With a host of new devices added to client networks daily, and bad password management by users the norm rather than the exception, it’s easy to see why Managed Service Providers (MSPs) are such an attractive target for cyber attackers in 2019.
This worrying trend has not gone unnoticed; the National Cyber Security Centre’s Cyber Incident Response Scheme has flagged ongoing targeted attacks against global MSPs by hostile actors as a serious threat. The ultimate targets of this sustained campaign have been identified as MSPs’ customers, due to the sheer volume of client networks a typical MSP has access to.
Unfortunately, it can be extremely manual for MSPs to confidently secure their clients’ environment and ensure networks, devices and users are truly protected against the latest cyberattack methodologies.
It should also be acknowledged that MSPs are faced with a very embedded culture of carelessness and user apathy when it comes to appropriate security precautions such as 2-Factor Authentication or password managers. The challenge of protecting a client base against cyberattacks has never been more complex.
What’s at stake for MSPs struggling to keep up?
The Cloudhopper cyberattacks at the end of 2018 demonstrated the potential risks for MSPs operating in this challenging environment. The sustained attack campaign saw Chinese hackers trying to steal valuable data by gaining access to clients’ networks and even larger players such as Hewlett Packard Enterprise and IBM were affected.
However, it’s important to note that malicious actors are not necessarily focused on the size of the MSP, but rather the potential for leverage after a successful attack. If you are an MSP with particularly high profile or vulnerable clients (such as organisations handling health records, children’s personal information, financial transaction data etc.) then you are unfortunately a likely target for ransomware and fraud attempts.
So, what does a successful cyberattack on an MSP look like? With exploit kits available on the dark web for just a few dollars, even less-technical criminals can now easily launch attacks on an MSP’s remote monitoring and management tools to infiltrate their client base – leaving the MSP directly responsible for customer data breaches.
Ransomware also remains a popular form of attack, with attacks able to quickly encrypt client endpoints and leave thousands of client systems inaccessible as MSPs face down extreme ransom demands in the millions.
There is also the potential for impersonation attacks in both directions as phishing emails are sent to client users posing as the MSP and fraudulent password reset emails are sent to the MSP pretending to be a forgetful client. Ultimately, without the appropriate security standards and digital risk mitigation measures in place, MSPs are vulnerable to business disruption, regulatory fines and a lasting breakdown of trust with their clients.
How should MSPs respond to this threat?
For many clients, an MSP’s willingness to work on threat remediation and keep security standards aligned with the latest cybercrime trends is a huge differentiator. Once trust is lost in a data breach, it’s almost impossible to regain and many clients will see it as a sign to look for another provider. If you fail to proactively engage with your clients on security in this climate, you are at serious risk of competitors using the fear of cyberattacks to win over your clients.
Of course, many MSPs may be understandably wary of positioning themselves as Managed Security Service Providers but if you’re already providing backup services and anti-virus solutions as part of your offering, your clients likely assume you are a critical part of their security measures already.
Ultimately, there is a significant revenue opportunity for MSPs to address this challenge for clients and move away from a ‘break-fix’ relationship with clients. This can take the form of security awareness training to reduce the human risk element, offering advanced endpoint solutions that go beyond mainstream antivirus offerings to monitor external cyber posture, or enabling multi-factor authentication on all public-facing services.
To succeed in this challenging security environment, innovative MSPs will position digital risk solutions as essential services that augment existing threat detection investments. With time, cyber exposure monitoring will likely become just important to the MSP business model as regular patching and email security. By using the cybersecurity climate as an icebreaker, MSPs can offer ongoing services as part of a compliance initiative for their clients. After all, today’s cyber attackers are creative and relentless so maintaining visibility over emerging threats will never be seen as just one-off project.