5 MSP cybersecurity threats (and how to stop them)

msp cybersecurity threats

Few targets are as enticing to cybercriminals as managed service providers (MSPs). And for good reason.

From IT support to finance management, MSPs provide essential services to large customer bases. But to deliver them, they need privileged access to internal systems and sensitive data. As such, successfully breaching an MSP can give cybercriminals access to huge amounts of information from multiple businesses.

To help you stay one step ahead, we’ve listed five of the most common MSP cybersecurity threats – along with some simple tips to defend against them. 

The 5 most common MSP cybersecurity threats

1. Phishing

Phishing is a form of social engineering attack that tricks people into handing over sensitive information or downloading malicious software. Typically, by impersonating a trusted individual or organisation, or by creating panic.

Cybercriminals often use email to initiate phishing attacks. How many times have you seen messages like this appear in your inbox?

“Hi Jane, this is Bob. We need to send an urgent payment to a new supplier, but I’m in a meeting for the rest of the day. Can you organise it on my behalf, please? It needs to go out immediately. Please see the details attached.”

Generative AI has made phishing attacks harder to spot and more dangerous. For example, advanced AI can clone the voice of trusted contacts.

Quick tips to defend against phishing

  • Check the sender’s name and address: does it look legitimate?
  • Read emails carefully: are there any obvious typos or grammatical mistakes? Does the tone sound strange?
  • Report suspicious emails: not sure if an email’s legitimate? Forward it to the National Cyber Security Centre.
  • Install antivirus software: some programs can spot malicious links or and potential phishing sites. 
  • Train staff: run regular training sessions to help employees spot the tell-tale signs of a phishing attack, and teach them what to do in the event of a breach.
Want to know more about the threats facing MSPs? Check out our MSP Survey 2024.

2. Malware and Ransomware

A combination of “malicious software”, cybercriminals use malware to attack business-critical systems, disrupt operations, and steal sensitive data. It comes in various forms, the most common being:

  • Ransomware
  • Spyware
  • Adware
  • Trojan horses
  • Worms

Cybercriminals have even begun to lease malicious software. Known as malware-as-a-service, this model allows people with minimal coding skills to launch full-blown cyber-attacks.

Small and medium-sized businesses (SMBs) are particularly vulnerable to malware. Few have the knowledge or skills to handle a targeted attack, which explains why 57% of industry leaders see it as the biggest MSP cybersecurity threat.

Quick tips to defend against malware and ransomware

  • Only use secure networks: avoid public or unsecured networks when using work devices.
  • Backup data regularly: create separate copies of important files so you can quickly restore lost data in the event of a breach.
  • Install anti-malware: this monitors your systems to identify and sometimes remove malicious software.
  • Invest in a ransomware recovery toolkit: these contain business continuity and disaster recovery plans, helping you respond constructively to breaches.

3. IT vulnerability exploits

Unlike the other MSP cybersecurity threats on this list, IT vulnerability exploits describe a tactic or method – rather than a specific type of threat.

IT vulnerability exploits don’t rely on victims to click on malicious links or download compromised software. Instead, they deliberately target weaknesses in your software, systems, or processes, often using exploit kits.

Common vulnerabilities include:

  • Misconfigured programs
  • Unpatched software
  • Weak passwords
  • Bugs

Quick tips to defend against IT vulnerability exploits

  • Patch your software: install updates as soon as they become available to nip vulnerabilities in the bud.
  • Install vulnerability scanning software: scan your systems periodically to identify and address potential issues.
  • Run penetration tests: simulate cyber-attacks to pinpoint weaknesses and see how your systems stand up to threats.
  • Follow cybersecurity best practices: create clear processes and policies to minimise vulnerabilities that stem from human error, such as duplicated passwords.

4. Insider threats

As the name suggests, insider threats originate from within your business. They fall into two broad categories: accidental and malicious.

  1. Accidental: caused by someone unintentionally exposing your systems to cyber threats. For example, by clicking on a malicious link, visiting a compromised website, or leaving an unprotected device in a public place.
  2. Malicious: caused by someone deliberately abusing their access rights to steal data or damage your systems. Malicious insider threats often stem from disgruntled employees, contractors, or partners.

