What did that say about cybercriminal understanding of the average MSP? That MSP is just like every other small business organization out there — a small victim with little capacity to pay out for ransomware recovery. This mantra began to change late last year as MSPs began to be leveraged as the initial infection vector of their larger clients. The Texas ransomware attacks were the first highly publicized examples that served as the catalyst, but certainly weren't the last.
2020 has seen a steady and continued trend of continued attacks against MSPs. Unfortunately for many SMBs, they have been brought into a new reality: They are included as victims by inheritance through their use of MSPs, often through no fault of their own. These SMBs are stuck in an ultimate catch-22. As they are far too small to effectively invest in their own IT management, partnering with an MSP makes sense. Yet this partnership can be fraught with new risks, many of which the SMB sector itself doesn't fully recognize.
CCSI provides Managed IT Services that bring superior operational control as well as the latest technology to organizations across various industries. Contemporary Computer Services, Inc. (CCSI) is a dynamic managed services and integration provider that delivers quality engagement through careful discovery, planning, design, and implementation followed up by strong operational support. CCSI’s primary objective is to provide business solutions that ensure clients achieve and maintain a competitive edge
Thank you for shining a light on this systemic vulnerability. I don't think organizations realize that, in many ways, they inherit the security of their service providers. As another commenter noted, the RMM is overdue for radical reinvention. Security-minded MSPs may need to think about delegated access to customer environments, privileged access workstations, or other methods for remotely administering customer environments without that big fat one-to-many target that RMM represents. I think the MSP tooling ecosystem is general is problematic - MSPs design for scale and efficiency (making them an economical option for customers as opposed to hiring internally), but do I really want my password manager integrated into my RMM? Maybe not... There's a lot of market share out there waiting for MSPs that can develop real cybersecurity maturity.
There are, however, some base requirements that most MSPs will have when partnering with you and your business. They will want to make sure that your systems are up to date enough so that they are able to keep you and your business safe. For example, it will be hard to give you the service you need if you are running off of outdated computer systems. They’ll want to update these older systems and ensure that the proper toolkit can be used to keep you secure. MSPs will typically want to use specific hardware as well, installing things like their own firewalls and BDRs (backup and disaster recovery). This allows them to keep your cost down and run their services more efficiently for everyone.
Miles Technologies is an IT and software firm founded in 1997 and headquartered in Moorestown, N.J. With an additional office in Philadelphia, they operate with a team of over 300 employees to provide various services, including custom software development, mobile app development, and cloud consulting and SI. Their clientele consists of small, midmarket, and enterprise companies within the business, financial, or health care industries.
Backup and Disaster Recovery (BDR)—a combination of data backup and disaster-recovery solutions that works cohesively to ensure an organization's critical business functions will continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.