WatchGuard Blog

90% of MSPs have suffered a cyberattack in the last 18 months

MSPs are being targeted by cybercriminals, as a single successful attack opens the door to multiple victims. This puts additional pressure on cybersecurity partners to step up the security services they offer their customers.

The figures are worrying, as 9 out of 10 managed service providers state they have suffered a successful cyberattack since the start of the pandemic. This means MSPs are overtaking end users as the main target of malware, ransomware, phishing and other threats. DDoS and ransomware are among the most widespread attacks on cybersecurity providers. However, phishing is still the primary technique used by threat actors.

More than half of the MSPs affected state that they experienced financial losses and business disruption after falling victim to a successful cyberattack. So what are the main reasons for MSPs being in the line of fire?

1- They serve multiple customers, which unlocks access to more endpoints: as digital transformation accelerates and awareness of the need for cybersecurity increases within companies, a growing number are delegating this task to managed service providers. Some smaller partners may lack the resources or expertise in their workforce to maintain a cybersecurity infrastructure that covers a larger customer base.

2- MSPs' network structure can enable widespread attacks: in addition to the increased number of endpoints, MSP networks are also vulnerable to distributed and generalized threats. It is not just a question of the number of potential victims, but of attacking them at the same time. This type of attack is usually associated with ransomware.

3- MSPs do not control all aspects of their customers' security: An MSP may be assigned to manage a company's data but may not control other areas of the customer's security. Often these tasks are left to internal departments, and gaps in knowledge can occur easily, as well as discrepancies between an MSP's mandate and the customer's own activity. The customer, in turn, may work with other external providers, adding another layer of complexity.

How to avoid being part of these statistics?

Cybersecurity authorities in the UK, Australia, Canada, New Zealand and the US recommend that MSPs implement the following basic security measures. To prevent being compromised initially they recommend:

  • Enhancing the security of vulnerable devices through the use of remote access VPN solutions and employing software vulnerability scanning tools.
  • Protecting against brute-force attacks and password spraying by using multi-factor authentication for all online accounts and services, and incorporating solutions that monitor and detect anomalous behavior that is potentially malicious.
  • Looking out for phishing attacks by paying attention to anomalous behavior, such as a request from a manager or colleague that seems strange. Similarly, incorporating protection at the DNS level enables content filtering and protects against potential phishing attacks.

In addition, MSPs must log and monitor the activities of the delivery infrastructure used to provide services to the customer, as well as log their own activity on the company's internal network.

Enforcing multi-factor authentication (MFA) is a critical factor. Although most MSPs offer two-factor authentication (2FA) to their customers, only 40% of MSPs use it internally. MSPs should implement MFA on all accounts that have access to customer environments and should treat those accounts as privileged.

Implementing the authorities' recommendations can be complicated if you have untethered security tools that, in addition to increasing complexity, raise cost, create vulnerabilities, slow response and decrease efficiency. With this approach, providing the level of protection that customers demand while maintaining your own becomes a challenge. In a recent Pulse survey, 95% of MSPs said that switching between various products and interfaces leads to a loss of productivity and, therefore, control.

Establishing a single security platform generates multiple benefits, simplifying management for customers and for MSPs by managing the different security tools on a single console in the Cloud and, on the other hand, providing visibility that is otherwise unattainable.