This MSP cybersecurity threat has become more common in recent years. 38% of UK SMEs attribute this to the cost-of-living crisis, and it stands to reason. Financial pressures force many businesses to reduce headcount, while some employees may need to find other revenue streams to make ends meet.

Quick tips to defend against insider threats

  • Set strict access controls: only give administrative rights and account access when employees need it to do their jobs.
  • Embrace multi-factor authentication (MFA): enforce MFA on business-critical systems and accounts to provide extra protection.
  • Look out for suspicious activity: monitor systems for common insider threat indicators, such as unusual login behaviour or privilege escalation.
  • Enforce strong security policies: ensure a consistent approach to cybersecurity across your business, with clear guidelines governing things like password etiquette and access privileges.

5. Supply chain attacks

Supply chain attacks are an indirect MSP cybersecurity threat. They work by exploiting weaknesses in third-party software, hardware, or services to bypass your defences and give cybercriminals access to your systems.

Because they originate through legitimate suppliers, supply chain attacks are difficult to spot. For example, it took months for cybersecurity professionals to discover the root cause of 2019’s infamous SolarWinds attack.

Alarmingly, only 26% of MSPs see supply chain attacks as a threat – suggesting a lack of awareness among industry leaders.

Quick tips to defend against supply chain attacks

  • Enforce strong cybersecurity measures: before worrying about your suppliers, ensure your cybersecurity is up to scratch.
  • Speak to your suppliers: start an open dialogue with channel partners to discuss cybersecurity challenges and best practices.
  • Conduct cybersecurity risk assessments: evaluate current and new suppliers to ensure their cybersecurity meets minimum requirements. 
  • Follow NCSC supply chain security guidance: this lists the five basic steps to secure your supply chain. 

No threat is insurmountable

MSP cybersecurity threats come in many forms. The good news is that most are relatively unsophisticated. Adopting simple and affordable security measures can go a long way in securing your business. Not sure where to start? Consider a cybersecurity certification, like the government-backed Cyber Essentials scheme. Built around five security controls, it provides impartial guidance to help you improve your cyber hygiene.

Although MSPs are increasingly under threat, the current landscape also offers new opportunities. Read our latest report to find out more.

Press release: MSP market is pivoting towards providing cybersecurity solutions, new CyberSmart Research indicates 

MSP report

Increased focus on offering security as a service from the customers of Managed Service Providers, CyberSmart survey finds 

New research conducted by CyberSmart, a leading provider of SME security solutions indicates that Managed Service Providers, historically expected to manage IT infrastructure for their customers, are increasingly expected to protect this infrastructure too. 

The research, conducted by OnePoll in Spring 2024, polled 250 senior leaders at UK-based Managed Service Providers, found that 65% of MSP customers now expect their provider to manage either their cybersecurity infrastructure or both their cybersecurity and IT infrastructure. 

This interest in Managed Service Providers’ security capabilities has been noted by the MSPs surveyed in new business/RFP meetings, where 73% suggested either somewhat more (51%) or much more (22%). 

The expectation that MSPs should manage security as well as IT can be viewed as a response to the security capabilities which their customers have in-house: 37% of respondents indicated that only 20% or less of their customers have a specific cybersecurity role in-house, reflecting the need for MSPs to take ownership of cyber on behalf of their customer base 

What’s more, it has been reflected in strategic and structural changes taking place at MSPs. Respondents indicated they had made the following changes in the past 12 months: 

  • 33% had increased the associated budget for their security capabilities 
  • 28% have increased the associated budget for their regulatory capabilities 
  • 28% have made specialist cybersecurity hires
  • 14% have made specialist regulatory hires 

“This change in customer expectation and need reflects a sea-change in how Managed Service Providers need to operate,” said Jamie Akhtar, Co-Founder and CEO at CyberSmart. Managed Service Providers are a lifeline for many SMEs and the underappreciated backbone of much of our economy’s IT infrastructure as such. As IT and cybersecurity threats become increasingly intertwined, it makes sense that managed service providers would begin to offer more security services. However, as previous research has indicated, MSPs themselves are vulnerable to cyberattacks. It’s important that they – and the wider security industry – do all that they can to empower MSPs to provide the security services they are now expected to with absolute confidence.” 

Is your MSP ready for cyber threats?

With 87% of MSPs experiencing breaches, understanding the current cybersecurity challenges is crucial. Access the CyberSmart MSP Survey 2024 to equip your organisation with the knowledge to stay ahead.

Press release: Cyber Confidence at MSPs high, despite falling victim to data breaches

MSP report

CyberSmart research reveals high levels of cyber confidence in MSPs, despite 87% experiencing a breach in the past 12 months.

London, UK – July 10th 2024 – New research conducted by CyberSmart, a leading provider of SME security solutions indicates that nearly all MSPS report high rates of cyber confidence across their organisations, despite the vast majority having experienced at least one data breach in the past 12 months.

The research, conducted by OnePoll in Spring 2024, polled 250 senior leaders at UK-based Managed Service Providers, found that an overwhelming majority of MSPs – 87% – had experienced at least one data breach in the past 12 months, with 16% indicating they had experienced more than 5 incidents in the same timeframe.



This track record on cybersecurity stands in contrast to the associated cyber confidence that the surveyed MSPs reported. Almost all – 97% – of the MSPs surveyed suggested that their organisation had either a ‘fair’ amount of cyber confidence or a ‘great deal’ of cyber confidence.

Another interesting aspect of the results is that this confidence appears to be projected onto MSP customers too, with respondents reporting that they believed 85% of their customers had either a fair or a great deal of cyber confidence.

What are the top threats to MSPs?

Both the customers and providers identified ransomware and malware infection as the top concern, at 55% and 57% respectively. For MSPs, inflation and spiralling costs came in second (43%) and for customers, exploitation of unpatched or undisclosed vulnerabilities was the second most concerning threat (44%).

“The associated confidence noted by MSPs is heartening but needs to reflect the reality on the ground for MSPs, and their own perception of their security posture is concerning and highlights the need for the cybersecurity to step up and work closer with Managed Service Providers,” said Jamie Akhtar, Co-Founder and CEO at CyberSmart.

“MSPs, due to the levels of privileged access they will have into multiple companies, make for an appealing target for cybercriminals. This, coupled with the fact they are responsible for the IT infrastructure of companies without IT or security resources, means it is paramount that security providers work closer with them to protect the £ 5.5 million SMEs who in many cases turn to MSPs to keep them safe. Failure to do this could be existential for many of their customers.”

MSPs suggested that a focus on cybersecurity training, IT policies and fostering a more security-conscious culture would help them to achieve complete cyber confidence.

Discover the latest cybersecurity insights for MSPs

Uncover the critical findings from the CyberSmart MSP Survey 2024. Learn how managed service providers are navigating the evolving cybersecurity landscape and what it means for your business.

Why you could be eligible for free Cyber Essentials certification

funded Cyber Essentials certification

Do you run a small charity or legal aid firm? If so, you could be eligible for funded Cyber Essentials certification to help you put basic cybersecurity measures in place. Here’s everything you need to know.

What is the funded Cyber Essentials scheme? 

Small charities and legal aid firms protect and serve some of the most vulnerable in our society. However, unfortunately, they’re also a key target for cybercriminals. The NCSC’s Cyber Breaches Survey 2022 revealed that 30% of UK charities identified a breach in the last 12 months.

The reason for this is simple. Charities and legal aid firms process large volumes of highly sensitive data but often have relatively weak defences – making them an ideal target for cybercriminals.

To counter this, the National Cyber Security Centre and IASME have launched the new Funded Cyber Essentials Programme. This offers small organisations in high-risk sectors free, practical support to help put basic cybersecurity controls in place and achieve Cyber Essentials certification. 

How does the scheme work? 

Qualifying organisations will receive up to 20 hours of remote support with a Cyber Essentials Assessor – all at no cost. Our assessors will spend this time helping you identify and implement the improvements needed to meet the 5 technical controls of Cyber Essentials. We’ll follow this up with an assessment to ensure everything is in place. 

With our guidance, you’ll be ready to take the Cyber Essentials and Cyber Essentials Plus certifications. If it’s not possible for you to complete Cyber Essentials Plus after 20 hours of support, we’ll give you clear directions on how to become assessment ready. 

Is the certification free? 

Yes. IASME has agreed to fund both Cyber Essentials and Cyber Essentials Plus certification for successful applicants to the scheme.

Who is eligible for the scheme? 

