Johannesburg, 30 Aug 2023
A newly released strategic plan to better secure remote monitoring and management (RMM) software against malicious threats includes input from CompTIA, the nonprofit association for the IT industry and workforce, on behalf of the global managed service provider (MSP) community.
The Joint Cyber Defense Collaborative (JCDC), a public and private sector partnership, today released its JCDC RMM Cyber Defense Plan. The plan is intended to advance cyber security and reduce supply chain risk for small and medium critical infrastructure entities through collaboration with RMM vendors, managed service providers (MSPs) and managed security service providers (MSSPs).
“It is important that the unique experiences and perspectives of MSPs and MSSPs are considered and addressed in the new RMM plan,” said Wayne Selk, vice-president, cyber security programs, CompTIA, and executive director of the CompTIA Information Sharing and Analysis Organization (ISAO).
“These firms provide information technology and cyber security services to approximately 90% of US-based small and medium-sized businesses, who themselves account for about half the nation’s gross domestic product,” Selk added.
In January, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory to warn network defenders about malicious use of RMM software. Specifically, cyber criminal actors sent phishing e-mails that led to the download of legitimate RMM software, which the actors used in a refund scam to steal money from victim bank accounts. Additional types of malicious activity were also a possibility.
The JCDC RMM Cyber Defense Plan is built on two pillars:
- Greater collaboration and collective action across the RMM community to enhance information sharing, increase visibility and fuel creative cyber security solutions.
- Greater amplification and education about the dangers and risks to RMM infrastructure, and how to implement security best practices.
CompTIA’s connections to the global MSP community generally, and in cyber security specifically, are extensive. MSPs in dozens of countries are participating in the CompTIA Cybersecurity Trustmark programme, which details a clear path to achieve foundational cyber security hygiene and position themselves as an organisation that follows proven cyber security best practices. Similarly, the CompTIA ISAO, an initiative that analyses the latest cyber security threats and provides actionable threat intelligence, has members around the world. It is built specifically for the IT channel ecosystem as a go-to resource on cyber security.
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through community, education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. http://Connect.CompTIA.org
Joint Cyber Defense Collaborative (JCDC)
Pursuant to new authority from Congress, the Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in August 2021 to transform traditional public-private partnerships into real-time private-public operational collaboration and shift the paradigm from reacting to threats and vulnerabilities to proactively planning and taking steps to mitigate them. JCDC combines the visibility, insight, and innovation of the private sector with the capabilities and authorities of the federal cyber ecosystem to collectively drive down cyber risk to the nation at scale. Learn more about JCDC at CISA.gov/JCDC.