According to a recent Kaspersky survey , 28% of managed service providers (MSPs) reported that a 2020 massive supply chain attack on an MSP software provider had affected their organization in some way. The breach also had a wider impact on the majority of MSPs as 72% of providers took action in response to the attack, even though they were not affected.
A critical aspect of incidents involving MSPs is that an attack, be it a dedicated supply chain technique or a random ransomware infection, can impact their customers. The supply chain attack implemented through SolarWinds Orion software affected enterprises, IT companies and government organizations. Meanwhile, during the attack on Kaseya in July 2021, attackers leveraged a vulnerability in its remote monitoring and management (RMM) solution to deploy ransomware to customers’ endpoints.
As a result of the SolarWinds incident, among those MSPs who were affected (28%), almost all (98%) took at least some action to respond to the incident and prevent more attacks in the future. The most common steps were switching to other IT security software providers (44%), updating contract terms and liability with suppliers (42%), and hiring additional security experts (39%). In addition to this, 35% now see the need to hire an expert in risk management, probably to avoid such incidents and mitigate the consequences for their business in the future.
Among those MSPs that were not affected but followed the incident (72%), preventive steps were mostly focused on dedicated cyber-protection measures. A third of providers (32%) adopted additional security solutions, while 27% hired additional IT security experts. Two in 10 (23%) invested in additional security training.
These proactive cybersecurity measures are very important for MSPs that want to attract clients and be trusted and reliable partners for them. In fact, cybersecurity expertise is in the top three criteria for 37% of clients when selecting a service provider for support.
“Cybersecurity challenges for MSPs also imply business opportunities, as confirmed in a recent Canalys report,” comments Mikhail Kolchin, head of MSP business at Kaspersky. “Building a security service practice can be complex, but improving their own cyber-posture should help MSPs develop frameworks to deploy security services for their customers. The measures they have already taken in response to recent incidents can be a good start to developing internal cybersecurity expertise. In this case, it is very important to find a reliable cybersecurity partner that is ready to share their knowledge and provide convenient tools to deploy new services and enter new markets.”
“Differentiation is always an issue for partners. The growth of demand for security managed services driven by the fragmentation of workforces during the pandemic has created more opportunities but also more competition for MSPs. To stand out from the crowd, partners can add more technology, more services or more skills. What customers need today is a sense of security and trust that their partners will deliver those things properly. When you know a hack is just around the corner, the way an MSP handles these incidents is a mark of quality. The first step as an MSP is to look at your business, not just from a revenue and profit perspective, but how well-equipped you are to retain your best assets in a time of industry change, and how you can make sure you keep those skills to build your status as a trusted advisor. When it comes to building a managed security practice, your best people are your differentiator,” says Robin Ody, senior analyst from Canalys.
To help MSPs to become more cyber-savvy or even jump on an opportunity to evolve into managed security service providers (MSSPs), theCanalys report developed for Kaspersky recommends the following steps:
- Service providers need to review their recent cyber-posture, capabilities, core values and operating processes. Being aware of their own infrastructure is the first step to building secure cyber-practices for customers
- On the next level, it is important to develop a skills base. MSPs can invest in vendor certification levels, software development skills and should understand their customers’ security resilience
- When the basis is built, MSPs can develop vertical-specific offerings and SOC capabilities. It is also important to get certifications for frameworks such as NIST or CIS if an MSP works with the public sector