To qualify for this scheme, your organisation must be:

  • A micro or small business (1 to 49 employees) that offers legal aid services
  • A micro or small charity (1 to 49 employees) that processes personal data

No previous cybersecurity experience or certification is required. Even if you’re completely new to cybersecurity, we’ll guide you through the process.

How long is the scheme running for? 

The scheme runs until the end of March 2023. However, it’s worth noting that IASME is offering a limited number of funded packages. So it’s worth getting your application in as soon as possible. 

What is Cyber Essentials?

The Cyber Essentials scheme is a UK-government-backed cybersecurity certification that outlines the security procedures a company should have in place to secure its data. Cyber Essentials is highly recommended for SMEs because this certification protects you against 98.5% of the most common cyber threats.

Cyber Essentials Plus includes all of the same technical controls but with one major difference. Whereas Cyber Essentials is a self-assessed certification, Cyber Essentials Plus includes a technical audit of your systems. This next step gives you 

complete peace of mind your cybersecurity is up to scratch. And, your clients and partners don’t have to take your word for it that you’re cyber secure – they can rely on the expertise of a professional.

Can I apply to the scheme through CyberSmart? 

Yes. As the UK’s leading provider of cybersecurity certifications, we’re proud to be taking part in this scheme. 

To apply for the scheme, head to IASME’s Funded Cyber Essentials page and fill in the form at the bottom of the page. If you’re successful in your application, IASME will pass you over to us (or another certification body) to complete the certification process.

Alternatively, if you’re one of our partners or MSPs and want to refer a customer for the scheme, get in touch. We can apply on your client’s behalf and ensure the support and certification is carried out by CyberSmart.

Want to know more about cybersecurity certifications? Check out our in-depth guide to cybersecurity certifications in the UK.

Why managed service providers (MSPs) are a target for cybercriminals

According to security services from the ‘five eyes’ countries – Britain, the US, New Zealand, Australia and Canada – Managed Service Providers (MSPs) are increasingly at risk of cyberattacks. But why? What makes MSPs such an enticing target for the bad guys? And, more importantly, what can MSPs do to protect themselves and their customers? 

Why are MSPs being targeted? 

Upon first hearing, it might sound odd that cybercriminals are targeting, and often successfully attacking, MSPs. We think of MSPs as IT and cybersecurity experts with good defences, so surely there are more tempting targets?

Unfortunately, this is only partially accurate. Although it’s true that many MSPs do have pretty robust cyber defences, there’s another reason they get cybercriminals champing at the bit.

MSPs are so attractive to hackers because they can typically remotely access clients’ networks and IT environments. And, that’s before we mention how much data the average MSP has access to – everything from financial information to breakdowns of customers’ security. 

In short, MSPs are being targeted for the same reason as supply chains. Successfully breaching an MSP means cybercriminals gain access to much more than the initial target. It could lead to ‘follow-on’ activity across the MSP’s whole customer base.

In other words, it’s a huge win for the bad guys. And cybercriminals are very obviously aware of that fact. According to new research by N-able, 90% of MSPs suffered a successful attack in the last 18 months. The study also found that the number of attacks prevented by MSPs almost doubled during the same period.

What are the consequences of a breach?

The impact of a successful attack on an MSP can be severe. The best way to think about it is to split the consequences into two categories – direct and indirect. Let’s deal with direct first.

Perhaps the most obvious impact of a breach is the disruption it could cause an MSP. Your business could be hit with a lengthy clean-up operation, systems downtime, and a big dent in staff morale. What’s more, depending on the kind of attack, there may be a financial aspect to the disruption.

A ransomware attack could lead to your business having to make a hefty payout. Meanwhile, a serious malware attack, with a long period of systems outage, could lead to you haemorrhaging revenue.

Likewise, the reputational damage to any MSP successfully breached could be grave. Most MSPs pride themselves on their strong security and market themselves thus to customers. So the news of an attack could seriously weaken customer trust, leading to a PR nightmare and potential loss of revenue.

We’ve dealt with the direct consequences, let’s move on to indirect. As we mentioned earlier, the major reason why cybercriminals are targeting MSPs is due to their customer base. And it’s your customers who could be the most affected by an attack.

A real-world example of this is the REvil ransomware attack on Kaseya, the MSP software provider. The breach spread to dozens of MSPs and over 1,500 of their customers, illustrating just how fast an attack could get out of control.

What can MSPs do to protect themselves and their customers? 

We’ve painted a pretty terrifying portrait so far. However, just because the consequences can be dire, it doesn’t mean there aren’t things you can do to protect your business and customers. Here are a few of the most important.

Set up multi-factor authentication (MFA)

MFA is an authentication method that requires you to provide two or more verification methods to sign into an application. Instead of just asking for your username and password, MFA adds some extras, like a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information known only to the user. 

MFA is also a sure-fire way to protect your business against cyberattacks. Passwords alone are vulnerable to data leaks and brute-force attacks. MFA, on the other hand, is very tricky for even the most sophisticated hackers to crack. 

Back up your systems and data

Backing up your systems and data can provide you with a vital failsafe after an attack. In some cases, it can even help you avoid having to pay a ransom. And, when it comes to what to back up, use this simple rule of thumb: ‘anything you don’t want to lose, back up’.

For more on how to do it, read this.

Segregate networks 

Both you and your customers should segment networks and systems as much as possible. What do we mean by segment? Well, one example is to never use admin credentials across multiple customers or systems.

Another is to ensure that no one has access or privileges beyond what they need to do their job. That might sound harsh but, in the event of an attack, it’ll allow you to isolate affected systems, customers, or accounts.

Train staff

At CyberSmart, we’re constantly pushing the importance of training. After all, if your staff don’t know which security behaviours are harmful or don’t know the warning signs of an attack, they’ll struggle to protect themselves or your business.

Training can fix this. And it’s probably the single most important thing you can do as a business. Find out more, here

Develop incident response plans

A successful attack on your business isn’t inevitable. Nevertheless, statistically, it is likely. So you need a coherent, easy-to-action response plan, in case the worst does happen.

You’ll also need to encourage or help your customers to develop their own. Currently, just 4% of MSPs report that all their clients have an incident response plan. And, this means thousands of weak links across the IT sector. 

Regularly patch software

Patching or updating any software you use, so that it doesn’t have easily exploited weak points, is incredibly simple but very important. Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. Applying patches released by the software provider can fix this.

Think of it as being like fixing a puncture. You apply the patch so no air can leak out. Updating your software effectively does the same thing, giving you air-tight cybersecurity. 

The best part? It won’t take you anywhere near as long as fixing a puncture, just a couple of minutes each month. 

Map your supply chain risks

Last of all, understand your supply chain risks. Assuming you’ve locked down your own cybersecurity, identify who among your customers or suppliers could pose a risk. Alongside this, talk to your customers and partners about their cybersecurity. The best defence against threats is a unified approach and common strategy.

To find out more about the threats facing businesses, read our guide, The State of UK SME Cybersecurity. It’s full of useful insights on the risks small businesses face and what can be done to counter them. Get your copy here.

State of SME cybersecurity

CyberSmart forges new channel partnerships to reach SMEs

We are delighted to announce two exciting new partnerships this week at CyberSmart. The first with Ingram Micro Cloud, part of one of the world’s leading channel distributors (IMUK), and the second with Synaxon UK, one of Europe’s largest channel buying groups.

Through these partnerships, we are extending our reach to allow us to help many more SMEs who are struggling to balance the demands of their business with the risks of cyber security.

“The team at CyberSmart is thrilled to be teaming up with new partners to do what we do best, and that is to defend the underdogs,” says Hugh Furness, CyberSmart’s Head of Channel Strategy.

“SMEs are often neglected in cybersecurity. With a lack of resources and expertise, they are an easy target for bad actors. With the help of these partners’ help, we hope to extend our reach and foster a strong security culture across the channel.”

The streamlined CyberSmart service makes it easy for any business to achieve the UK government-backed security certifications including Cyber Essentials, Cyber Essentials Plus, and IASME-GDPR. And the prevention of cyber attack doesn’t stop at certification. A compliance software ensures every device, personal or professional, used by a business is always secure.

Timing is everything

Cyber security is more important than ever. As the UK begins to reopen and offices welcome staff back, many businesses have emerged from the crisis into a hybrid world. The mix of remote and office working adopted by many organisations brings with it new security risks.

A recent report from VMWare reveals that 91% of organisations have seen an increase in cyber attacks as a result of employees working from home. Online protection has become more important than ever before, but many businesses, especially smaller ones, still find the idea of it daunting.

