Time for some cold hard truth about security, folks. Around this time last year, the Department of Homeland Security issued a warning that hackers were increasingly targeting managed service providers (MSPs) to launch ransomware attacks across end-customer systems. The Australian government echoed these concerns, noting that the trend is global in nature. Since then, we’ve seen high-priced ransomware attacks executed, following the pathway of moving from the MSPs system across to their client’s, crippling end user organizations. Most recently, an MSP in Spain was targeted and faced ransom demands of just under US$836,000. The problem, of course, is that many MSPs overestimate the adequacy of their security preparedness.
For any MSP concerned about security, best practice is to place security at the top of the list when vetting vendors—not flashy dashboards, and certainly not price.
For those who weigh pricing as a top priority, consider the following. No one is denying that low monthly fees are desirable, especially for an MSP just starting out with a relatively modest client base. However, this is an incredibly short-sighted approach to take. If a cybercriminal were to successfully attack your MSP and access your client’s data, how would this impact your business? When compared to a $150,000 ransomware attack, the monthly fees are eclipsed.
This notwithstanding, your business’ reputation takes a substantial hit, potentially putting an end to its ongoing viability. What about the expenses from a lawsuit launched by clients whose data was compromised? Even the most comprehensive insurance plan won’t be able to cover the impact to your reputation, and following an attack will likely increase your premiums and demand that you improve security.