Top Cybersecurity Threats Plaguing MSPs and How to Protect Your Business

As a Managed Service Provider (MSP), you live with a sense of dread that one day, you’ll receive the call that a client has been breached. Or worse, that you were the entry point that allowed a devastating ransomware attack to cascade and cripple their business.


Recent statistics confirm these fears are well founded:


93% of MSPs suffered a cyberattack in the past year alone

45% were targeted by ransomware looking to turn networks into cash

62% had clients pay ransoms to recover encrypted data

28% ultimately lost clients after attacks spread from the MSP’s environment


This article will overview the top threats jeopardizing MSPs and actions you can take to implement robust cybersecurity protection.

Ransomware - An Epidemic Threat to MSPs

Of all the cyber risks facing your business, ransomware represents the most clear and present danger with potentially catastrophic consequences.


High-profile attacks like the Kaseya and ConnectWise breaches showcase how a single MSP compromise gives attackers access to hundreds of downstream customers to target. Just imagine the knot in your stomach as you get flooded with calls from panicked clients whose systems have been encrypted and operations halted – all because of a vulnerability in your network.


Other real-world examples further demonstrate how MSPs have become prime ransomware targets:


  • CloudJumper – Attack through its remote monitoring and management (RMM) tool disrupted client networks
  • Synnex – Ransomware forced services offline for a week impacting customers
  • Thoma Bravo – Acquisition Exostar hit by ransomware via Trickbot malware


The fallout from such attacks often includes:

Massive financial costs for breach response and recovery – Loss of customer trust, retention and future deals. Lawsuits, fines, and other regulatory liabilities. Months of disruption responding versus operating your business. MSPs underestimate their ransomware exposure at their peril. But you have the power to implement robust defences to match this threat.

Insider Threats - When Trusted Access Goes Rogue

The MSP business model relies on granting employees and subcontractors extensive access to client systems to provide offsite management and support.


But the same insider access privileges also introduce major risks, with potential impacts including:


Theft or exposure of sensitive customer data and intellectual property

Fraud or compromise of client systems and accounts

Sabotage of networks or resources after an insider’s exit

Unintentional insider errors that cause major outages or loss

Real-world examples underscore the damage of insider threats:


  • Kaseya COO deleted considerable MSP SaaS data in October 2019 which took months to fully restore, impacting clients
  • ConnectWise MSP suffered a data breach in February 2022 linked to unauthorized insider activity, exposing client information
  • Datto MSP employee arrested in June 2021 for crypto-jacking several client servers, misusing access

Supply Chain Attacks - When Vendors Become Threat Vectors

As an MSP, you rely on a complex web of vendor relationships with RMM, PSA, and other SaaS platforms that enable delivering managed services.


While essential, these suppliers also introduce third-party cyber risk if not vetted and monitored adequately. SolarWinds served as a wake-up call of how one vendor’s weakness can devastate MSPs and clients. Additional supply chain threat examples include:


  • SolarWinds attack compromised 18,000 customers between May and December 2020 due to tampered updates
  • Kaseya VSA server was exploited in July 2021 to distribute REvil ransomware to over 1,500 downstream businesses
  • LevelTen MSP platform was targeted in December 2022 by the Pay2Key ransomware gang, disrupting operations
  • Datto remote management tool phished in October 2019 to access and wipe MSP client data


Here is an expanded outline of best practices to avoid common MSP threats, with CyberAngels positioned as the integrated solution

Best Practices for MSP Cybersecurity

To protect against these threats, MSPs need layered defenses including:


Ransomware Prevention

  • Endpoint detection and response to block and quarantine malware
  • Email and web gateway filtering to stop phishing attacks 
  • Regular backups with air-gapped storage for quick restoration
  • Network segmentation to limit lateral movement


Insider Threat Mitigation

  • Least privilege access controls and micro-segmentation
  • Continuous activity monitoring and access auditing 
  • Data loss prevention policies to restrict breaches
  • Frequent staff training on security practices


Third-Party and Vendor Oversight

  • Cyber risk assessments before onboarding new suppliers
  • Ongoing vendor audits and authorizations
  • Monitoring and limits placed on vendor access


Incident Readiness

  • IR plans detailing roles, communications and procedures
  • Retainers with response firms for expert support 
  • Simulated breach scenarios to evaluate readiness


Time for the gold – Unified Security Stack

Tying these pieces together is challenging with disjointed tools. CyberAngels delivers integrated protection via one SaaS platform including:

  • EDR and anti-malware to block ransomware
  • Access controls, auditing and micro-segmentation 
  • Network monitoring for threat detection
  • Automated IR workflows and playbooks
  • Third-party/vendor risk management
  • Security awareness training 


Converging key capabilities streamlines management while eliminating gaps between siloed products. MSPs can finally attain robust cyber protection through the power of an integrated platform purpose-built to secure your unique environment.

Let me know if you would like me to expand or refine this best practices/solution outline in any way. I can provide more details on the capabilities and tie-ins to mitigate the top threats.

Take Control of Your Cyber Risks

While threats evolve, MSPs can implement layered protections to safeguard their business and client assets, including:


  • Next-gen endpoint detection and response (EDR) to block ransomware
  • Ongoing phishing simulations and security training
  • Least privilege access controls and privileged access management
  • Continuous vendor risk assessments and authorizations
  • 24/7 network and log monitoring for signs of compromise
  • Incident response plans primed for rapid containment
  • Security-as-a-service solutions like CyberStrong also enable MSPs to provide enterprise-grade protection for clients tailored to their unique risks and budgets.


Book a Free Consultation with Our Cybersecurity Experts.


Take control of your cyber risks today. Contact us to discuss managed security tailored to protect every aspect of your business and deliver true cyber peace of mind. Our team of veteran experts can assess your risk exposure and build a security roadmap designed specifically around your needs.


Discover areas requiring urgent improvement and steps you can take to fill gaps cost-effectively while demonstrating security leadership to clients. Lock down your business and supply chain with proactive cyber defences – book your free consultation today before threats strike.

Read more articles

Act Now

Start running our automatic non-intrusive risk assessment on your Internet-facing systems.

If you’re not ready, book a free consultation with a Cyberangels team member.