brings the power of AI agents to commercial customers.
Microsoft's New CoreAI Division To Focus on Bringing AI Agents to Orgs

Microsoft has spun up a new internal division focused specifically on developing on delivering an "end-to-end Copilot and AI stack."
Data Integration Is a Small(er) Vendor's Game: Report

Despite their dominance in other areas of enterprise tech, the cloud's "Big 3" -- Amazon, Microsoft and Google -- have yet to conquer the data integration market.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Bekker's Blog by Scott Bekker, Editor in Chief

How Not To Handle a Security Breach as an MSP

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Introduces Pay-Per-Use AI Agents to Microsoft 365

Microsoft's New CoreAI Division To Focus on Bringing AI Agents to Orgs

Data Integration Is a Small(er) Vendor's Game: Report

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Why Partners Need To Adopt a Recurring Revenue Model

Microsoft's New CoreAI Division To Focus on Bringing AI Agents to Orgs

Microsoft Introduces Pay-Per-Use AI Agents to Microsoft 365

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Why Partners Need To Adopt a Recurring Revenue Model

Microsoft's New CoreAI Division To Focus on Bringing AI Agents to Orgs

Microsoft Introduces Pay-Per-Use AI Agents to Microsoft 365

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Unlocking a New Era of Tax Automation within Microsoft Dynamics 365: Introducing Vertex's API-Based Tax Integration

Unlocking Revenue Growth with Vertex and Microsoft: A Winning Partnership

Microsoft Ignite 2024: Top Announcements and Takeaways

Shutting Down Session Hijacking and Credential Theft

FREE WHITE PAPERS FROM OUR SPONSORS

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry

Data Analytics Drive Supply Chain Optimization

Digital Transformation: The Case for Moving Tax to the Cloud