Would you be able to pay a £3m (€3.5m) fine for poor cybersecurity? That’s how much a UK-based MSP had to pay for failing to protect its client’s data. And even if you could pay it, what damage would be done to your reputation?
That colossal fine followed a ransomware 2022 attack in which hackers breached the systems of National Health Service software provider Advanced Computer Software via a customer account that did not use multi-factor authentication (MFA). Personal information belonging to 79,404 people was stolen—including details of how to enter the homes of people receiving care at home.
That’s just one example of the thousands of attacks that are taking place every day. So why are MSPs under increased attack, and what can they do about it?
MSPs: Cyber Targets and Defenders
In the escalating war over digital infrastructure, MSPs have become both guardians and targets. As stewards of IT environments for countless businesses, MSPs hold the keys to networks, data, and Cloud environments across multiple sectors.
Ironically, the business model of an MSP is what makes it so attractive to the bad guys. MSPs typically maintain remote access, admin-level privileges, and integrated tooling across client environments. This centralized control creates a great opportunity for cybercriminals and explains the increase in “hub and spoke” attacks.
The relatively small size of most MSPs is another factor driving this increase in attacks. Go after a multinational, and not only will you have to combat high levels of IT security, but if you succeed, you are likely to be pursued by the authorities. Attack a small or mid-sized MSP, and the repercussions are likely to be less extreme.
The Double Cyber Threat for MSPs: RaaS and AI
MSPs rely on multiple “as a service” software platforms, and—even more ironically—so do the cyber criminals who target them. LockBit has been at the forefront of this activity, giving access to bad players worldwide. It may have been slowed down by law enforcement activity (and was recently hacked itself) but LockBit’s model proves that ransomware-as-a-service (RaaS) is here to stay… and the bad guys are saying, “Add to Cart”.
AI is accelerating the speed and scale of cybercrime against MSPs. A major US security provider saw more attacks in January 2025 than in the two previous years combined, and the arms race between AI as offense and defense will continue to escalate.
RMM Vulnerabilities and Other Attack Methods
Remote Monitoring and Management (RMM) is central to the MSP offer. It also has the potential to provide access to a network of client systems and data. Attackers can exploit vulnerabilities in RMM software to map networks, move laterally and potentially exfiltrate data or deploy ransomware.
In 2021, the clients of 50 MSPs were targeted following a breach of the Kaseya platform. That incident shook the industry, and while Kaseya highlighted that only a fraction of its customers were affected, we can see how one attack can snowball through the supply chain of MSPs and the businesses they serve.
Other common attack methods include:
- Credential stuffing: MSP portals are frequent targets due to reused passwords and weak MFA.
- Supply chain injection: Malicious code is introduced through software updates or vendor plugins.
- Social engineering: Technicians are phished or tricked into granting access, often by attackers posing as client personnel. This has recently happened at UK retail giant Marks & Spencer, where hackers posing as employees are claimed to have tricked IT staff into resetting passwords.
What MSPs Must Do Now
Mitigating this rising threat starts with a layered, realistic approach. Key steps include:
Zero-trust architecture: Trust nothing, even inside your own network. Least-privilege access and identity segmentation are crucial.
RMM hardening: Use application whitelisting, enforce MFA, and audit logs aggressively. Keep all tools patched—especially those that touch customer systems.
Incident response plans: Build and test IR plans tailored for MSP-specific scenarios, including client communication protocols.
Vendor risk management: Vet upstream vendors and require that they adhere to cybersecurity standards.
Client education and contracts: Include cybersecurity obligations in SLAs and proactively educate clients about shared responsibilities.
Prepare for the Inevitable
With cyber attacks and breaches, it’s a case of when, not if. Be prepared to aggressively defend yourself and cope with breaches if (okay, when) they do happen. Encourage your clients to take an equally proactive approach.
Today’s successful MSPs need to constantly prove their reliability as security and compliance partners who reduce risk, increase resilience and protect business continuity. The good news is that, as the scale of attacks increases, so does the opportunity to prove your value.
| MSP Global 2025 |
|---|
| Join us at MSP GLOBAL in October to hear from industry leaders on how to protect your business, your clients and your reputation. Speak to leading security providers and learn lessons from across the industry. Register today at this link! |
