Our team did some weekend reading and came across an interesting article on how many managed service providers (MSPs) may be putting customers at risk because of insufficient cybersecurity.
The topic came up when the Secretary of State for Louisiana, Kyle Ardoin, recounted the state's significant 2019 cyberattack.
The successful cyberattack started with an MSP being compromised, and then the attack filtered down to dozens of school districts across the state. Another attack targeted parishes last year with ransomware.
"Firewalls and system patches and antivirus: what used to be sufficient for MSPs, they are no longer," Ardoin said at a meeting of the National Association of Secretaries of State. "As attacks grow more sophisticated, many MSPs have not been upfront with their clients about the need to invest more in security. This leads to serious problems for their clients, and the MSPs themselves."
What are some examples of this?
He said many providers deliver their services through web-based "remote monitoring and management" software that allows MSPs to install applications and updates on their clients' computers from afar. But, he said, they often don't use crucial security measures like multi-factor authentication."