Kaseya Attack Sparks Customer Scrutiny of MSPs' Internal Cybersecurity Practices
The ransomware attack has forced MSPs to examine their own incident response capabilities, and those of their customers.
July 9, 2021
![Cybersecurity lock Cybersecurity lock](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8a8e2421170d03f2/65244d1dd319c6bd6b40ad54/13-Cybersecurity.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Is this driving more customer engagement and business for you as a result?
“We are still putting communications together and will be having a YouTube or Facebook Live broadcast to spend some time talking about it in a panel format in order to promote our comprehensive security enhancement services.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We are currently happy with our cybersecurity solution stack. We partner with Perch Security for our SIEM solution, have MFA enabled on all of our platforms, and are forcing our clients to enable it across their network. It’s no longer a request. We tell them they have to do it, and they usually do. Unfortunately, it still sometimes takes a near miss for some companies to get on board. We are trying to get ahead of that as it pertains to phishing, ransomware and other cybersecurity issues.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“It was always our expectation that our vendors spared no expense as it relates to cybersecurity. Hacking MSPs and using RMM solutions to each end client isn’t new; however, a direct attack on a major vendor like Kaseya was a big eye-opener. As an MSP, should we now be doing more due diligence on the vendors, such as SOC reports and audits? We are supposed to trust these vendors to provide security in their platform so we can safely use the tools to do business.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“No additional calls in the wake of this specific attack, but we have vendors calling me all the time wanting me to buy their services.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“We haven’t made the first move on that. Most of my competitors that I’m familiar with are Connectwise shops like us. If a Kaseya partner does call me, I’ll take their call to see if there is anything I can do to help.”
Are you looking to hire more infosec professionals to meet demand from customers?
“That is our plan as we continue to grow. We are also encouraging some of our more senior technical staff to take that career track if it interests them, and Magnitech will support them.”
Is this driving more customer engagement and business for you as a result?
“You’re finding that customers will engage with us more based upon what they see on TV with these hacks and the great thing is, we are already providing them with solutions and we can upsell them on additional solutions to be able to support them with their ongoing technology needs and security support.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We already have partnered with organizations to help us keep our clients safe. One of the first choices that I made as a CEO was to make sure that the organizations that we support were going to be secured in the manner that should be, rather than could be.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“You’re always worried about your partners. Is there a tool secure enough? As we saw with this hack, obviously not, so you have to go through each one individually and make sure that each tool is the best tool for your solution set to be secure for your customers. The ongoing growth of your organization is a never-ending process.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Yes, we get these calls daily and we take them, we listen to them and we see what they are. Are they best-of-breed, are they something that we can install within our client base and within our MSP? If they are, we will evaluate if they are not. We typically leave them by the side of the road.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“We partner with the three largest cloud partner providers, along with GCP. We utilize their tools, but first and foremost, we validate them. We make sure that we are going to get the best of what we have when we use their particular cloud and then we move forward from there with different types of supply chain solutions to support our and our client’s needs.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“Interesting question because we could raise ours, but we have decided not to at this point in time. We feel that the security that we provide organizations is a key component to what we provide in an overall month-to-month, year-over-year activity.”
Are you looking to hire more infosec professionals to meet demand from customers?
“Absolutely. This is a given. We’ve been trying to hire more information security professionals on a daily, weekly, monthly and yearly basis. They are critical to our success in making sure that our customers are successful with their systems and landscapes within our organizational structure.”
“After both SolarWinds (N-Able) and Kaseya have been compromised, it is not a question of “if” but “when” the others (ConnectWise, I’m looking at you) will be targeted. We have made a decision to find ways to limit our reliance on and our clients’ exposure through RMMs. RMMs are a black box and conduit to our clients’ assets, and that is no longer a prudent way to operate as an MSP.
“Next-gen threat management ( XDR, SentinelOne, etc.) is key to solving the prevention side. End users have to be educated on what is exposed and protectable. Also, every MSP that hopes to be in business two years from now needs to take responsibility for having a safety chute to recover their clients’ infrastructure from an almost assured compromise.”
“Outwardly we’re being very careful, as we don’t want to appear to be opportunistic jerks. Internally we’re continuing to work on improving our cybersecurity strategy (it’s an infinite game).
“The “good” impact we’re seeing is cybersecurity discussions are a lot easier to have with both existing and potential clients. There isn’t as much denial of need as there has been historically. I think that the reality is finally sinking in that security is a serious threat throughout the SMB world.
“The Kaseya attack didn’t really change anything for us, except drive home the effectiveness of the supply chain attack. It also reinforces the need on our part to have cross-monitoring capabilities where products/services monitor each other. The walls of Troy were a single vendor security solution, who never considered a big statue of a horse.
