pixel_dreams - Fotolia

MSPs protecting themselves from security-lax customers

Anecdotal evidence from senior managers at Barracuda reveals the steps managed service providers are taking to make sure they are not exposed to risk

Managed service providers (MSPs) are in the sights of cyber criminals but are increasingly taking action to protect themselves from attackers and exposed customers.

The search for vulnerabilities in the supply chain has raised the prospect of MSPs being targeted, and those working with the channel have seen rising interest in protecting customers as well as managed service businesses.

Adam Khan, vice-president of global security operations at Barracuda, said criminals were always looking for targets that would give them access to a wider number of victims.

“MSPs are a pretty big target [as they] are managing large stacks of customers. An MSP can be tied into hundreds or thousands of organisations,” he added. “Underneath them are small and mid-sized businesses that have a lot of big challenges when it comes to security. They have small IT staffs that are trying to manage and maintain and upkeep and uptime all of the systems they have installed across their customers.”

As a result, Khan said MSPs have had to become more cyber-centric organisations that are leading with their ability to define and deal with risk.

JP Kehoe, vice-president of extended detection and response (XDR) sales at Barracuda MSP, said it was still taking too long for breaches to be identified and responded to, and one of its big efforts was to make it easier for MSPs to communicate and rectify issues.

“The average length of time for when you know that something has happened in a customer’s environment is 197 days, almost 200 days. So, what ‘good’ looks like now is that you need the visibility,” he added. “You have to know you have a problem, so you reduce the response time. The messaging with MSPs is to make it easier to understand and communicate cyber risk.”

He added that the need to improve security cut both ways between MSPs and customers, and if users did not take the issue seriously enough, it would come back to bite the channel partner.

“A lot of MSPs will not accept the customer now unless they have a basic set of controls in place,” said Kehoe. “Getting a baseline is something we’re definitely seeing in the UK market. standardising across ‘good’ and then giving ‘better’ and ‘best’ options to customers as they move up the stack.”

Barracuda’s Kahn agreed that an increasing number of MSPs were starting to get a picture of their customer security postures before sealing contracts.

“More and more MSPs are educating the customer, saying, ‘Listen, this is what’s happening in the market. A lot of attacks are happening. Security is very important’,” he said.

Read more on Managed IT Services