Cyberattacks have dominated headlines over the past year (and more), showing the very real risk that faces organizations of every size and shape today. These attacks have caused massive data loss, crippled critical infrastructure systems, stolen money and hindered hospitals’ ability to provide care, among many other impacts.
Some of these banner attacks in 2021 included the attacks on the Colonial Pipeline, T-Mobile and JBS Foods. It also exposed vulnerabilities in popular technology offerings, including SolarWinds, Kaseya, Microsoft Exchange, Log4j and others. These are just a few examples of the estimated 1,862 data breaches during the year, nearly double the 1,108 estimated in 2020.
As a result of this rapid rise in attacks, more than 90 percent of enterprises report being the victim of a cyberattack in the past three years, according to a new survey. The report defines a successful cyberattack as one that inflicted damage or disruption, or breached the data of the organization — including traditional data breaches, operational disruption, and ransomware.
The report found that this incidence of attacks has only increased during the pandemic, thanks to several factors, including the rapid digitization of the office and the rising prevalence of remote work. Eighty-two percent of security professionals surveyed said they had experienced an increase in cyberattacks in the past two years, and 87 percent said they had seen a rise in phishing emails targeting their organization.
As a result of these startling statistics and the continued rise in cyberattacks as we head further into 2024, many businesses are looking to reassess their cybersecurity strategies to ensure they are correctly positioned to meet today’s risk landscape. Managed service providers (MSPs), in particular, should evaluate this risk matrix for both themselves and their customers.
In addition to broader enterprise groups, MSPs have seen themselves become targets for attack in recent years. The number of cyberattacks targeting MSPs jumped nearly 70 percent in 2021 over the previous year, according to MSSP Alert, with an average of 1,068 recorded attacks per week. The only two sectors noted to be at higher risk than MSPs were government and communications. This dynamic demands that MSPs take the time to reassess their own protection technologies and strategies, as well as those that they offer to their clients, to remain secure.
MSPs Reassessing Cybersecurity in 2024
Unfortunately, hackers find MSPs a very attractive target due to the nature of their work.
By targeting an MSP, an attacker can get the so-called “keys to the kingdom” and more easily work down the supply chain to compromise one or all of its customers.
For this reason, MSPs need to reassess the cybersecurity protections they have in place to defend their organization against attack. The plan should comprise basic cybersecurity hygiene principles, including leveraging encryption, patching and backups. It should also include multi-factor authentication and identifying weak access points.
Whenever they evaluate new technology vendors or services partners, they should ask careful questions about the cybersecurity protections in place and what that company is investing in to prevent attacks and eliminate vulnerabilities, and make their purchasing decisions accordingly.
Finally, MSPs should constantly evaluate to ensure that these protections are working. This includes continuously monitoring systems for signs of nefarious behavior, as well as engaging with penetration testers to identify further weak spots within the environment that could allow attackers to breach defenses. In doing so, MSP can ensure that no new gaps have arisen in their protective armor.
Elevated Offerings for Clients in 2024
Besides reassessing their own cybersecurity strategies, MSPs should also consider how they can enhance the offerings they provide to clients around this important topic. Last year, cyberattacks brought major disruption to many businesses and now all the signs point to 2024 being perhaps even worse. Despite these threats, only 49 percent of IT leaders said they felt their organization could successfully prioritize threats, and only 46 percent said they felt equipped to detect known threats.
An MSP should play an important role in helping bolster these capabilities by working hand in hand with customers to develop a strategy to enhance cyber-protection, as well as implement the necessary technologies and ongoing services. These new efforts also have the potential to add new streams of revenue for an MSP, an added bonus to the primary goal of more secure and happier customers.
Further reading 3 Reasons Why Selling Cybersecurity to the SMB is a Challenge (and What to Do About It)
The good news is that security budgets are increasing. According to one survey, 74 percent of security professionals said their budgets have increased over the past year, and many said that a larger portion of their overall IT budget is now geared towards cybersecurity. Additionally, 78 percent said they have reassessed their cybersecurity strategy since the pandemic started, suggesting they are open to guidance from an MSP on this important topic.
An MSP should start this evaluation by having a strategic discussion and assessment with clients to understand what areas of risk need to be prioritized and where those risks are the greatest. From there, it can work alongside them to implement security best practices, such as patching known vulnerabilities and implementing multi-factor authentication. It can also work to offer ongoing monitoring services for a recurring fee, or provide security awareness training.
It goes without saying that an MSP should only offer these services if they have the necessary skills and capabilities in-house to support them. Cybersecurity services have the potential to be incredibly lucrative for MSPs, but also require some investment to ensure the team is fully staffed and has the necessary technology and skills to support customers on a 24/7 basis.
Further reading Using Backup to Elevate a Cybersecurity Offering to a Cyber Resilience Offering
Cybersecurity in 2024 and Beyond — an Ongoing Threat
While 2021 was a banner year for threats by every measure, every sign shows that the trend will only continue to escalate in the years to come. With the average cost of a data breach sitting at $4.24 million in 2021, up 10 percent from the previous year, it is essential that businesses take the necessary steps to protect themselves and their customers from attack.
Further reading The Importance of Proactive Cybersecurity: Staying Ahead of the Threat Landscape
MSPs play an important role in helping their clients defend themselves against these rising attacks. As companies reassess their cybersecurity strategies, MSPs can be instrumental in guiding them towards the latest technologies and the services they need. They can also make sure they are taking the necessary steps to secure their own systems, especially as MSPs remain a target for attackers due to the nature of their work. In undertaking both of these responsibilities, MSPs are making sure they are reinforcing their value proposition as a trusted advisor, as well as potentially setting up future business growth with new, lucrative streams of revenue that will fuel further business growth for many years to come.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.
About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.