“All this time spent in cyberspace leaves businesses vulnerable to an onslaught of hacking and system infiltration attempts. Unfortunately, most businesses consider cybersecurity an expense, not an investment. These organizations would rather put money to use elsewhere than protect their most important asset—their data,” ConnectWise said in its MSP Threat Report.
Research in Detail
Here are some of the findings:- When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks, more than transportation, non-profits, construction, education and real estate.
- Measured by the business sector, manufacturing far outpaces other sectors.
- No country has close to the number of ransomware hacks as does the U.S.
- Lockbit led among the most prolific ransomware hijackers targeting MSPs, followed by Cl0p. Lockbit is responsible for 42% of all attacks on MSPs while Cl0p executed on 11%.
- Hive is responsible for 6% of all ransomware incidents directly targeting MSPs in 2022.
- Mount Locker/Dagon/Locker/Quantum Locker is responsible for 6% of all ransomware incidents directly targeting MSPs in 2022.
- Conti, which is no longer in operation, was responsible for 4% of all ransomware incidents directly targeting MSPs in 2022.
ConnectWise Makes its Predictions
ConnectWise’s researchers offered four cybersecurity predictions for MSP in 2023 and beyond:- MSPs will remain the target of supply chain and critical infrastructure attacks. As a result, many MSPs themselves will look to an outside partner with the right expertise to start strengthening their cybersecurity posture.
- Zero trust network architecture is critical for MSPs. The most vulnerable MSPs are those without zero trust network architecture (ZTNA), which is why governments worldwide will continue to expand their programs to require ZTNA from their vendors.
- Leveraging threat intelligence research and inter-organizational collaboration is essential for MSPs. Understanding current threats can help MSPs prioritize their time and efforts on what will have the most significant impact on their networks and those of their clients.
- Specialized cybersecurity training will increase across the industry, but ramp-up will take time. While diversified skill sets have worked thus far for MSPs, evolving threat landscapes is best addressed with cybersecurity specialists.