MSPs must practice what they preach on cybersecurity

We have talked previously about how MSPs are an increasingly common target for cybercriminals. New research released this week indicates that are quickly overtaking their customers as a primary target.

We have talked previously about how MSPs are an increasingly common target for cybercriminals. Now research released this week indicates that are quickly overtaking their customers as a primary target.

State of the Market: The New Threat Landscape from N-able shows that while 90 percent of the surveyed US and European MSPs suffered a cyberattack in the last 18 months, the number of attacks these MSPs are preventing has almost doubled, from six to 11.

DDoS and ransomware are among the main attacks MSPs are detecting, but the top attack remains phishing. The effects of cyberattacks are wide ranging. More than half of MSPs say that financial loss and business disruption resulted after a cyberattack, but many said they have lost business (46 percent), suffered reputational effects (45 percent), and even saw their customers suffer a loss of trust (28 percent).

“MSPs have worked tirelessly throughout the pandemic to ensure that the businesses they support can stay online and connected as circumstances changed,” said Dave MacKinnon, chief security officer, N-able.

“But the cybercriminals they're protecting against are working equally as hard to make use of these shifts against their targets. MSPs need to understand how the threat landscape continues to evolve and make the changes needed to protect both their customers and themselves, and make the most of the enormous opportunity that enhancing security provides.”

Eighty-two percent of MSPs have also seen attacks on their customers rise, though not quite at the same rate, with an average of 14 attacks prevented per month.

While MSP budgets are only increasing at an average of five percent, they are focusing this extra investment on key areas, including data security, cloud security, and infrastructure protection.

However, many MSPs don’t appear to be practicing what they’re preaching to customers. For example, while most MSPs offer two-factor authentication to their customers, only 40 percent have implemented it in-house.

This is something they will need to address considering recent government plans to enhance the security of digital supply chains and third-party IT services. In the UK this will include legislative work to ensure that MSPs undertake reasonable and proportionate cybersecurity measures.”

MSPs have weighed in on the findings. Lee Robinson, co-founder and director, Meta Eagle, says that the threat among the MSP community is becoming increasingly real.

“We’re seeing our customers becoming more aware to exploits and vulnerabilities out there in the world. They want to actively engage in conversation so they can understand how best they can be protected. The industry has a major role to play in guiding businesses down the right path. This includes a cultural shift from having an IT partner which is simply looked at as a bottom-line cost, but more of an investment into your business. Strong IT support, while empowering you to work from anywhere should also secure your data, mitigate risk and put contingences in place should the worse happen.”

Additionally, Lisa Niekamp-Urwin, CEO, Tomorrow’s Technology Today, described the statistics as shocking. She said they speak to the need to address the issue from many sides.

“Hygiene becomes critical – removing admin rights, MFA, EDR, MDR, backup, log retention, monitoring, hardening, the list goes on and on. When I joined this MSP twenty years ago, I didn’t anticipate having a security engineer on staff full-time. Yet here we are – it’s a huge priority. In today’s climate, the industry needs to step up its game! MSPs need to do their research, understand and listen to what is happening to its community; interrogate their stack and make sure there are no holes. And follow the golden rule…. MFA everything!”

There is some good news in the N-able research, though. Most SMEs, seven in every 10, are planning to increase their security budget. For MSPs, this means a big opportunity is available. 

Producing award winning
work for our clients:

Best Channel Marketing / PR Agency


Corporate Excellence Awards – Winner
Best Tech-Focussed Marketing Agency

Finny’s Killer Content Awards – Winner
Best Channel Marketing Campaign

CRN Sales and Marketing Award – Finalist
Best Channel Marketing Agency

2022 ..continued

B2B Marketing Awards – Finalist
Best Channel Marketing Initiative

B2B Marketing Benchmarking Report
6th of 15 names ‘Rising Stars’ Agencies

ACQ5 Awards- Winner
Best Channel Marketing Agency

Get in touch

Tick here to agree to our Terms & Conditions and our Privacy Policy.

Thank you for supplying your details. We will be in contact.