“Our next webinar (which was already scheduled prior to this) will be interesting as we will be focusing on educating attendees how easy it is for bad guys to make money off of broken and incomplete security. We’ll be wearing our black hats and talking about opportunities to make money as criminals. I’ve found conversations from this perspective an effective way to get non-technical CEOs to understand that not only is there a threat, but it can (and will) impact them directly.”
Is this driving more customer engagement and business for you as a result?
“Yes, we are finding it easier to sell advanced security solutions due to this environment. Recent events have certainly brought the need for security to the forefront of SMBs’ owners minds.”
Are you looking for more vendors to partner with to prevent these type of attacks on your organization and customers?
“Absolutely. I have been on four information calls with other security firms this week alone. We take an overlapping layered approach to security. So, we are always looking to improve our stack with another layer.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Yes, we are worried. We trust Kaseya and have been very pleased with their response to this incident. But as we have seen just this week, trust alone is not enough. Fortunately, our security layers saved us this time, but we need to continue to press our vendors for better, more secure, solutions.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Yes, and other RMM and PSAs vendors as well. We have been with Kaseya for many years. We are certain that the other RMM vendors know this. I have had one or two sales emails just this morning. Nothing obnoxious like “come to our RMM; look what happened to Kaseya,” but the inference is there.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“Yes and no. I have spoken to three other MSP owners, and previous owners, about their take on this situation. In each case my contacts offered both advice and help during this time. What I will do, however, is take this situation and our security solutions/posture to my next security/user group meet-ups to gather more information on better and additional security solutions.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“We have not tried to raise our prices as a result of this incident. For us, this is not the time for that. We wanted to reinforce to our clients that we are here for them and have their interests first and foremost in our minds.”
Is this driving more customer engagement and business for you as a result?
“Yes it is. When these events happen, we communicate the risks. Clients who have taken our recommendations appreciate the previous investments they made to help keep them protected. Clients and prospects who have been hesitant to step up their cybersecurity game are more open to discussions around setting up protections.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“Definitely. We are always looking for ways to close any open doors or windows. Using a third-party auditor to help find these holes in our security helps us see what needs to be addressed before a malicious attacker finds the hole.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Of course, we are concerned about the network security of all our vendors, especially our PRM providers. This raises the issue of financial liability. What would be their financial liability? I think most MSPs have not thought about this or have stuck their head in the sand about the answer. I would like to see the community push back on the PRM providers to take some ownership of the risk.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“We have received more solicitations from security vendors that know our clients are wanting to step up their cybersecurity game.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“Yes, partnering with other MSPs to solve problems makes sense and we are always looking to increase our mastermind knowledge. I have had at least 10 conversations with other MSPs in the past week. We share what is working and what isn’t.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“Some clients are willing to pay more for the added security. They realize that the added security has a cost associated with it. Others are in denial that the security landscape has changed.”
Are you looking to hire more infosec professionals to meet demand from customers?
“We were looking for more infosec team members before this latest set of attacks. It is just a matter of fact that our industry needs to step up if we want to continue in this industry.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“This is forcing us to take a deeper look at some of the practices we have in place, what the drivers of those decisions were (i.e. cost vs. useability vs. security) and re-evaluating how we need to shift our priorities. That dovetails into where we have gaps that we need to fill with new partners to complement our footing.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Vendor management is always one of the biggest challenges that any company, particularly MSPs, face. Not only do you have to build a robust vendor management process to track all of your vendors and their security exposure against your own, but you’re limited by the information provided to you via your partners. On top of that, a lot of organizations have these massive technical debts, attributed to years of focusing on company growth and bottom line, but at the cost at times of cybersecurity best practices. These vendors are going to face increased scrutiny, especially when the situation like Kaseya comes to light, that they had several months advanced notice of the vulnerability.”
Are you looking to hire more infosec professionals to meet demand from customers?
“We are looking to hire not just specific infosec professionals, but ensure that all teams, engineering/support/development are hiring talent with complements of infosec. We can’t program a web app out of the development team if the lead developers do not embrace/enforce good clean coding principles. It really has to be a top-down approach to security, not just targeted to the infosec teams.”
Is this driving more customer engagement and business for you as a result?
“Current customers are reaching out for sure. New customers are out there and available with some genuine marketing capabilities or outbound sales. The customers that are reaching out are more concerned about the volume of attacks and how we are handling these types of attacks as an MSSP. The scope has changed over the last six to seven months. Before SolarWinds, it would be a rare occasion for a customer or prospect to reach out.”
