When it comes to cybersecurity, most of us think internally – in terms of what we can do to secure our own networks and devices. But recently, people have become more aware of how important it is that the third parties who connect to our network are also secure. This includes suppliers, vendors, and business partners. But what about your MSP itself? If they’re not secure, are you? Here’s what our MSP in Melbourne has to say.

MSPs are under attack

An MSP is a treasure trove for hackers because once they’re in, they can get admin-level access to ALL their clients – their websites, cloud storage, and all their data. It’s a bit like hitting a bank rather than stealing wallets.

Also known as supply chain attacks, these are especially dangerous because they come from within your trusted network. So, for example, if someone hacks your MSP, they can send a completely legitimate email to you or your staff saying they need to download the latest patch for your system. You click on it because you trust the source – and wham, you’re infested with ransomware or malware of some kind.

And it’s happening more and more frequently:

  • In December 2022, New Zealand’s Mercury IT MSP was hit by a ransomware gang known as LockBit 3.0. Many of their clients were compromised and their data leaked on the dark web, including private companies, health insurers and healthcare companies, the NZ National Nurses Association, and even the NZ Ministry of Justice.
  • In August 2022, an IT supplier for the UK’s NHS was hit with a ransomware attack that caused NHS 111 service outages and targeted patient notes and visitor booking.
  • In July 2021, Kayesa VSA was hit by a similar attack by REvil, affecting over 1,500 small businesses worldwide.
  • 90% of MSPs suffered a successful cyberattack in the 18 months leading up to March 2022

What can you do to make sure your MSP is secure?

According to the Five Eyes intelligence alliance (UK, NZ, Australia, Canada, and the USA), there are several key cybersecurity requirements when it comes to selecting an MSP:

  1. Make sure they are compliant  
    In an effort to combat cyberattacks, many of which are well-funded and even state-sponsored, governments around the world are rolling out stricter regulations for data security. Your MSP must be able to show that they are fully compliant with these requirements.
  1. They must utilise CIS benchmarking
    These are globally-recognised best practices for cybersecurity created by the Center of Internet Security (CIS). They are designed to help MSPs not only meet compliance criteria but also implement and manage defences most effectively. This includes global frameworks such as NIST Cybersecurity Framework (CSF), NIST SP 800-53, ISO 27000 standards, PCI DSS, HIPAA, and more. 
  1. They need to be cybersecurity specialists 
    It’s not enough to be an MSP that can host websites, set up your cloud requirements, and fix technical issues. Because every vector of technology can be utilised by hackers, cybersecurity knowledge is absolutely essential regardless of what other services your MSP is supplying. They need to be able to identify possible threat vectors, evaluate your vulnerability, and put in place measures that protect you from all threats – including those that target the MSP directly.
  1. Your MSP must have a comprehensive cybersecurity approach 
    When it comes to cyberattacks, it’s important that your MSP isn’t just working on preventing the attack – that’s because there is no way to secure your network 100%. You need a specialist who is able to not only secure your digital assets, but also teach your employees how to avoid an attack, how to respond in the event of an attack, and have measures in place to ensure a fast, complete recovery.
  1. They must be proactive – and drive ROI 
    If there’s one thing hackers are good at, it’s doing their homework. Cybersecurity is a race between how creative and sophisticated these powerful groups get, and how quickly we can keep up. Because the threat is constantly evolving, your MSP’s cybersecurity must too. Their approach to your organisation as well as their own cybersecurity must be proactive to deliver true value. At the same time, their contributions and services must show ROI – whether it’s demonstrating fast recovery time, a lower percentage of downtime, or the number of attacks it’s preventing.

Otto – An MSP that takes cybersecurity seriously

At our MSP in Melbourne, we know that the safer we are – the safer our clients are. Not only do we continually drive our own expertise in the area and offer exceptional cybersecurity solutions, but we also drive the value of these services to our clients.

We also run FREE expert-led events (online and in person) on current cybersecurity threats, IT awareness, and advice for businesses.

And best of all, we do it affordably. We understand that small and medium-size businesses are a high-value target for hackers – and we know how to stop them without breaking your budget.

Give us a call and let’s chat about how we’ve got your back!

, Cybersecurity – How Secure is Your MSP?

Written by

Milan Rajkovic

Milan is the CEO at Otto – where his focus is changing IT up. Milan is highly focused and skilled in Storage, IT Service Management, IT Strategy, Professional Services, and Servers.