I just read an article explaining why MSPs are “hacker targets.” While all organizations connected to the Internet are reasonable targets for a wide variety of hacking attempts, I also believe we have moved beyond the simplistic argument that MSPs are a unique and vulnerable gateway to their clients. I will explain.
MSPs Were Attacked
The notion that MSPs have a unique vulnerability in their operational and business makeup is ridiculous. STOP: READ THIS NEXT SENTENCE. MSPs, like all organizations connected to the Internet, face vulnerabilities and attacks. This will not change!
Having said that, the idea that an MSP, as compared to a company that manufactures medical devices for hospitals, is more at risk to successful cyberattacks has not yet been proven out. Meaning, MSPs have not been disproportionately breached as compared to the rest of the non-MSP population.
For more than 20 years, MSPs have been the guardians of the cyber galaxy, monitoring, managing, and protecting clients from untold threats, both internal and external. By their nature, MSPs are more secure and “aware” of the risks they face than the typical organization (even those with internal IT departments). More importantly, they continue to arm themselves with top-line defenses against ongoing cyber threats.
My point in raising this as an issue is simple: as I have said before, the vast majority of MSPs have not been disproportionately impacted by ransomware or similar cyberattacks. The vast majority of MSPs provide constant vigilance for their clients, offering them a measure of cyber and IT protection they would otherwise have been unable to achieve. It’s important to note, I am speaking specifically of MSPs, not break-fix IT, not reactive IT shops, but proactively managed IT.
The Word is Out and MSPs are arming themselves with tools and knowledge
The MSP community is strong, primarily because it is a tight-knit community. The amount of backchannel communication that takes place amongst MSPs all over the world is staggering. MSPs rely heavily on one another for guidance, objective advice, and information sharing. This fact is one of the reasons MSPAlliance has been so successful over the years. The collaboration and information sharing amongst MSPAlliance members allows for faster adaptation to real-time events.
Attack Where Your Enemy is Not
I’m not sure who came up with the phrase “attack where your enemy is not,” but it seems like wise advice. Cybercriminals are efficient (not the same as lazy). They do not want to waste their time on campaigns unlikely to yield results (whether that is money, information, or other strategic objectives). Ransomware gangs want easy targets, capable of generating money in as fast a way as is possible. MSPs today are making moves to arm themselves against what is sure to be continued waves of cybercriminal activity. Given that, cybercriminals might find that MSPs are not as easy of a target as they had once hoped.
Craig
Posted at 09:47h, 14 OctoberCharles,
Good article with many valid points. MSPs are exposed to many more threats and must deal with them daily, than an individual company. Through repetition MSPs become more fit and more attuned to hackers tactics and defending against them. As you point out, many simple ways into an MSP have been closed off by Continuum/Datto/Kasaya forcing 2FA when accessing their products.
However, cybersecurity remains embroiled in an arms race.
Ransomware initial targeted availability by encrypting files, holding them hostage for ransom. MSPs perfected their backup strategies and restore data so quickly they largely eliminated the availability risk. Hackers pivoted ransomware attacks to threaten confidentiality by releasing stolen data to public websites forcing some companies (Healthcare) to pay ransoms to protect the innocent. MSPs now build ransomware and phishing awareness training into their offerings to address this shift in tactics. And the cycle continues.
Cybersecurity is an immature industry that everyone needs to mature. Cybersecurity and MSPs go hand in hand just like people need doctors, homeowners need plumbers/electricians, and litigants need lawyers. The emergence of the vCISO role should help MSPs hire just enough consulting power to shore up gaps in their cyber programs and keep their clients well advised on this escalating arms race.
Organizations like the MSP Alliance must continue to educate virtually the way they held their MSP World conference this past month in October 2020. Alone we are weak, but together we are strong.
Are you better off with or without an MSP? - MSP Alliance
Posted at 10:10h, 21 October[…] ask the question in order to realign the discussion of outsourcing IT management in light of recent attacks on MSPs in the past 24 […]