With great power comes great responsibility.

Managed & Cloud Service Providers (MSP & CSP) serve an invaluable role in operating and securing companies’ digital assets. As gatekeepers for a broad range of critical systems, MSP/ CSP are tasked with laying the security groundwork essential to keeping businesses safe from hackers and malware.

In this perfect storm, CSP & MSP have increasingly served as a lightning rod for hackers. Drawing in malware and cyber attackers from across the globe, hell-bent on extracting data from ill-equipped companies hampered by limited budgets and loads of responsibility.

Years ago, MSPs didn’t need to offer warranties or indemnities. Today, customers demand MSP & CSPs to ensure their data is safe and increasingly take financial responsibility if anything goes wrong.

In this article, we’ll take a look at why CSP & MSP are being targeted by hackers, who are leading these attacks, and some tools that can prevent loss of critical data and supposedly secure infrastructures.

Why are MSP being targeted?

MSPs and CSPs are targeted by hackers because they serve as a gateway for all their managed customers data.  Hackers are quickly realizing that MSP & CSP are the storehouses of the vital data for their customers. Rather than target each individual business or organization, hackers have shifted their attention to the central depositories which- when breached- can provide an enormous cache without all the work of multiple cyber-attacks.

As hackers become more sophisticated, they have increasingly targeted MSP & CSP because of their willingness to pay larger ransom sums compare to regular companies at the same size.  MSP&CSP simply have greater exposure and responsibility in managing a broad range of system functions and therefore are.  obligated to ensure higher level of security.

MSPs are being attacked more

According to an alert released by the US Secret Service, “Cybercriminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks

As a result, “The conditions that exist today create an environment where partners are the most efficient way to make a payday. Rather than having to breach a number of individual companies, attacking a single MSP will allow for access to many potential victims in one fell swoop,” said Dan Garcia, a senior security engineer at Datto.

According to Dark Reading: “Many small to midsize businesses (SMBs) rely on MSPs to assist them with cost-effective management of IT infrastructure, monitoring, and general support. Companies regularly put their trust in MSPs to protect their data, but we have to remember that MSPs are often small businesses themselves. And as attack vectors increase by the minute, there seems to be no end in sight to the growing pressures on MSPs.”

When a CSP or MSP is a SMB the risks are amplified

MSPs are often much smaller than the companies they serve – in fact, 65 percent of MSPs have less than 10 full-time employees, all the while 80% of MSPs agree that their own businesses are being increasingly targeted by ransomware attacks.

With small teams and even smaller budgets, MSP/ CSP are forced to skillfully piece together effective prevention and protection solutions that meet exacting customer specifications at a price point feasible to bundling services.

The vast majority of cybersecurity defense solutions are purpose-built for the enterprise.”[i]  As a result, the majority of the battle-tested security solutions and their extensive feature sets are not realistic for SMB.

Tools to decrease the risk

MSP & CSP need to be creative in their security deployments and use the same best protection solutions they offer their customers. While historically best in class solutions were limited to enterprise customers, a full range of dynamic security solutions are now available to fill the gaps for business of all sizes. From email protection, and endpoint security to SIEM systems and employee cyber awareness, SMB have a number of value driven options to improve their internal security.

For MSP & CSP with limited resources and manpower prioritizing risk is key. With over 94% of malware delivered via email its only logical to focus on protecting the email gateway for attack.

Email protection 

On average, 82% of organizations have faced an attempted email-based security threat in the past year, with 91% of all cyber attacks beginning with an email from an unknown sender. As the email channel has been broadly recognized as the most impactful pressure point for malware infiltration IT teams must prioritize email security or be prepared to pay the price.

Legacy systems traditionally have offered significant value in preventing malicious files from causing havoc, but at a price point only accessible to enterprise customers. Even with these high value/ high-cost solutions in place businesses are still at risk for zero-day attacks, ransomware events and basic employee error.

Between high price points of existing solutions and the ever-expanding list new malware types that consistently bypass them anyway, a need has arisen for new options had to come to the market geared to SMB.

For SMB looking to enhance email security, there are a wide range of easy to deploy options with competitive price points to choose from.  From increasing native email protection policies, adding a third-party security application, or integrating an off-the-shelf  detection-less solution like Content Disarm & Reconstruction product SMB are relying upon a verity of layers to provide the highest level of email security.

Business Continuity & Disaster Recovery systems

MSPs & CSPs must practice what they preach in regards to email security. With 92% of MSPs reporting that clients with Business Continuity & Disaster Recovery (BCDR) solutions in place are less likely to experience significant downtime during a ransomware attack, very few implement this technology. 4 in 5 MSPs report that victimized clients with BCDR in place recovered from the attack in 24 hours, or less.

BCDR services combine legacy systems, employee training, and innovative technological advancements to protect the business from risk and data loss.

Some of the most common elements of BCDR systems include; Advanced Threat (ATP) & Endpoint protection, Employee training, security information event management (SIEM) processes as well as multilayer email security system.

Advanced Threat & Endpoint protection  

According to AttackIQ and the Ponemon Institute “68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

In order for malware and cyber risk to be effectively mitigated a strategy which incorporated both methods of detections, such as antivirus or firewalls as well as preventative solutions such as Advanced threat protection, end point protection and CDR filtration.

To enhance malware protection at the vital gateways to user data ATP solutions can provide significant added value to existing deployments. ATP and endpoint protecting policies differ in methods and composition, but typically include some combination of; endpoint agents, network devices, email gateways & malware protection systems to decrease end user’s probability of seeing let alone accessing malicious content.

Security Information Event Management (SIEM) 

SIEM solutions combine four critical security processes to more precisely guide the admin security outlook. By bringing all of these processes together to collect, analyze, and report on log data admins can better manage and prevent cyber risk.

The majority of SIEM systems include:

  • Security event management (SEM) – which analyzes log and event data in real-time to provide threat monitoring
  • Incident response
  • Event correlation
  • Security Information Management (SIM)

SIEM systems function by deploying multiple layer agents in a hierarchical fashion to coalesce security-related information from servers and network equipment to end-user devices. This process often synchronizes “specialized security equipment, such as firewalls, antivirus or intrusion prevention systems (IPSes). The collectors forward events to a centralized management console, where security analysts sift through the noise, connecting the dots and prioritizing security incidents.”

The implementation of SIEM system does have its downside. Between the high price point and the requirement of a well-versed team running the SIEM technology, the software itself has limits. This model is rapidly changing though, as many software providers are beginning to provide SIEM product offering in a SaaS set up to better suit the financial limitations of SMBs.

SOAR process then automates the data points from the SIEM system to remove the malware from the server, and deactivating the mailouts files within.

By bringing all of these processes together to collect, analyze, and report on log data admins can better manage and prevent cyber risk.

Employee Training and limited admin permission  

According to Verizon’s 2019 Data Breach Investigations Report, over a third of breaches, last year were caused by insiders. By continually training staff on common threats and new cyber risk, vital users dramatically decrease their risk of causing major damage to secure data and customer information.

While it may seem like a forgone conclusion in most industries that employee cyber training is an essential element to mitigate risk, for MSPs & CSP employee training continues to lag behind, resulting in staff unaware of the full extent of the cyber treats that they actively face.


CSPs & MSPs will remain the focal point of cyber-attacks as long as they act as the gatekeepers for their customers most important data. With their responsibilities growing daily, CSPs & MSP must navigate the constant threat of small hacker groups to state sponsored multinational cyber-criminal networks, all razor focused on attacking the most vulnerable low hanging fruits (MSPs & CPSs) to maximizes on the potential data and secure information they can exploit.

While the risk and attack surface are sizable, the tools for mitigating the consequences of this expansive range of cyber risk have never been stronger.

From advanced email protection systems which stop malware at the gateway of critical infrastructure, to SEIM and ATP policies designed to prevent common malware types and the influx of opportunistic cyber attackers, CSPs & MSP have the technology and motivation to implement these dynamic solutions to dramatically decrease cyber risk and the loss of secure customer data.

As originally posted in Computer Fraud & Security Magazine