Chris Loehr — executive vice president of Solis Security, an incident response firm — has personally dealt with many of these MSP breaches. Speaking of GandCrab, Loehr says, "They certainly hit some MSPs in 2018, but the ransoms were relatively small: $10,000 to $25,000. In 2019, MSPs became more of a target, with increasing ransom demands and the threat actors leveraging MSP tools with greater efficiency to affect clients. GandCrab never required the MSP to pay up. It wasn't until GandCrab evolved into Sodinokibi in mid-2019 threat actors began to say: 'We ONLY want the MSP to pay. You can pay for ALL the customers or you get NOTHING at all.'"

In a managed service arrangement, the managed service provider retains responsibility for the functionality of the IT service and equipment, and the customer typically pays a monthly fee for receipt of the service. There are many different types of managed IT service offerings, but the idea behind all of them is to transfer the burden of maintaining IT from the customer to a service provider. In an effective managed services relationship, a customer benefits from predictable pricing and the ability to focus on core business concerns rather than IT management chores.
Meritech is an office technology provider that offers personalized, cost-effective solutions for the management, maintenance, and enhancement of business environments. Meritech hires the best and most skilled individuals in handling, sustaining, and improving the customer experience. Meritech helps companies identify threats and opportunities within their networks in order to reduce risk, manage costs, and increase productivity
What did that say about cybercriminal understanding of the average MSP? That MSP is just like every other small business organization out there — a small victim with little capacity to pay out for ransomware recovery. This mantra began to change late last year as MSPs began to be leveraged as the initial infection vector of their larger clients. The Texas ransomware attacks were the first highly publicized examples that served as the catalyst, but certainly weren't the last.
You provided clear explanation as to what managed services are exactly, and why a company would need to utilize them. Digital Maelstrom is an example of an MSP that serves as the third-party for businesses to utilize in order to manage their technology duties. Many of our clients are small to medium-sized as stated in the article. Thanks for posting!
At TELECO, we specialize in infrastructure design and implementation. Our certified technicians can assess your new or existing location and plan the layout of all your cabling to support any new system you are deploying. From retail, multi-location chains all working together to a simple upgrade of your existing telephone and network cabling, we do it all!

Thank you for shining a light on this systemic vulnerability. I don't think organizations realize that, in many ways, they inherit the security of their service providers. As another commenter noted, the RMM is overdue for radical reinvention. Security-minded MSPs may need to think about delegated access to customer environments, privileged access workstations, or other methods for remotely administering customer environments without that big fat one-to-many target that RMM represents. I think the MSP tooling ecosystem is general is problematic - MSPs design for scale and efficiency (making them an economical option for customers as opposed to hiring internally), but do I really want my password manager integrated into my RMM? Maybe not... There's a lot of market share out there waiting for MSPs that can develop real cybersecurity maturity.

FRONTEO is a technology and services company specialized in big data, AI, and information governance. FRONTEO is driven by a service-oriented culture that continues to aim higher and brighter to develop state-of-the-art technology and the best services on the market, creating immense value for its customers, employees, consumers, and shareholders. Their focus, defined by their name, is to look to the future and to innovate on how their AI technology can be further applied to legal and other vertical business


Today more companies are opting for a managed service model instead of outsourcing specific IT activities. This reduces their risk of technology disruption and helps the organization be ready for new opportunities. Managed IT service company delivers cost-effective solutions for managed IT cloud colocation, disaster recovery and ITconsulting services.
The firm operates Experience Centers that help bring ideas and technologies to business fruition. PwC operates in 158 countries. PwC focuses on fueling innovation and developing new products, services and ways of doing business through immersion and acceleration labs, emerging technology visioning and prototyping, rapid prototyping and other business and IT development frameworks.
Today more companies are opting for a managed service model instead of outsourcing specific IT activities. This reduces their risk of technology disruption and helps the organization be ready for new opportunities. Managed IT service company delivers cost-effective solutions for managed IT cloud colocation, disaster recovery and ITconsulting services.
The firm designs and builds out specialized solutions in several key areas, including: software-a-solution (SaaS), infrastructure-as-a-service (IaaS), and cloud integrations and subscriptions. These include partnerships with Microsoft, IBM, Adobe and Google. CDW offers expertise in developing and deploying AI services as well as other emerging technologies. The company offers customized cybersecurity solutions.
SugarShot provided IT consulting and help desk services for a non-profit. The client felt they did not need an in-house person doing IT, but they needed a help desk they could call when they needed assistance. SugarShot is a help desk for the client; they manage servers and services, provide troubleshooting services, and they serve a variety of other functions. The client has been satisfied with the company’s work, and they feel that the company has helped move their cybersecurity forward.
Technology is required to keep your business running, but you don’t have to be the one to stay on top of finding the right IT services and product for your company. With professional IT consulting from NexusTek, you get the experience, knowledge, and guarantee that your company’s IT needs are addressed based on what is right for you. Whatever your business scenario is, you will benefit from using the IT consulting services offered by a professional, nationwide managed IT service provider.
2020 has seen a steady and continued trend of continued attacks against MSPs. Unfortunately for many SMBs, they have been brought into a new reality: They are included as victims by inheritance through their use of MSPs, often through no fault of their own. These SMBs are stuck in an ultimate catch-22. As they are far too small to effectively invest in their own IT management, partnering with an MSP makes sense. Yet this partnership can be fraught with new risks, many of which the SMB sector itself doesn't fully recognize.
Having a secure and properly maintained network is critical to your business operations. We provide network security that includes router and firewall configuration, managed switch installation, wireless access point deployment, as well as data and voice network cabling. Properly securing your network involves sophisticated security testing and hardening to protect your data and your user’s privacy.

However, managed IT services do not necessarily make the enterprise IT professional obsolete; for the end user, an IT professional can act as an endpoint liaison that manages the relationship, provides feedback and analyzes the reports provided by the MSP. Because the majority of routine work is being completed by the MSP, the IT professional is capable of greater efficiency and has the flexibility to tackle larger, more complex projects they would otherwise not have the time or capacity to take on.
×