A Surge of Attacks on MSPs is a Symptom of Surging Supply Chain Risk

September 01, 2022

Supply chain risk has been a growing problem for organizations in every sector with no end in sight, and it’s become a top concern for CISOs as they try to manage their organizations’ constantly evolving risk. Many of the nastiest and most disruptive cyberattacks that have made news in the past year have been attacks that target key linchpins in the service and supply chain, especially in the technology sector. IBM warned back in January that supply chain cyberattacks would be a major concern for businesses in 2022, and that prediction has been borne out by the increasing tide of attacks on service providers, manufacturers and critical infrastructure, including MSPs.


See 10 reasons why Graphus is better than other email security solutions. SEE THE LIST>>


Cybercriminals love going after MSPs


A host of factors have gone into creating this turbulent landscape for suppliers and their customers. Many cybercriminals are being strategic instead of opportunistic, especially in the case of high-end ransomware groups. They’re choosing targets that can give them big rewards, like stores of valuable data or entry to other businesses through back doors. Plus, many service providers and suppliers are in critical infrastructure sectors and cannot afford downtime, making them more likely to pay a ransom.  

MSPs have not escaped the cybercriminal grasp. MSSP Report noted that an estimated 90% of MSPs said in a survey that they’ve suffered a successful cyberattack in the last 18 months. Those attacks have brought a number of complications in their wake that keeps the pain coming for affected MSPs. More than 50% of MSPs say that they suffered significant financial loss and business disruption after a cyberattack. The rising tide of attacks on MSPs is also driving them to spend more on security at a time when economic challenges mean that every penny counts. Four out of five MSPs in a recent survey said that they’re increasing their security budgets to contend with elevated risk.  


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


Officials have raised the alarm about MSP cyberattack danger


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the U.S. Federal Bureau of Investigation (FBI) and the U.S. National Security Agency (NSA) the U.K.’s National Cyber Security Centre (NCSC-UK), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NZ NCSC), released an advisory earlier this year detailing the danger that they see for MSPs. It goes on to say that those agencies expect state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.   

This alert retreaded some ground from previously issued general guidance for MSPs and their customers. However, that guidance was important enough that it bears repeating. Specifically, officials urge “transparent, well-informed discussions” between MSPs and their customers that center on securing sensitive information and data. By revisiting security plans, including a re-evaluation of security processes and contractual commitments in order to accommodate customer risk tolerance, officials are hoping to foster a shared commitment to security between MSPs and their clients that will reduce supply chain risk for everyone.  


The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>


Business leaders are worried about supply chain risk


Many IT professionals who spearhead security efforts in enterprises are concerned about the rising tide of risk coming into their organizations through their business partnerships. Software supply chain worries are mounting and they’re staying at the forefront of CISO’s minds. More than 80% of CISOs believe that their software supply chains are vulnerable. They’re generally on target with that worry because businesses have been getting clobbered through the software supply chain. Three out of five businesses have been targeted in a software supply chain attack. CISOs also have significant concerns about vulnerabilities and risk exposure from business relationships. About 44% of the executives surveyed fear that their growing use of partners and suppliers exposes their organizations to major security risks. All in all, 54% of respondents pegged supply chain risk as a top area of focus for security anxiety. 

Attacks on MSPs can bring cybercriminals many benefits by offering them a wealth of tools, options and opportunities that they can exploit for further gain. MSPs tend to store and handle valuable information, including customer data and information about operational technology (OT). Attacks on MSPs also offer the bad guys chances to obtain access to the MSPs customers’ environments, allowing them to quickly penetrate security at another company that they’ve been trying to go after. A successful attack at an MSP can even offer cybercriminals the advantage that they need to plant a backdoor in that MSPs client’s environment, enabling the bad guys to return at their leisure for further dirty work.   


Learn how to add to your security team without adding to your headcount. FREE EBOOK>>


It’s critical that MSPs remain well-defended against phishing


One of the key recommendations that CISA makes for MSPs to stay out of trouble is a strong defense against phishing. It’s just as much of a gateway to disaster for an MSP as it is for any other business. An estimated 80% of reported security incidents are phishing related. With MSPs ranking high as attractive targets for the bad guys, email security is a critical defensive pillar for them and for their clients. Any phishing-related cyberattack that slips into an MSPs environment could set off a chain of disastrous events for that MSP and their customers. That makes choosing the right security solution essential to ensuring an MSPs ongoing success. 

Graphus improves any organization’s data security immediately by catching of sophisticated phishing messages, preventing almost every incoming phishing message from reaching employees. Choose AI-powered, automated email security to quickly and efficiently protect your company from some of today’s nastiest phishing-related cyberattacks and you’ll enjoy the peace of mind that comes from knowing that you’re blocking sophisticated phishing messages from reaching employees.     

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.    
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.   
  • Put 3 layers of protection between employees and dangerous email messages.   
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.      

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus