When an IT provider alone might not be enough to tackle your cybersecurity issues

Managed service providers (MSPs) offer an invaluable service to small and medium businesses around the globe. Companies that outsource their IT to a provider with expertise in managing IT infrastructure and user access accounts benefit from highly skilled support at a fraction of the cost of hiring in-house.

However, many executives trust that outsourcing their IT to an MSP is enough to protect them from a security breach. While many MSPs do provide cybersecurity hardening, the average small to medium business was subject to a staggering 10,000 attempted attacks a day in 2021, and new research by cybersecurity consultants FoxTech suggests that companies who rely solely on an IT provider for their cyber security protection are leaving their systems vulnerable to attack.

Anthony Green, CTO and cyber crime expert at FoxTech, explains:

“We conducted an audit of hundreds of companies in global industries to find out which sectors are at the greatest risk of cyber attack. Worryingly, we found that the information technology and services sector, which includes MSPs, is at extreme risk of attack, with a cyber risk score of 82 (out of a possible 100) in the final quarter of 2021.”

FoxTech’s cyber risk score is calculated using publicly available information and an analysis of a wide range of cyber security indicators. It offers an immediate indicator of how high or low the risk of a potential cybersecurity breach is for a company. A score of 75 or more indicates extreme risk of cyber attack, while those below 25 are considered to be low risk.

MSPs are an attractive target for cyber criminals; a successful attack gives them access to not only the MSPs own data, but that of all their clients too – in a worst case scenario this can cripple the supply chain of hundreds of businesses.

Anthony describes further problems with relying solely on MSPs for cybersecurity:

“Not only are MSPs vulnerable to attack themselves, but security is only one aspect of their job. Cybersecurity is complex, and the threats change daily. This means that while they can secure your systems to an extent, inevitably some things will slip through the net, because they don’t have the time to scan for every vulnerability and stay on top of the ever-evolving risks. Essentially, cybersecurity and IT management need to be seen as different tasks, requiring different solutions.”

What does this mean for IT providers and the companies who use them?

MSPs provide an essential service, so it’s not practical for small to medium businesses to transition to in-house IT. Instead, both MSPs and their customers should look into outsourcing their cybersecurity to a specialist consultancy. Cybersecurity consultants have deeply specialised knowledge of current and evolving risks and are fast becoming recognised as the best line of defence against cyber criminals.

How does it work?

“Cybersecurity consultants live and breathe IT threat intelligence, and they can continuously tune your defences against the latest threats. The process usually begins with a security assessment to test your patching, configuration, and security arrangements to flag up what your current vulnerabilities are. Once they have fixed you vulnerabilities, it’s crucial to continue to employ cybersecurity experts to provide continuous protective monitoring. On average, hackers will spend 207 days between breaching a company’s IT security and exploiting it, so regular scanning is the key to stopping an attack before it is too late.”