Security a concern for MSPs

Security is a top concern for customers, but it is also front of mind for many managed service providers (MSPs).

MSPs are a target for cyber criminals looking for routes into customer networks via the supply chain, and the pressure has increased on the channel to make sure its defences are able to fend off attacks.

“MSPs typically provide services such as IT environment management for multiple clients. This makes them a valuable target for attackers, since compromising a single MSP account can enable access to numerous client systems,” said Dirk Schrader, vice-president of security research at Netwrix.

Given that situation, it is perhaps of little surprise that according to an MSP-focused slice of research carried out by Netwrix earlier this year, a sizeable number of those that responded are focused on improving their defences.

The vendor found that 70% of MSPs viewed network security and data security as IT priorities. There was also an ambition to increase cyber security awareness among their staff.

Fears of being targeted are justified, with 61% of MSPs aware of a cyber attack in the past year. Phishing, account compromise and ransomware are the most commonly reported problems.

“The ultimate goal of network compromise is usually to gain access to sensitive data. If an MSP’s network is breached, the attackers can steal, destroy or encrypt its customers’ data – which could be catastrophic for the MSP’s business,” said Dmitry Sotnikov, vice-president of product management at Netwrix.

“MSPs hold the keys to the kingdoms of their clients. To ensure their clients’ safety, it is vital for them to reduce risk by implementing zero-standing privilege and password security solutions, as well be ready to defend against cyber attacks with effective identity threat detection and response tools and recovery capabilities,” added Sotnikov.

The warnings that MSPs are increased targets comes at a time when customers are leaning on them more heavily than before to help with digital transformation efforts.

Oher research issued on MSP Day and the TechTarget/Computer Weekly IT Priorities Survey for 2023 underlined the increasing reliance customers are putting on managed service providers to help solve their problems. Because of a lack of in-house talent and the pressure to innovate and keep budgets down, the channel has become an increasing source of support for customers.

SonicWall released a mid-year update to its 2023 cyber threat report yesterday, using it to flag up its ability to stop attacks and protect its channel.

The report showed a rise in intrusion attempts, cryptojacking and internet-of-things (IoT) malware, and found education and government customers facing a barrage of attacks.

“The seemingly endless digital assault on enterprises, governments and global citizens is intensifying, and the threat landscape continues to expand,” said SonicWall president and CEO Bob VanKirk.

“Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organisations at unprecedented rates.

“The 2023 SonicWall mid-year cyber threat report helps us better understand the mindset and criminal behaviour that will in turn help SonicWall create the right countermeasures, and help organisations protect themselves by being better prepared and build stronger defences against malicious activities,” he added.