In an increasingly complex and changing world, the externalization of services is becoming a constant. More and more companies and public agencies are turning to service providers to outsource their IT needs as it is a profitable and efficient option.

Not only does it mean savings in terms of space and full-time employees costs, but it also allows access (on demand) to technology and services complex to manage and maintain.

Managed Service Suppliers can be broken down into different categories. In today´s post we will focus on the following ones:

MSP: the acronym MSP stands for “Managed Service Providers”. A managed service provider is one that manages remotely, usually through monitoring, the IT infrastructure of customer. Among its responsibilities, we can find tasks as diverse as the configuration of a new network or the administration of the cloud infrastructure.

    • A subgroup of this type would be MSSPs (Managed Security Service Providers). MSSPs are responsible for the protection of customer IT environments: antivirus, firewall, perimeter security and all software / hardware related to the IT security of the company (either in-house in an on-premise environment orin a cloud environment). 

The problem

The main problem with service suppliers is their significant exposure. Cybercrime knows that these organizations are the key to hundreds of companies as they have direct and unrestricted access to customer networks.

Proof thereof is the increase in Ransomware and APT attacks on MSPs that we are seeing in recent months. Even the United States Department of Security issued an alert a few months ago about the increase in malicious cyber activity through APTs against service providers.

Why are cybercriminals shifting focus to Managed Service Providers?

As we saw in a previous post, the appeal of a supply chain attack is twofold:

  • They represent an open door to a large number of companies
  • The information they handle is usually very sensitive 

For any organization, suffering a security breach is harmful, but in the case of service providers, the effect is exponentially worse, to the point that it could mean the end of the provider.


Follow us on Twitter and LinkedIn to stay up on the latest updates!