MSPs vs Vendor Controlled Remote Access
The FBI advisory to private sector industries was released and raises some interesting questions regarding MSPs. While not specifically mentioning MSPs by name, the advisory covers general threats from ransomware and how they are being executed.
- Doesn’t mention MSPs, but they are clearly being addressed in this notice
- 3rd parties and legitimate system tools
- All the guidance the FBI provides is already well established in the MSP Verify program
Unmanaged vs Managed IT
Unmanaged Devices – still think break/fix is an effective IT management model?
“80 to 90 % of all compromises originate from unmanaged devices…Most human-operated ransomware attacks attempt to compromise or gain access to unmanaged or bring-your own devices (personal devices used to access work-related systems and information). These typically have fewer security controls and defenses” – Microsoft
If you read this Microsoft quote and still think reactive IT is a viable business model or IT management model, think again.
- Break/fix or reactive IT is not managed IT, it’s IT crime scene clean up
- If you are like many MSPs have a mixture of managed services and reactive IT clients, have a plan to deal with this situation
- If rising cyber premiums, guidance from the FBI and countless other government agencies, and overall awareness about cyber threats are not enough to convince your break/fix clients, guess what, they’re using you to offload their risk.
My M&A Challenge to MSPs in 2024
I would like to encourage those MSPs out there attempting M&A strategies to consider this challenge for 2024. You may be surprised by what I have to say, but if you think about it I hope you will see the logic and value behind it.
- What is your M&A strategy and how does it fit into your overall strategy?
- M&A isn’t a corporate growth strategy
- M&A challenge for 2024
- Service expansion
- Market/customer expansion
- Revenue doubling