MSPs Under Threat: Key Insights from 2024 Cybersecurity Survey

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
July 17, 2025 4 min read

Reasons MSPs Are Targeted in Cyberattacks

Managed Service Providers (MSPs) are increasingly becoming prime targets for cyberattacks due to several key factors. They serve multiple clients and handle vast amounts of sensitive data, making them attractive to cybercriminals. As businesses continue to outsource IT responsibilities, the security posture of MSPs is critical.

Why MSPs Are Attractive To Attackers

  1. Multiple Clients and Endpoints: MSPs often manage the IT needs of various businesses, leading to a concentration of data. Smaller MSPs may lack the necessary resources to maintain robust security measures, making them more vulnerable to attacks.

  2. Distributed Networks: MSP networks are susceptible to widespread attacks, where multiple clients can be targeted simultaneously, often with ransomware.

  3. Limited Control Over Client Security Posture: MSPs may not oversee all aspects of their clients' security, such as employee training or policy implementation, creating potential gaps in security.

The rise in supply chain attacks, which surged by 650% in 2021, has further exposed the vulnerabilities of smaller businesses that rely on MSPs. When an MSP is compromised, it offers a direct path to its clients.

For further reading on the vulnerabilities of MSPs, you can check this article.

Consequences of a Successful Attack

A successful breach of an MSP can lead to severe consequences, categorized into direct and indirect impacts. Directly, an attack can compromise hundreds of accounts at once, leading to significant operational disruptions and financial losses. Indirectly, reputational damage can occur, as clients expect their MSPs to safeguard their data effectively.

For instance, the REvil ransomware attack on Kaseya affected over 1,500 businesses through a vulnerability in their software. This highlights the risk MSPs face when their systems are compromised.

For more information on ransomware and its implications, visit this resource.

Effective Protection for MSPs

To combat the threats they face, MSPs should adopt several best practices, including:

  • Implementing Multi-Factor Authentication (MFA) to enhance account security.
  • Regularly backing up data to mitigate the impact of ransomware.
  • Segregating networks to limit the spread of attacks.
  • Training staff to respond effectively to cybersecurity incidents.
  • Developing comprehensive incident response plans to ensure preparedness in the event of a breach.

Additionally, CISA recommends that MSPs engage in proactive monitoring and logging, secure remote access applications, and manage supply chain risks effectively. For more details on building a robust security posture, see CISA's recommendations.

Key takeaways from the MSP cybersecurity survey 2024

Key Takeaways from the MSP Cybersecurity Survey 2024

The CyberSmart MSP survey 2024 provides insight into the current state of MSP cybersecurity:

  1. High Target for Attackers: 87% of MSPs reported at least one breach in the past year, revealing their appeal to cybercriminals.

  2. Ransomware and Malware Threats: The biggest concerns for MSPs are malware and ransomware, with 57% of respondents citing these as primary threats.

  3. Overlooked Cybersecurity Risks: Despite awareness, many MSPs neglect the cybersecurity skills gap and fail to recognize supply chain attacks as threats.

  4. Changing Customer Expectations: Customers increasingly expect MSPs to manage their cybersecurity, prompting 70% of MSPs to expand their cybersecurity offerings.

  5. Confidence in Cybersecurity: While many MSPs express confidence in their cybersecurity measures, gaps in policy clarity among SMEs indicate a disconnect between perception and actual security.

For additional insights into cybersecurity practices, explore best practices for MSPs.

Cybercrime Trends Targeting MSPs

Recent trends show a significant focus on MSPs by cybercriminals. A report indicates that nine out of ten MSPs have faced cyberattacks in the past 18 months, with an average of 11 attempted attacks each month. Automated backup adoption has risen to 85%, providing some defense against ransomware.

MSP's Attack Target

Key Statistics

  • Less than half of MSP customers implement multi-factor authentication, increasing vulnerability.
  • 46% of MSPs suffering attacks experience business loss as a result.

To ensure security, organizations must remain diligent about the capabilities of their MSPs and verify their security measures continuously.

Zero Trust Architecture for Enhanced Security

Adopting a Zero Trust Architecture is crucial for protecting against supply chain attacks. This approach emphasizes not granting permanent access privileges to partners and implementing strict authentication requirements.

By utilizing zero trust principles, organizations can limit the impact of a compromised MSP. Security-oriented service providers who prioritize zero trust strategies can significantly enhance protection.

For more about the zero trust model and its applications, refer to this resource.

Organizations must take charge of their data security while collaborating with MSPs to ensure comprehensive protection against evolving threats.

For more information about our services, please visit undefined or contact us at undefined.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article