To all local, state, provincial, federal, and international governmental bodies dealing with managed service providers
Speaking on behalf of many thousands of companies and individuals who make up the global managed services profession, I would like to set the record straight on a few matters. First, on the issue of cybersecurity and the role MSPs play in global IT management. Second, the recent attacks on MSPs. And third, our industry and professional response to these events and how the MSP profession can and should be utilized moving forward.
Wondering what an MSP is? Check out our MSP FAQ section.
The Role MSPs Play in Cybersecurity
For several decades, MSPs have been on the front lines of defending their clients against IT attacks. Long before it was ever called cybersecurity, MSPs have been performing invaluable work, supporting clients, managing IT environments, and safeguarding information.
As more attention is placed on information security and the value of stealing that information becomes monetized by cybercriminals, the role and profile of MSPs becomes much more visible. However, this is no different than when banks began to be robbed. People did not stop putting their money in the banks; the banks merely started building bigger and stronger vaults.
MSPs are often the only real IT management and data security protections an organization has. Particularly small and medium-sized organizations that have no meaningful internal IT management capabilities, the MSP is the only viable model for managing IT assets and protecting valuable customer data.
MSP Attacks
It is no secret there have been attacks on MSPs in the last year. Attacks on MSPs will continue. The motive behind the attacks seems quite clear. Beyond the apparent profit motive, the cybercriminals are attempting to breach MSP systems to access the customers. This is likely the motivating factor behind many, if not all, of the MSP attacks in the last 12-18 months.
MSPs are not less secure organizations and, therefore, better targets for cybercriminals. It's just that MSPs are often the first line of defense, so anyone wanting to get to the customer would necessarily have to go through the MSP first. This is a natural evolution of the managed services profession and something the industry has been preparing for since 2000.