“Cybersecurity is a huge issue and the importance of achieving Cyber Essentials certification and demonstrating that you are ready to protect your organisation, employees, and data, has never been greater,” echoes Mike Barron, Managing Director of Synaxon UK. “Our partnership with CyberSmart has come at exactly the right time. With more companies now operating virtually and most employees working at home, that’s becoming crucial. We’ve received an immediate and extremely positive response from Synaxon UK members who are using CyberSmart to get certified themselves and encouraging their customers to follow their lead.”

“Adding to our Cyber Security portfolio, CyberSmart aligns perfectly with our desire to create a unique environment in which our partners get the best in-house solutions, services and support,” concurs Colin McGregor, General Manager – Cyber Security, Ingram Micro UK, “We’re excited to show our partners just how we can facilitate their cyber needs, with CyberSmart no doubt contributing to this success.”

The CyberSmart team believes that every organisation should be able to easily comply with recognised standards to protect their data and infrastructure. Synaxon and IMUK will help us deliver that ability to many more businesses.

About our new partners

Ingram Micro Cloud (IMC), a division of Ingram Micro UK Ltd, was established in 2014 to help its partners realise their share of the cloud market opportunity. Ingram Micro Cloud is a master cloud service provider (mCSP), offers channel partners and enterprises access to the leading global Cloud commerce platform, expertise, solutions and enabling programmes that empower organisations to realise their potential in the digital economy. Ingram Micro Cloud is the leading Cloud aggregator in the UK and a software company that is the powering engine for the channel.

Synaxon UK was launched in the UK in 2008 and has since become firmly established as the market-leading channel services group. Synaxon is much more than a dealer buying group. It’s a thriving, dynamic and forward-thinking community that works to advance the development and growth of its members. Synaxon offer a wide range of services as well as personalised account management and business development support to help MSPs, resellers, retailers, and office products dealers thrive.

A note from our CEO, Jamie Akhtar, on Covid-19 and business continuity

COVID-19

As the Covid-19 virus outbreak continues to escalate across the planet, I would like to update you on how the situation is being addressed at CyberSmart

First and foremost, our thoughts are with all who have been affected by coronavirus, especially the ones who have contracted the virus and to their families that support them. Our team wishes you a speedy recovery.

Our team, customers and partners

The safety of our employees, their families, and our partners and our clients, is our greatest priority. That is why we have transitioned the business to fully remote operations, effective as of Monday 16th March. 

Remote working is a practice that has been tried, tested and encouraged since the beginning of our business – we are “remote by design”. With team members across the globe, the ability to work remotely has always been an integral part of our business continuity strategy, and we are grateful for that now. This experience allows us to continue delivering our services to the highest standard, and uninterrupted, even in unprecedented times like these. 

We will be releasing these very practices we follow, alongside tips from our team, on our new dedicated small business resilience page .

We hope this information helps our customers, partners and any other members of the business community to take on remote working safely and productively.

Business as usual

CyberSmart’s daily operations are carrying on unaffected and we foresee no impact on our operations. With information security at the core of what we do, our team is particularly well-prepared to maintain business as usual, and continue to serve our customers with the highest quality of service.

Because of our remote capabilities, we are now delivering all certification fully remotely. This includes Cyber Essentials Plus which is normally conducted by an in-person auditor. However, our team of assessors is able to use the CyberSmart app to remotely test all devices who have it installed and help you achieve certification. Remote audits can be conducted regardless of if your team is in the office or working at home. We support both company provided and users own devices (BYOD) so all situations are catered for. As always, we commit to rapid turnarounds – we will get you certified in as little as 24 hours for Cyber Essentials and 7 days for Cyber Essentials Plus. 

Be aware of your security

I’d like to urge our customers and the public about the importance of cybersecurity to businesses right now as we are seeing an increase in opportunistic people using these ambiguous times to make gains for themselves through phishing and cyber breaches. 

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

CyberSmart is here to help

These are unprecedented, challenging times and I believe we will only make it through by bringing the business community together and supporting each other. As we become more socially distant, it is more important than ever that we stay connected. 

Please feel free to reach out to me and our team on hello@cybersmart.co.uk if there’s anything you think we can support with.

Stay positive, stay healthy and remember – together we are stronger.

