You already know that MSPs remain under attack. The question: What are you personally doing to lock down your business from potential hackers, ransomware and malware attacks?
The issue remains particularly timely for managed IT services providers. Consider the latest anecdotes:
Research – MSP Cyberattacks: Over the past year, 74 percent of MSPs have suffered a cyberattack, with 83 percent reporting that their SMB customers have suffered one as well, according to research commissioned by Continuum and conducted by Vanson Bourne.
Research – Ransomware Part Two: Ransomware attacks continued to become more focused and sophisticated in Q2 and Q3 2019, an Emsisoft report says. In contrast to the spray-and-pray campaigns of the past, threat actors are increasingly targeting larger and more profitable targets such as businesses, schools and government organizations, the company says.
Frankly, MSPs and some of their technology vendors need to take a hard look in the mirror. In some cases, the picture isn’t all that great.
Starting around 2016 or so, some security vendors starting pitching products that can “transform MSPs into MSSPs.” The pitches, overall, were nonsensical. There are no “magic boxes” or toolkits that transform mainstream IT support companies into true cybersecurity masters.
In a far more responsible and logical move, some technology vendors have spent at least the past two years telling MSPs that they need to lock down their own businesses before going out and selling more security services to end-customers.
Among the associated steps that ChannelE2E recommended to MSPs:
Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
In addition to taking a hard look in the mirror, MSPs must also take a hard look at all of their technology vendors — demanding:
Clearly documented information about basic and advanced security settings in their products.
Fully documented information about known cyber vulnerabilities, and timely, easy-to-find information about closing those vulnerabilities.
Easy-to-find contact information for reporting or requesting information about cybersecurity issues. This should be far more than a generic “contact us” inbox.
Zero finger pointing between vendors while investigating and mitigating a cyber incident.
Clear product roadmaps that explain cyber features and expected delivery dates.
MSP Security: What’s Next?
Looking ahead, it’s a safe bet we’ll see more MSP-centric cyberattacks. But we’ll also start to see vendors working more closely with one another on various education, mitigation and recovery strategies.
Among the next moves to watch: The potential rise of an MSP-focused security association, information sharing networks and documented best cyber practices for the managed services industry. For instance:
No doubt, selling security services is a major MSP opportunity. But if you don’t practice proper security inside your business, please avoid the temptation to pitch cybersecurity services outside of your business.