MSPs fast becoming a primary target for cybercriminals

Attacks on MSPs and their customers have almost doubled in the last 18 months—while security remains a top growth opportunity, according to independent research commissioned by N-able.

  • 2 years ago Posted in

N-able has published the result of research into the fast-changing security landscape for its partners, conducted by an independent research firm and commissioned by N-able.

 

The research found that managed services providers (MSPs) are quickly overtaking their customers as a primary target for cybercriminals. The research also revealed that while 90% of the surveyed MSPs suffered a cyberattack in the last 18 months, the number of attacks these MSPs are preventing has almost doubled, from 6 to 11.

 

The report, State of the Market: The New Threat Landscape, reflects the responses of 500 participants— sourced from the U.S. and Europe by an independent research team—about their security experiences before the COVID-19 pandemic and today, to discover what had changed. There has been an assumption that the increase in hybrid working has meant a shift in how threat attackers are operating. N-able’s research looks at that shift and what it means for MSPs.

“MSPs have worked tirelessly throughout the pandemic to ensure that the businesses they support can stay online and connected as circumstances changed,” said Dave MacKinnon, chief security officer, N-able. “But the cybercriminals they're protecting against are working equally as hard to make use of these shifts against their targets. MSPs need to understand how the threat landscape continues to evolve and make the changes needed to protect both their customers and themselves, and make the most of the enormous opportunity that enhancing security provides.”

The research reveals:

Almost all (90%) MSPs have suffered a successful cyberattack of some sort in the last 18 months, and the same amount have seen an increase in the number of attacks they are preventing each month. On average, the number of attacks being prevented has risen from six to 11.

82% of MSPs have also seen attacks on their customers rise, though not quite at the same rate, with an average of 14 attacks prevented per month.

While some progress is being made on important security processes, such as automating backup, many basics are still not in place. For example, while most MSPs offer two-factor authentication to their customers, only 40% have implemented it in-house.

DDoS and ransomware are among the main attacks MSPs are detecting, but the top attack remains phishing.

The effects of cyberattacks are wide ranging. Over half of MSPs say that financial loss and business disruption resulted after a cyberattack, but many said they have lost business (46%), suffered reputational effects (45%), and even saw their customers suffer a loss of trust (28%). While MSP budgets are only increasing at an average of 5%, they are focusing this extra investment on key areas, including data security, cloud security, and infrastructure protection.

There’s good news. The majority of SMEs, seven in every 10, are planning to increase their security budget. For MSPs, this means a big opportunity is available.

Automating key functions is critical to making headway against cybercriminals. Automated backups are the most common form of automation used by MSPs to keep their customers’ businesses secure, used by 85% of all respondents.

Research finds that the industry is struggling with a growing resource and skills gap while...
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...