Jamie Akhtar

CTA button

Small businesses at risk of multimillion pound fines for breaking GDPR rules

A new survey has revealed many small business owners are still clueless about GDPR. The results suggest small businesses could be in breach of GDPR without even realising it, as half of the participants appeared confused when answering questions surrounding data protection and privacy regulations.

A worrying 4/10 didn’t know that losing paperwork could be a data breach, or that emailing or faxing personal details could potentially be breaching data regulations also.

Are you being extra careful when sending that email?

Scarily, 45% of businesses did not know that the ICO (Information Commissioner’s Office) needed to be informed when data was breached and individuals’ rights were affected. It also showed they were unaware and failing to ensure confidential paperwork such as signing in and visitor’s books were kept in a protected environment.

It’s essential as a business owner you stay well informed and aware of GDPR and data protection to ensure you continue to create trust in your employees and consumers. By staying up to date with the changing data laws, you will show that you are consistent in protecting personal and private information.

Breaking GDPR is easily done within a business – it’s as simple as storing files with personal data outside of a defined structure. Many SMEs are digitally renovating their businesses with more intricate technology, however, this essential move is increasing their exposure and vulnerability for cyber-attacks.

The fact that new threats are constantly evolving and developing – and 43% of cyber-attacks are aimed at SMEs – highlights the lack of knowledge surrounding GDPR. Small businesses now need to look at investing more time in digital security. This will not only prevent any future attacks but show that you are being proactive with your digital approach.

What can you do?

By maintaining your security and safeguarding your business, you are able to protect your organisation long term. Utilising Cyber Essentials, Cyber Essentials Plus and IASME GDPR Readiness certifications, which are compliant with the Data Protection Act (2012), you can ensure that you are prioritising your business and data while giving your employees and consumers that added assurance.

Safeguarding your data should be your priority. Considering crisis incidents such as extortion, cyber attacks, and industrial espionage are just a click away, it is critical that SMEs assess their ability to survive a cyberattack, and there are steps to take to prevent and manage this if the worst were to happen.

How confident are you that your business is fully compliant?

Data privay toolbox

Proactive IT Security Compliance vs Reactive cybersecurity firefighting

Proactive IT Security Compliance vs Reactive cybersecurity

When it comes to cybersecurity, MSSPs traditionally provide two standard services: proactive or reactive. Some businesses prefer the reactive approach and require a fix for security issues only when they arise. For other businesses, horizon scanning and taking a more proactive approach fits their risk appetite and lets them stay one step ahead.

Being an MSSP, you have a responsibility to guide clients to the best approach for their business and one that matches their risk appetite. In this blog post, we look at the reasons why proactive compliance is better for businesses than a reactive approach when assessing cybersecurity firefighting.

The Reactive vs. Proactive Approach

A reactive approach towards security embraces the philosophy of wait until the security perimeter is breached then acting to fix it. An MSSP is typically responsible for cleaning up the mess after the security incident using this approach; one that might work with other services, but with cybersecurity, may have business crippling impacts.

Once a security incident has occurred, the damage has already been done. The loss of data and extended downtime of any systems has already caused financial, reputational or other losses to the client. Add on the cost in time and effort to ‘fix’ and the potential impacts, coupled with the loss of productivity or revenue do not make happy reading.

A proactive approach, on the other hand, is about anticipatory prevention measures and rapid notification that drives responsiveness. In this approach, the MSSP is responsible for assisting the client address the potential security risks before they can become problems. 

Cyber attacks do not sleep, and the proactive approach to cybersecurity defensive measures is the best approach to leave little to no room for attackers to exploit the system. The earlier a problem area or attack vector is identified, the easier it is to fix or to close the door to a potential breach. A proactive approach is a great way to ensure clients’ infrastructure is protected 24/7. It requires continuous engagement with clients and involves the design and deployment of preemptive strategies, tools and techniques with an awareness of threat intelligence to prevent security issues from becoming a concern.   

