What Security Risks Should MSPs Expect in 2018

As IT operations are becoming more complex and require both advanced infrastructure and security expertise to increase the overall security posture of the organization, the managed service provider (MSP) industry is gaining more traction and popularity.

Estimated to grow from USD $152.45 billion in 2017 to USD $257.84 billion by 2022, at a CAGR of 11.1%, the MSP industry offers greater scalability and agility to organizations that have budget constraints and opt for a cloud-based IT deployment model.

“The cloud-based technology is the fastest-growing deployment type in the managed services market and is expected to grow at the highest CAGR during the forecast period from 2017 to 2022,” according to ResearchandMarkets. “IT budget constraints for installation and implementation of required hardware and software, limited IT support to manage and support managed services, and need for greater scalability are major factors that are likely to drive the adoption of cloud managed services in the coming years. The cloud-based deployment model offers higher agility than the on-premises deployment model.”

However, MSPs are expected to also become more targeted by threat actors than in the past. Supply chain attacks are becoming a common practice, as large organizations have stronger perimeter defenses that increase the cost of attack, turning MSPs into “low-hanging fruit”
that could provide access into infrastructures belonging to more than one victim. In other words, MSPs hold the keys to the kingdom.

Since MSPs are expected to provide around-the-clock security monitoring, evaluation, and response to security alters, they also need to triage and only escalate resources when dealing with advanced threats.

1. Wormable military-grade cyber weapons

Leveraging leaked, zero-day vulnerabilities in either operating systems or commonly deployed applications, threat actors could make the WannaCry incident a common occurrence. As similarly-behaving threats spread across infrastructures around internet-connected endpoints – both physical and virtual – MSPs need to quickly react with adequate countermeasures to defend organizations.
While MSPs may not be directly targeted, their role in protecting organizations will become far more important as they’ll need to reduce reaction time to new critical threats to a bare minimum, on an ongoing basis. Consequently, network security and threat mitigation will become commonplace services for MSPs.

2. Next-Level Ransomware

The rise of polymorphism-as-a-service (PaaS) will trigger a new wave of ransomware samples that will make it even more difficult for security solutions to detect. Coupled with new encryption techniques, such as leveraging GPU power to expedite file encryption, ransomware will continue to plague organizations everywhere. Backup management and incident response that provides full data redundancy need to be at the core of MSP offerings when dealing with these new ransomware variants.

While traditional ransomware will cause serious incidents, threat actors might also hold companies at gunpoint by threatening to disrupt services with massive distributed-denial-of-service (DDoS) attacks performed by huge armies of IoT botnets.

3. OSX Malware

The popular belief that Apple’s operating system is immune to malware was recently put to the test by incidents such as the ransomware disseminating Transmission app and advanced remote access Trojans (RATs) that have been spying on victims for years. With Apple devices making their way into corporate infrastructures onto C-level’s desks, managing and securing them is no longer optional, but mandatory.

Security experts have started finding more advanced threats gunning for organizations that have specific MacOS components, meaning that during 2018 threat actors will continue down this alley. Regardless of company size, vertical, or infrastructure, MSPs need to factor in MacOS malware proliferation and prepare adequate security measures.

4. Virtualization-Aware Threats

Advanced malware has been endowed with virtualization-aware capabilities, making it not just difficult to identify and spot by traditional endpoint security solutions, but also highly effective when performing lateral movement in virtual infrastructures. MSPs need to identify and plan to deploy key security technologies that are not just designed from the ground up to defend virtual infrastructures, but also hypervisor-agnostic, offer complete visibility across infrastructures, and detect zero-day vulnerabilities.

Focusing on proactive security technologies for protecting virtual workloads against sophisticated attacks will help MSPs offer unique value to their services.

5. Supply Chain Attacks

MSPs could also become the target of attack for threat actors, which is why deploying strong perimeter defense on their end should also be a top priority. Having access and managing security aspects to remote infrastructures turns MSPs into likely candidates for advanced attacks. Either by directly targeting their infrastructure or by “poisoning” commonly-deployed tools, MSPs should treat the security of their own infrastructure with the utmost scrutiny.