N-able has published the result of research into the fast-changing security landscape for its partners, conducted by an independent research firm and commissioned by N-able.
The research found that managed services providers (MSPs) are quickly overtaking their customers as a primary target for cybercriminals. The research also revealed that while 90% of the surveyed MSPs suffered a cyberattack in the last 18 months, the number of attacks these MSPs are preventing has almost doubled, from 6 to 11.
The report, State of the Market: The New Threat Landscape, reflects the responses of 500 participants— sourced from the U.S. and Europe by an independent research team—about their security experiences before the COVID-19 pandemic and today, to discover what had changed. There has been an assumption that the increase in hybrid working has meant a shift in how threat attackers are operating. N-able’s research looks at that shift and what it means for MSPs.
“MSPs have worked tirelessly throughout the pandemic to ensure that the businesses they support can stay online and connected as circumstances changed,” said Dave MacKinnon, chief security officer, N-able. “But the cybercriminals they're protecting against are working equally as hard to make use of these shifts against their targets. MSPs need to understand how the threat landscape continues to evolve and make the changes needed to protect both their customers and themselves, and make the most of the enormous opportunity that enhancing security provides.”
The research reveals:
Almost all (90%) MSPs have suffered a successful cyberattack of some sort in the last 18 months, and the same amount have seen an increase in the number of attacks they are preventing each month. On average, the number of attacks being prevented has risen from six to 11.
82% of MSPs have also seen attacks on their customers rise, though not quite at the same rate, with an average of 14 attacks prevented per month.
While some progress is being made on important security processes, such as automating backup, many basics are still not in place. For example, while most MSPs offer two-factor authentication to their customers, only 40% have implemented it in-house.
DDoS and ransomware are among the main attacks MSPs are detecting, but the top attack remains phishing.
The effects of cyberattacks are wide ranging. Over half of MSPs say that financial loss and business disruption resulted after a cyberattack, but many said they have lost business (46%), suffered reputational effects (45%), and even saw their customers suffer a loss of trust (28%). While MSP budgets are only increasing at an average of 5%, they are focusing this extra investment on key areas, including data security, cloud security, and infrastructure protection.
There’s good news. The majority of SMEs, seven in every 10, are planning to increase their security budget. For MSPs, this means a big opportunity is available.
Automating key functions is critical to making headway against cybercriminals. Automated backups are the most common form of automation used by MSPs to keep their customers’ businesses secure, used by 85% of all respondents.