Drawbacks of Reactive Cybersecurity

The reactive approach may save cost for clients initially, but in the long run, it increases the risks of:  

  • Increased costs. Once a breach has occurred, the financial impacts can be severe. GDPR data-breach fines are not insignificant to any business and the reputational damage costs could be even higher. For SMEs, these costs could be the difference between staying in business or having to close. And that is bad for the client and bad for the MSSP.
  • Inappropriate damage control tools. The reactive firefighting approach is not about protecting businesses for the future. Instead, it is about running a damage control campaign to counter the effects of an ongoing security incident. There is no clear direction to take and often no clear security baseline to revert to rapidly to regain business control. When the breach occurs, the business may well blame the MSSP for not taking care of security more adequately.
  • No clear resolution method. Unlike compliance, you never know what to expect with a reactive call from a client. The best method to resolve the issue may well vary according to the type of incident, the extent of the damage, and the size of the business. This makes it difficult to position pre-defined expertise or resources necessary to deliver reactive services. This uncertainty adds cost to the MSSPs business model that can be difficult, to pass through to clients.

Proactive Cybersecurity Compliance

A proactive compliance approach has a number of benefits for MSSPs:

  • Reduced costs and recurring revenue. A data breach or ransomware attack can lead to substantial losses for a business. The financial losses may include damaged infrastructure, lost data, fines imposed by regulatory bodies, reputational damage and the cost of lost productivity. The risk of realising these costs can be mitigated through a proactive compliance approach. For MSSPs, the benefit is in offering clients a subscription-based compliance model. Since compliance is an ongoing process, your business can focus on building a recurring revenue stream based on a predictable financial model.
  • A well-defined approach. Compliance can be achieved through well-defined processes such as the one used by CyberSmart. A proactive compliance service can be effectively planned and priced by MSSPs. As a preemptive approach, you know exactly the resources and personnel will need to dedicate to each client.
  • Avoid disruptions and build credibility. The ultimate goal of compliance is to prevent risks to clients that could disrupt their business. Offering proactive services to clients delivers ongoing protection against cyberattacks and offers longer-term client relationships built on trust.

Conclusion

Cyberattacks are evolving, the targets change frequently and the risks and threats are not going to go away if we pretend they do not exist. For businesses, they should not sit back and wait to be breached but they should be encouraged to keep on the front foot and lower their risks. 

MSSPs focusing on selling compliance that delivers lowered risk of cyber attack is a great opportunity in the ever-expanding, digitally connected marketplace. Being proactive has great commercial benefits for them and their clients. It can build recurring revenue streams and a sustainable reputation for the MSSPs. For businesses, the benefits or a reduced risk profile are clear.

CyberSmart Active Protect provides everything your clients need to protect their businesses around the clock.  If you would like to learn more about how we can help you sell proactive security, feel free to reach out to us.

How Cyber Essentials standards added 20% to an MSP’s the bottom line

Compliance standards are highly effective when providing security services as an MSP. Here we share a specific case, where one of our partners has managed to positively impact their bottom line, by providing Cyber Essentials certification suing the CyberSmart platform.

Golum IT, a London-based MSSP and security consultancy faced a big challenge: clearly demonstrate the value of their added services to their customers. Despite using the latest technologies, well trained sales people and account managers, the company found it difficult to showcase how much impact their work added to the cybersecurity of their clients. 

Introducing monthly reporting

As an initial step, the company began providing extensive reports to its customers on a monthly basis. These reports contained an extreme level of detail about threats faced and preventive measures deployed. To Golum IT’s surprise, even the deepest of insights on the effectiveness of measures deployed, struggled to nudge the scepticism of their client base.

Ultimately it was identified that, besides skim reading over the executive summary, these reports remained largely unread; the problem wasn’t the level of reporting, but simply the complexity and sheer volume of information provided.

Introducing external benchmarks

In order to maintain a high level of transparency, whilst simplifying reporting, Golum IT decided to introduce external standards to measure the effectiveness of their work. Although basic on the surface, the Cyber Essentials standard, with its 5 control areas, provided “headings” for every measure in place. In other words, instead of reading through X amount of pages of reporting, customers now receive a 1 page report, outlining the alignment of the company’s security posture to Cyber Essentials and what can be done to improve. 

Results

Initially there was concern that Cyber Essentials was perceived as too basic to be used as a benchmark. In reality however, the brevity and clarity of reporting was more important than the need for in-depth knowledge. Of course, in some instances customers have additional questions, however they are very specific and based on reports produced. 

By introducing these reports based on the CyberSmart platform, customers  clearly saw and understood the value of its implementation, leading to more deployment and sign-ups of CyberSmart.