Pretty much all the headaches at MSPs stem from cybersecurity

More cybercrime means more problems as understaffed teams stretched to the limit

Managed Service Partners (MSPs) say cybersecurity dwarfs all other main concerns about staying competitive in today's market.

Adding to the already notoriously strained existence of an MSP is work that even folk in the infosec industry struggle to keep up with, and leaves those looking after client systems and IT struggling to juggle it all.

Adversaries don't break into organizations – they log in...

The findings were among security shop Sophos' latest survey of MSPs across the US, UK, Australia, and Germany – although the majority of responses came from the US.

The top three challenges reported by MSPs on the whole were all related to cybersecurity, illustrating the importance placed on it by customers:

  1. Staying on top of security technologies

  2. Employing additional security analysts to meet the pace of customer growth

  3. Maintaining awareness of the latest threats

Keeping up-to-date with the latest technologies and solutions was also the most commonly reported answer when MSPs were asked about the single biggest challenge their business faces.

"Given the speed of innovation in this space, it is unsurprising that many MSPs are struggling to keep up," the report reads. 

"As threats evolve, so do the cyber controls that stop them. Existing technologies gain new capabilities while brand-new products are regularly released to the market. Keeping on top of all these developments is both difficult and time-consuming."

When asked about the biggest risks to their own businesses and their clients, many cited a shortage in security skills. Sophos' survey revealed that the single biggest perceived risk to both MSPs and their customers is a dearth of in-house security talent.

We won't misquote that myth that there are four million unfilled infosec jobs out there, or however many it's supposed to be now (the figure actually refers to how many qualified infoseccers there should be to meet the global demand for cyber services). However, the latest figures illustrate that the problem isn't improving, and hasn't for many years, as security becomes even more important for organizations while there just aren't the skills out there to satisfy the need.

For MSPs that offer managed detection and response (MDR) services and have an in-house security operations center (SOC), the average number of analysts staffing that SOC is 15, but there is a large variation between organizations that is largely dependent on the MSP's size. 

Guess who's up 2am local time? Yep, an attacker working in a different time zone

Smaller MSPs will naturally have far fewer analysts, and delivering a robust 24/7 service, which is fairly essential given attackers' habits of timing their operations during antisocial hours, becomes nigh-on impossible. 

In addition to the staffing issue, MSPs admit that having legitimate credentials stolen and bought by cybercriminals presents an equally severe danger to themselves and their clients.

"Adversaries don't break into organizations – they log in," Sophos said. "Using stolen access data and credentials, often purchased on the dark web from an initial access broker (IAB), they impersonate legitimate employees to penetrate their target."

The vendor's data indicates that nearly a third of all ransomware attacks (29 percent) last year began as a result of miscreants acquiring login credentials, allowing them to gain an initial foothold in the victim's environment. 

Sophos' observation is the same across the board. Both IBM and CrowdStrike released reports earlier this year showing a huge increase in cybercrims using valid credentials to launch attacks. 

IBM said it noticed a 71 percent year-on-year increase, representing 30 percent of all incidents it was called in to investigate. That makes it as dangerous as phishing, which also comprised 30 percent of all initial access vectors, according to its figures.

Phishing is and has been for some time considered to be the most common way attackers launch attacks, preying on human error. However, this tried and tested method was down 44 percent last year, IBM said earlier this year, thanks to, in part, the rise of credential abuse.

Sophos says that choosing partners that offer a wide variety of fully featured tools and services, and choosing a managed detection and response (MDR) partner that can alleviate that talent shortage, could go a long way in helping MSPs – especially the smaller ones – keep up with customers' growing demands for infosec expertise. ®

More about


Send us news

Other stories you might like