Louisiana Criticizes MSP Industry’s Security Practices; Employs MSSP

Many MSPs (managed IT services providers) are dropping the ball on cybersecurity, leaving elections open to the threat of cyberattacks, Louisiana Secretary of State Kyle Ardoin warned peer government leaders on January 31.

Ardoin called out MSP security weaknesses multiple times during at a meeting of the National Association of Secretaries of State, according to State Scoop.

Ardoin, the report says, alleged that many MSPs:

Amid the alleged MSP industry shortcomings, Ardoin's statewide office leverages an MSSP (managed security services provider) for prevention and detection services.

Louisiana's commitment to MSSP engagements is easily explained. The state has suffered multiple ransomware and cybersecurity attacks across numerous municipalities and government agencies.

MSP Industry: Improve or Face New Regulations?

Although the MSP industry has made some progress on the cybersecurity front, more progress is needed, according to Datto CISO Ryan Weeks.

Datto is an MSP-focused provider of data protection, networking, IT monitoring and business automation solutions.

If you're an MSP, you need to "know thyself, know thy battlefield and know thy enemy," Weeks told MSSP Alert during a PerchyCon 2020 conference last week in Tampa, Florida, organized by Perch Security.

As MSPs work to gain that cybersecurity expertise, they must also work to offer a unified industry front against attackers, Weeks added.

If the MSP industry doesn't make more progress on the unified security front, the industry could wind up facing new government regulations and compliance requirements, Weeks also warns.

Still, Weeks sees progress from vendors and MSPs alike. For instance, Datto rolled out mandatory 2FA services to MSPs in January 2020, he notes. We'll share additional thoughts from our time with Weeks soon.