top of page

MSP Security: What MSPs Need to Know

Why is Cyber Security Important to MSPs?

Aside from the obvious - we are in the midst of an epidemic of cyber-attacks - cyber security is important to MSPs because, whether they want to be or not, MSPs are the tip of the spear when it comes to protecting their clients. Especially when it comes to the small and medium sized business (SMB) community, MSP clients look to their MSP for all things technical or computer related. And if they suffer a breach, irrespective of how the service contract reads, they'll be calling the MSP. Moreover, if you're an MSP and you're not providing cyber security services to your clients, another organisation will deliver MSP security.

What is MSP Security?

In today’s environment, when anyone in the technology world uses the word “security,” it inevitably means cybersecurity. Thus, the phrase “MSP Security” is a reference either to the cyber security of an MSP’s organisation, or the MSP’s clients, or both. Certainly, the protection of the data on the networks of an MSP’s client is often either explicitly or implicitly the responsibility of the MSP. But the security of the MSP’s infrastructure maybe even more important, simply because a compromise of an MSP’s network could easily lead to illicit access of the data of the MSP’s clients. Cyber criminals can breach one entity and potentially access many. Importantly, therefore, MSP security is a combination of protecting the MSP business’ infrastructure, as well as protecting that of the MSP’s client base.

What are the key Elements of MSP Security?

It’s easy to say that the key elements of MSP security are the same as any other business, but that’s not necessarily the case. Many MSPs service small businesses – medical practices, accounting firms, small law firms, title companies, for example – who can’t afford cyber security solutions built and designed for large enterprises with generous budgets and teams of cyber security analysts. Thus, MSP security has to be exceptionally wise, select cyber security products that match the threat posed to the SMB community, and be constantly aware of not only the costs associated with the security product, but also the complexity, ease of installation, and maintenance requirements. To reiterate, cybersecurity solutions all designed for a target market, so those originally conceived for the large enterprise and “dumbed down” for the SMB community can introduce a mountain of challenges for the typical MSP customer, or even the smaller MSPs themselves.

How is MSP Security Different than Enterprise Security?

An experienced burglar can undoubtedly penetrate a home security system given enough time and commitment. But rather than expended substantial effort to rob the house with the alarm system, most thieves would likely choose to rob the house next door, the one without any defences.

Seasoned pen testers can compromise just about any network given enough time and resources, but even those with little experience can penetrate poorly protected enterprises using freely available tools.

We’ve learned over the past few years that cyber criminals view the world through this kind of opportunistic lens, particularly when it comes to attacking the SMB (Small and Medium Sized Businesses) community. If professional cyber attackers from the Russian GRU, China’s PLA Unit, or North Korea’s Bureau 121 want to compromise just about any enterprise network, it’s very unlikely they can be stopped indefinitely. If an enterprise spending hundreds of millions of dollars is still at risk from sophisticated attackers, then the local roofing supply company, regional trucking provider, or an attorney law firm wouldn’t have a chance.

Fortunately, state-sponsored cyber criminals are focused with much more ambitious objectives than attacking the police department in a 10,000-persona town in the Midwest. Unfortunately, this does not spare the SMB community for the threat of cyber-crime. Inf fact, there are countless cyber-criminal entrepreneurs that see the SMB as a potential cash cow, largely unprotected and easy to target with broad, commoditized automated attacks that probably would be much less likely to work against a larger company. The logic is disturbing for the SMB community, but solid for the attackers: when they can use the same server to target thousands of businesses and get a success rate of 10%, cyber criminals can profit handsomely with little to no effort. Returning to our alarm system analogy, this means those houses without an alarm system are an easy mark and will eventually be exploited.

What Does an Attack on an MSP’s Client Look Like?

When a nation-state actor targets a large private or government organisation, the attack can take months to plan, involve weeks of probing, reconnaissance and extensive research, target specific individuals, leverage obscure vulnerabilities or spear phishing, and require multiple, highly skilled cyber attackers. If you’ve never reviewed the MITRE ATT&CK Framework – you really should – it is a fascinating piece of work (see: that details attack methodologies observed over time by cyber bad actors.

While the same processes exist in attacks on the SMB, it is much, much easier to achieve success in the community, as evidenced by the countless number of hacks and ransomware incidents we see hitting the SMB every day.

It is easier because SMB systems and networks will never be defended the same way an enterprise network can be. This comes down to simple economics of time, money, and people. To build a sophisticated security program that takes into account all the stages of the attack life cycle is no easy effort. Because of this challenge, cyber criminals can be highly successful leveraging widely available tools to identify targets with glaring vulnerabilities, and in the largely unprotected SMB world, there are no shortage of options for the bad guys. Take, for example, a port scanning tool called masscan, available free of charge on Github, that can “scan the entire Internet in 5 minutes”. Cyber criminals can use tools like this to identify open ports on networks anywhere essentially unlocked gates that can form the foundation of successful attacks.

What are MSP Security Vulnerabilities?