Travis Springer recently attended MSPWorld 2019 to discuss cybersecurity trends affecting Managed IT Service Providers (MSPs).
Hosted by the International Association of Cloud & Managed Service Providers (MSPAlliance), the MSPWorld conference attracts managed IT support providers from around the world. Once gathered, MSPs congregate into any number of smaller discussion groups, each focused on solving problems unique to the MSP service industry, covering everything from growth advice to the best cloud management software tools currently available. Speakers and attendant companies are general understood to be experts in their respective fields of discussion.
Sagiss' COO Travis Springer led a discussion on the topic of MSP cybersecurity, specifically about the recent increase in cyberattacks directed at MSPs themselves. As a managed IT services provider to the DFW area for over 25 years, we were eager to share our perspective and experiences fighting these cyberthreats. Since they are effectively curators of their clients' IT networks, MSPs have traditionally concerned themselves with threats to their clients' network infrastructure. Recently however, MSPs have increasingly become the targets of these same cyberattacks.
There are a number of reasons why cybercriminals would target IT support providers. Chief among them is the hope that cracking an MSPs network will yield access to the networks of the MSPs' client companies, providing exponentially more information to steal or encrypt for ransom. They may attempt to harm data backup and disaster recovery systems, or try to interfere with otherwise secure cloud services. Naturally, Sagiss and other MSPs have built networks with multiple-redundant safeguards designed specifically to prevent such intrusions, but nevertheless the risk remains a reality. Regardless of the motivations driving these attacks, awareness remains the first and most effective step in fighting back.
Charles Weaver, CEO and co-founder of MSPAlliance, asserted that customers are beginning to question the security of MSPs. "These are legitimate questions your customers and prospects are probably thinking in their heads, if not verbalizing to you," he said. Our own Travis Springer echoed this sentiment, stating that "It is up to us to educate our clients, prospects -- the community at large."
As MSPs fight to keep hackers out of IT networks, The MSP Alliance added there was a certain level of responsibility incumbent on end-users to help keep business-critical data secure. At the end of the day, a successful cybersecurity effort is the result of effective collaboration between the IT support team and the company staff as a whole, and a number of tools have been developed to help foster these efforts.
Sagiss’ contribution to that effort is a program we call End User Security Training. This comprehensive program aims to train employees to spot and avoid phishing emails and other forms of cyberattack. Given that individual employees are often the first line of cyberdefense against ransomware attacks, it is critical that each employee be trained to spot the latest threats. Our partner businesses have access to a complete dashboard to monitor the progress of end user security training in real time.
For further reading, check out our article 7 Best Practices to Improve Phishing Awareness Training!