Cyberattacks on managed service providers (MSPs) have become a particularly vexing challenge for today’s cyber security professionals. Hackers who are intent on compromising service provider infrastructure not only impact the provider itself, but potentially all of its customers as well. According to NTT, about 38 percent of businesses today use a third party to manage and control over half of their IT needs, and revenue for MSPs is expected to surpass $274 billion by 2026. The more popular MSPs become, the greater the appetite cybercriminals have to reach an even larger set of targets.  

Cyberattacks on MSPs Are Growing Rapidly

Recent research has uncovered a number of troubling trends for MSPs and their customers: 

  • In the past 18 months, 90 percent of MSPs have experienced a successful attack on their infrastructure, and 82 percent saw attacks on their customers increase. 
  • More than half have experienced financial loss and disruption of business after an attack; 46 percent reported losing business, and 45 percent found their reputation impacted. 
  • The most common attack vectors were phishing attacks (reported by 75 percent  of companies), DDoS attacks (at 56 percent), and ransomware attacks (at 42 percent). 

If there is a silver lining it is that MSPs did prevent almost double the number of attacks that were attempted, from six to 11 on average. 

A recent report from Datto Holding Corp. investigating Asia-based MSPs found a number of trends that are driving MSPs to reevaluate their methods for protecting their infrastructures against cyberattacks. Among them:

  • MSPs often use a number of different technology platforms and tools, and they have a broad range of customers, making it harder to defend so many targets against attack. As a result, 55 percent are now investing in heightened cyber security measures. 
  • MSPs are increasingly bound by compliance mandates in cyber security, privacy, and data sovereignty. Their customers expect them to be compliant, and there are legal and financial consequences if they do not. Many are investing in enhanced backup and recovery solutions as a result, as well as attaining industry-recognized information security certifications such as ISO/IEC 27001 to protect supplier and supply chain attacks. 
  • MSP IT organizations often have insufficiently skilled cyber security skill sets personnel. Lack of skill sets, human error, and bad cyber security hygiene can make MSPs more vulnerable to attacks on their networks and customers.

What MSPs Can Do to Improve Cyber Security

Fortunately, government agencies around the world are collaborating on providing defense frameworks that MSPs can follow. CISA (the U.S. Cybersecurity Infrastructure Security Agency), along with the NSA, FBI, and counterparts in various other countries have recently issued a warning about cyberattacks on MSPs, with the understanding that attacks are expected to continue. These agencies have issued cyber security steps for MSPs to follow, including:

  • Initial Access: MSPs should harden access protocols such as VPNs to prevent initial network access, scan regularly for security vulnerabilities, take concrete steps to protect web apps, and educate employees on the dangers of bad cyber hygiene. 
  • Monitoring: Logs should be stored for six months (it can take that long to actually detect an attack, and bad actors are able to hide within networks). The groups also recommend better endpoint protection and network defense monitoring. 
  • Multi-factor Authentication (MFA): Remote access to networks should be enforced by multiple levels of user authentication. Accounts should be monitored for failed login attempts, which may be an impending signal of an attack. 
  • Separate Networks: Networks and business systems, both for MSPs and for their customers, should be segmented in order to isolate them. Segmentation is also an important step for implementing zero-trust access policies. Defunct accounts should be deleted and accounts with shared passwords should be changed when employees leave. 
  • Audits and Backup: MSPs must also continually audit their infrastructure, focusing on the MSP-customer boundary to identify and dismantle unused services. Software should always stay updated, and system backups should be a regular activity. MSPs should also be sure to develop sufficient incident response and recovery plans.  
Looking forward to a career in Cyber Security? Then check out the Certified Ethical Hacking Course and get skilled. Enroll now!

Cyber Skills Can Make the Difference for MSPs

Well-trained cyber security personnel are even more vital for service providers because they have an impact on the security of dozens or even hundreds of companies that rely on their infrastructure. Several certifications provide a great foundation for security teams that need to protect against cyberattacks on MSPs, including:

Duration and Fees for Our Online Cyber Security Training

Cyber Security training programs usually last from a few weeks to several months, with fees varying depending on the program and institution

Program NameDurationFees
Executive Certificate Program in Cybersecurity

Cohort Starts: 28 Nov, 2024

7 months$ 2,499
Professional Certificate Program in Cybersecurity

Cohort Starts: 4 Dec, 2024

20 weeks$ 3,500
Caltech Cybersecurity Bootcamp

Cohort Starts: 13 Jan, 2025

6 Months$ 8,000
Cyber Security Expert Masters Program4 months$ 2,599

Get Free Certifications with free video courses

  • Introduction to Cyber Security

    Cyber Security

    Introduction to Cyber Security

    2 hours4.6271K learners
  • Introduction to Cybercrime

    Cyber Security

    Introduction to Cybercrime

    2 hours4.636.5K learners
prevNext

Learn from Industry Experts with free Masterclasses

  • Security+ vs. CEH: Choosing the Right Path in Cybersecurity

    Cyber Security

    Security+ vs. CEH: Choosing the Right Path in Cybersecurity

    3rd Oct, Thursday9:00 PM IST
  • Cyber Analyst vs Ethical Hacker: Choosing the Right Career Path?

    Cyber Security

    Cyber Analyst vs Ethical Hacker: Choosing the Right Career Path?

    24th Apr, Wednesday7:00 PM IST
  • Steer Your Cyber Security Career Ahead in 2024 with Cyber Security Expert Master’s Program

    Cyber Security

    Steer Your Cyber Security Career Ahead in 2024 with Cyber Security Expert Master’s Program

    21st Mar, Thursday7:00 PM IST
prevNext