Attacks on MSPs may lead to greater regulation
Managed service providers (MSPs) are a prime target for cybercriminals as they offer a gateway to the networks of the organizations that they manage, allowing attackers to go after many businesses from one place.
A new report from Perch Security looks at major MSP-related security events and trends from 2020 and makes predictions for 2021 with contributions from MSPs, partners, and security experts.
MSPs have a diverse set of client organizations to support and each managed company has its own priorities, compliance requirements and level of risk tolerance. Educating clients about security and convincing them to pay for more security can therefore be challenging.
A new tactic known as a 'Buffalo Jump' -- predicted by Perch in 2020 -- is being used by cybercriminals to ransom a service provider and many of their customers at once. Nearly 73 percent of MSPs report that at least one of their clients had a security incident in the past year with nearly 60 percent of these involving ransomware.
The threat is being taken seriously though with 75 percent of respondents saying that their security spending would increase by on average 12.1 percent.
"Unfortunately for MSPs, all of the predictions we made in our inaugural 2020 report came true. But the good news is that after taking some serious blows, MSPs have woken up to the existential threat they face from cyber criminals and are finally fighting back," says Wes Spencer, CISO of Perch Security. "Our focus is bringing world-class threat detection and sharing to MSPs, and we hope this report, which we’re now doing annually, is something MSPs can look forward to as an indispensable resource for improving cybersecurity for themselves and their SMB customers. Later this year, we'll begin working on the 2022 report using the new ConnectWise SOC."
Perch's top predictions for 2021 include the first moves being made by government and insurance providers to begin regulating the MSP industry. It also predicts that attackers will begin exploiting MSPs' reliance on, and lack of understanding of the cloud, and that cyber extortion will vastly increase the costs and time to recover from breaches.
You can register for a webinar to discuss the findings to be held on April 14th.