72% of MSPs take action after headline-making cyberattack

According to a recent Kaspersky survey, 28% of managed service providers (MSPs) reported that a massive supply chain attack on an MSP software provider, revealed in December 2020, had affected their organization in some way. The breach also had a wider impact on the majority of MSPs: overall, 72% of providers took action in response to the attack, even though they were not affected. This and other security incidents targeting the IT service ecosystem highlight the need foshrr increased cybersecurity across MSPs, including both internal protection and specialized security services for customers.

A critical aspect of incidents involving MSPs is that an attack, be it a dedicated supply chain technique or a random ransomware infection, can impact their customers. The supply chain attack implemented through SolarWinds Orion software affected enterprises, IT companies and government organizations. Meanwhile, during the attack on Kaseya in July 2021, attackers leveraged a vulnerability in its remote monitoring and management (RMM) solution to deploy ransomware to customers’ endpoints.

As a result of the SolarWinds incident, among those MSPs who were affected (28%), almost all (98%) took at least some action to respond to the incident and prevent more attacks in the future. The most common steps were switching to other IT security software providers (44%), updating contract terms and liability with suppliers (42%), and hiring additional security experts (39%). In addition to this, 35% now see the need to hire an expert in risk management, probably to avoid such incidents and mitigate the consequences for their business in the future.

Among those MSPs that were not affected but followed the incident (72%), preventive steps were mostly focused on dedicated cyber-protection measures. A third of providers (32%) adopted additional security solutions, while 27% hired additional IT security experts. Two in 10 (23%) invested in additional security training.

These proactive cybersecurity measures are very important for MSPs that want to attract clients and be trusted and reliable partners for them. In fact, cybersecurity expertise is in the top three criteria for 37% of clients when selecting a service provider for support.

Cybersecurity challenges for MSPs also imply business opportunities, as confirmed in a recent Canalys report. Building a security service practice can be complex, but improving their own cyber-posture should help MSPs develop frameworks to deploy security services for their customers. The measures they have already taken in response to recent incidents can be a good start to developing internal cybersecurity expertise. In this case, it is very important to find a reliable cybersecurity partner that is ready to share their knowledge and provide convenient tools to deploy new services and enter new markets,” comments Mikhail Kolchin, Head of MSP Business at Kaspersky.

“Differentiation is always an issue for partners. The growth of demand for security managed services driven by the fragmentation of workforces during the pandemic has created more opportunities but also more competition for MSPs. To stand out from the crowd, partners can add more technology, more services or more skills. What customers need today is a sense of security and trust that their partners will deliver those things properly. When you know a hack is just around the corner, the way an MSP handles these incidents is a mark of quality. The first step as an MSP is to look at your business, not just from a revenue and profit perspective, but how well-equipped you are to retain your best assets in a time of industry change, and how you can make sure you keep those skills to build your status as a trusted advisor. When it comes to building a managed security practice, your best people are your differentiator,” says Robin Ody, Senior Analyst from Canalys.

To help MSPs to become more cyber-savvy or even jump on an opportunity to evolve into managed security service providers (MSSPs), the Canalys report developed for Kaspersky also recommends the following steps:

  • Service providers need to review their recent cyber-posture, capabilities, core values and operating processes. Being aware of their own infrastructure is the first step to building secure cyber-practices for customers
  • On the next level, it is important to develop a skills base. MSPs can invest in vendor certification levels, software development skills and should understand their customers’ security resilience
  • When the basis is built, MSPs can develop vertical-specific offerings and SOC capabilities. It is also important to get certifications for frameworks such as NIST or CIS if an MSP works with the public sector

To get more insights about the state of MSPs, their challenges and demands, please read the full report ‘MSP market focus in 2021: IT security challenges and opportunities in the new normal’ here.