We have more evidence that end-user organizations are getting wiser about how outsourced IT providers help them protect IT assets. We also have more evidence that these same entities are realizing the potential threats which exist through 3rd party vendors who interact with them.
Officials from the Reserve Bank of Australia, JP Morgan, and the European Union Central Bank recognized the need for tougher and more meaningful cybersecurity testing for banks. Discussions included the creation of a minimum security standard for banks of all sizes, to ensure even smaller financial institutions are protected.
Minimum Standard Means Minimum MSP Standard
If banking officials are willing to entertain a minimum cybersecurity standard for all banks, it is hard for me not envision that same standard being applied to MSPs. The obvious reason for this is the high number of MSPs who already manage bank IT assets around the world. Any attempt t apply a minimum standard to banks would necessarily involve the same MSPs who manage those banks.
While I don’t think this would be an actual standard, per se, it would most likely include penetration testing and other common cybersecurity practices. Such standards would be directed at the banking themselves but would have to involve the participation, even indirectly, of MSPs.
So, to all MSPs out there, these types of end-user driven minimum requirements are coming and we had all better be ready for it.