Guest Column | October 13, 2022

9 Of 10 MSPs Surveyed Have Had Cyber Attacks Penetrate Their Defenses

destroyed cyber security design GettyImages-1338188695

If you’re the one out of ten MSPs that has managed to avoid a security breach, congratulations! However, you may be next. Attacks on Managed Service Providers (MSPs) have more than doubled over the past two years as threat actors continue to make MSPs primary targets.

A 2022 study shows that 90% of MSPs have been hit with a successful cyberattack during the past 18 months. Total attacks have risen as well to an average of 18 a month. At the same time, 82% of MSPs also reported an increase in attacks targeting their customers.

The resulting damage from these attacks has been far-reaching.

  • Fifty-eight percent of MSPs have suffered a financial loss.
  • Fifty-six percent of MSPs have experienced a business interruption.
  • Forty-six percent of MSPs said they lost business or contracts due to cyber attacks.
  • Forty-five percent of MSPs reported losing customers.
  • Twenty-eight percent of MSPs reported damage to their reputation.
  • Twenty-eight percent of MSPs saw an erosion of trust from customers.

The report, produced by Coleman Parkes Research, showed significant vulnerabilities among MSPs. Many are not taking the types of precautions needed to prevent attacks. For example, only 40% of the MSPs surveyed use two-factor authentication (2FA) on their systems — despite advising their clients to do so.

The survey showed that in general, MSPs are still not focusing on the basics of cybersecurity. Budgets for security are growing, but at a modest 5% despite the increased attacks.

Most Common Types Of Cyber Attacks

MSPs have become attractive targets for cybercriminals because they can be used as springboards to infiltrate customer networks. A successful breach by an attacker can provide access to hundreds or even thousands of clients and create a domino effect of damage, allowing attackers to acquire valuable intelligence and confidential data.

The rise in remote work also has provided significantly larger attack surfaces.

The most common type of cyber attack continues to be email phishing, making up three-quarters of all attacks. Therefore, ensuring you have a robust email server and secure gateway solution to mitigate risks is essential to mitigating threats and protecting your customers.

In addition, 56% of MSPs also reported Distributed Denial of Service (DDoS) attacks. Forty-two percent said they were hit with ransomware.

Persistent, Increasing Attacks On MSPs

These persistent attacks were frequent enough that cybersecurity agencies from the U.S., U.K., Australia, Canada, and New Zealand put out a joint warning to “expect state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.”

The rare alert from the agencies in the Five Eyes intelligence alliance noted increased reports of malicious activity targeting MSPs and recommended they take immediate action to thwart initial attack methods, including:

  • Hardening defense against phishing attacks and malicious emails
  • Improving defenses against brute force and password spraying activity
  • Protecting internet-facing services for customers
  • Improving the security of vulnerable devices

“Malicious cyber actors continue to target managed service providers, which can significantly increase the downstream risk to the businesses and organizations they support. That’s why MSPs and their customers must take action to protect their networks. Securing MSPs is critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

- CISA Director Jen Easterly on the agency’s website.

MSPs are also advised to take proactive measures to manage their internal architecture risks, including:

  • Identifying and disabling accounts that are no longer active
  • Enforcing multi-factor authentication (MFA) on MSP accounts that connect to the customer environment
  • Make sure all patches and updates are applied to avoid falling victim to known exploited vulnerabilities (KEVs)
  • Ensuring customer contracts clearly identify responsibility for cybersecurity and ownership of data
  • Regular testing and validation of backups for critical systems and customer data
  • Refining and testing incident response and recovery plans

MSPs should also segregate internal networks as much as possible and make sure each customer account has unique admin credentials to help prevent lateral movement once inside an MSPs' infrastructure. Microsegmentation is a key element of enabling zero trust protocols, allowing users access to only what they need and requiring authentication and authorization throughout their network.

Another key to protecting assets includes enhanced monitoring and logging. With the average data breach taking 212 days to detect and another 75 days to contain, the earlier MSPs can detect anomalous activity, the faster they can resolve breaches.

According to an IBM study, companies that had a mature approach to cloud modernization and IT infrastructure were able to detect and respond to incidents more than two months faster than other organizations that had less mature cybersecurity protocols.

Protect Your Network And Your Customers

Since the overwhelming majority of cyberattacks begin with email phishing, MSPs must deploy enhanced email security to mitigate risks. On-premises security gateways and hosted security gateways provide MSPs protection in multiple ways.

External Email Threats

Inbound email messages undergo a variety of security tests to block external threats from accessing your system. This includes:

  • Antispam, antivirus, and antispoofing
  • Email authentication
  • Multiple levels of email filtering
  • Block and allow lists

Internal Email Threats

By filtering outbound emails, you also can detect and prevent unauthorized transmission of sensitive information outside of your network. You also can:

  • Automatically redirect HTTP requests to HTTPS, which helps protect website data from being intercepted by a malicious third-party
  • Employ SSL and TLS encryption
  • Employ custom email filters using the Sieve Filtering language for policy enforcement

Detailed Logs And Reports

Detailed admin logs and comprehensive reports allow administrators to track and assess behavior to identify patterns and potential problems, including:

  • Email status (delivered, quarantined, rejected)
  • Advanced message log search filters
  • Real-time charts for spam, antivirus, inbound, and outbound email

Robust Administration & Performance

Provide flexible protection and administration, such as:

  • Quarantining suspicious emails for closer inspection
  • Defense layer customization for security rules
  • Intuitive navigation and easy-to-manage security settings

MDaemon Technologies is an industry leader in privacy and security, helping MSPs manage and protect against inbound email threats and outbound data loss.

Learn more about SecurityGateway or sign up for a free trial today.