Written by: Charles Weaver, CEO – MSPAlliance

MSPs are no strangers to the limelight. Very early in the managed services profession MSPs dealt with a variety of public relations issues, mostly centered around the value MSPs brought to their customers. Today, MSPs have another public relations issue brewing, although this one has far more significant consequences to our profession. 

Ransomware attacks involving MSPs

The United States Cybersecurity and Infrastructure Agency (CISA) starting issuing advisory bulletins in 2017 and 2018 warning MSPs to be aware of advanced persistent threats (APTs) specifically targeting MSPs. The announcements did not get a lot of publicity, but MSPs began talking about them seriously at industry events (including MSPWorld). 

While the focus of these attacks has always been the customer, the methods of achieving success seem to be leaning towards the exploitation of known vulnerabilities impacting MSPs. Specifically, administrative accounts used by the MSPs, such as RMM, ticketing, and other service delivery tools, are being targeted. 

The good news is these exploits are extremely easy to fix. The bad news is there are a lot of companies calling themselves MSPs who do not possess strong security skills. These companies are not paying attention to these security bulletins and are potentially putting their customers at risk. 

It’s out in the Open

It’s one thing for the channel press to cover these security issues, but quite another when the non-channel media does it. That is precisely what is happening now, and global MSPs need to a) realize this problem, and b) respond to it. 

recent story featured a medical customer who was attacked by cybercriminals by exploiting the technology consulting company who handled the outsourced IT management. The article describes the devastating effects of the cyberattack and what happened to the customer. The blame is put squarely on the “MSP.” 

Later in the same article, the author describes attacks on MSPs as increasing. There is only one problem; the technology consulting company was not an MSP. At best, they could be considered a break/fix or reactive IT company, but few people would classify that company as a provider of managed services. 

I am often surprised when MSPs say it doesn’t matter what they call themselves. What difference does it make, they frequently say. It makes a big difference, especially today.

Calling Yourself An MSP Matters 

If break-fix companies masquerade as MSPs and cause harm, this activity will cause considerable damage to the managed services profession. I have repeatedly said that more customers want managed services than there are qualified MSPs to do the work. Compare that statement with the seemingly endless lists and numbers of MSPs throughout the world; you might think that there are more MSPs than customers; this is not true. 

Customers are Safer with MSPs

Customers are manifestly safer with legitimate MSPs than doing it alone using internal IT only. Many customers have no clue as to what threats are out there, let alone how to protect against those threats. This is why it is so important to be clear what type of company to whom you outsource your IT management. 

Practicing MSPs have known for a long time that break-fix companies can cause a lot of confusion and harm in the market, just from a sales and marketing perspective. Now, we see this battle between break-fix and proactive managed services spilling out into the public arena. 

I am not saying that MSPs are infallible. We have a lot of important work to do in educating the global managed services marketplace in the next five years. However, MSPs, on average, are going to be far more effective at helping customers protect themselves against cybercriminals compared to break-fix companies. 

The next time you encounter a customer bringing up these articles, ask whether it was an MSP or just a bunch of technicians reacting to technical problems. Not the same thing at all! 

Tags : break-fix,MSPs,reactive IT

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.






Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.