As a managed services provider (MSP), you’ve heard loud and clear that cybersecurity is a priority for your clients. They demand effective endpoint security solutions as a part of a comprehensive, layered security strategy and contract your services to monitor activity and alert them when potentially malicious activity takes place. Protecting your clients’ data and their networks have become a routine, albeit critical, part of providing managed services.
But what are you doing to protect your own network?
Be aware that cybercriminals see MSPs as targets that will yield a high return for their efforts. Therefore, instead of targeting just one business and its computing power and data, hackers can multiply potential returns by gaining access to an MSP’s network and look for ways to compromise all of their clients—as well as their IP, records, and customers and payment data.
This threat isn’t just hypothetical. It’s real.
Statista reports that IT service providers have experienced a range of attacks, from denial of service (DoS) attacks and attacks on publicly exposed services to attacks on routing protocols and large-scale malware attacks.
Practical Advice for MSPs
MSPs aren’t defenseless against cyberthreats, however. Dark Cubed suggests these steps to minimize the chances of a security breach:
- Ensure all remote access capabilities are accessed via VPN and require multifactor authentication.
- Establish and enforce strong password policies.
- Use service accounts for MSP agents and services.
- Manage access to accounts by setting the time of day they can be used and expiration dates that align with your contracts.
- Use architecture that tiers accounts, so accounts that require higher privilege will never be accessible through lower tiers of the network.
- Use a threat analytics solution that alerts you to changes in your network and your customers’ networks.
- Stay on top of alerts from government agencies such as the National Cybersecurity and Communications Integration Center (NCCIC) within the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
Keep in mind that this list is not exhaustive. There’s much more you can do to secure your network. Dark Cubed suggests you refer to NIST’s Cybersecurity Framework.
“A Crisis of Credibility”
In the report, Attacking the Gatekeepers, Dark Cubed acknowledges that the pervasive threat of cyberattack has put MSPs in a difficult position. You need to practice what you preach when it comes to cybersecurity, implementing state-of-the-art security solutions, including endpoint protection, firewalls, web security, mobile device security, and data loss prevention solutions, for your own networks. You must, however, balance that need with the costs of your offerings and communicate your security services value proposition in a way that doesn’t trigger your clients to look for more affordable options.
One of Dark Cubed’s MSP users commented, “We are fighting a losing battle.”
Don’t concede defeat. Your expertise in security, finding cost-effective solutions tailored to specific needs, and leveraging the knowledge and support of partners, can help protect your own business as well as your clients.
For more information on the current threat landscape for MSPs and what you can do to protect your network, your clients, and your business, download the Dark Cubed report Attacking the Gatekeepers.