Are you looking for more vendors to partner with to prevent these type of attacks on your organization and customers?
“As an MSSP or MDR/XDR service provider, we are always looking for best-of-breed technologies to integrate with or to add to our aggregated offering.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Absolutely. It seems like each one of these breaches could have been avoided. Attackers are not kicking in the door; they are walking in with the door wide open.
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Sure, ambulance chasing will always happen, but we try to keep our new vendor evaluations to a specific time in the year to avoid disruption to our stand practice.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“We do offer an MSP/MSSP program and we have several successful MSPs that are leveraging our MDR/XDR solution for their clients. Guaranteed margin and an award-winning team to deliver ‘all eyes on glass’ service.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“Not a correlation specifically to these attacks, but we are seeing a greater number of customers leveraging more tools, which creates more visibility into collecting and managing security on more devices, which has been a correlation to revenue growth.”
Are you looking to hire more infosec professionals to meet demand from customers?
“Yes, we have hired nine infosec professionals in the last six months, and we plan to grow this team to 100 by the end of next year.”
Is this driving more customer engagement and business for you as a result?
“A silver lining of these highly publicized incidents is that customers are now considering security in their decisions. They’re asking us questions that make us better by having to answer.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We’re looking to improve security of RMM, or even ways we can become less reliant on it. That might mean new vendors, but there’s an equal focus on products/vendors we already work with. There’s an even greater focus on process – the best security vendor or product isn’t meaningful if there isn’t a plan in place for when alerts come in, both for response and recovery.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Anything with access to client assets is a risk. Obviously, Kaseya/ConnectWise have system-level access and as a result carry a greater risk.”
Is this driving more customer engagement and business for you as a result?
“Absolutely. Every year, security services are rapidly growing and attacks, such as the SolarWinds and the most recent Kaseya attacks, only drive more overall security awareness and adoption.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“Yes. Security is not just one product, initiative, service or solution. Creating a fabric of integrated and automated policies, procedures, along with project and managed security solutions, is the best defense.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Yes. In general, attackers are increasingly targeting third-party providers of software and SaaS-based platforms. However, ATSG does not utilize these particular company’s products.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Yes. The outreach has been markedly increasing. Security is top of mind for everyone and calls are coming in from both existing and new security services providers. We have taken a comprehensive multidimensional cybersecurity approach, combining security consulting and operations, along with AI/ML-oriented security automation platforms.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“We regularly partner with some of the leading security technology providers, but we generally play the role of MSP/MSSP of record for our clients, customizing, integrating and operating their security technologies.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“We always gauge the marketplace with the utmost integrity and commercial efficacy, trying not to take advantage of certain industry situations. However, if there is a significant increase in demand our pricing will reflect that, especially for highly skilled resources and/or more sophisticated solutions.”
Are you looking to hire more infosec professionals to meet demand from customers?
“Yes, and we are also expanding our information security offerings and operations into our other managed solutions offerings.”
Is this driving more customer engagement and business for you as a result?
“Any time there is an incident of this size or at the supplier level, it definitely prompts further discussions around security and best practices. Collectively with our MSP customers, we try to utilize these events as a time to review how we can improve and implement safeguards to mitigate vulnerabilities. While it may not increase business immediately, it definitely improves education and awareness of the risks that exist.”
Are you looking for more vendors to partner with to prevent these type of attacks on your organization and customers?
“Not at this time, unless it was something we were already exploring. Internally, we spend more time discussing future cybersecurity table-top exercises that we may need to do to prepare ourselves for incidents like this. Most organizations spend an adequate amount of money and time on the prevention of security incidents but more than likely do not spend enough time on the responding and recovery aspects of an incident.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“I think everyone is worried. There have been multiple incidents in the past year and that is not at the fault of the providers; it is solely a concern that criminals are going to continue to try to find ways to compromise systems like PRM providers, where there is a one-to-many capability that creates a ripple effect.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Not materially, and if we are, we are not exploring those opportunities. We feel strongly that the managed service community needs to come together and collectively figure out how to slow down these criminals, versus taking advantage of a very bad situation for Kaseya and its affected customers.”
Is this driving more customer engagement and business for you as a result?
“We have definitely fielded a higher-than-usual number of questions related to MSP access requirements and RMM system security.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“Not any more than we normally do, although security is a continuous process and we’re always striving for improvement.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“It would be irresponsible for any service provider to ignore potential risks associated with their supply chain. We have been proactive about coordinating with our partners for years and these efforts have only ramped up over time and will likely continue to do so.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Not yet, although I can certainly see how security vendors might try to leverage an incident such as this to provide context to the value and importance of their services.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“This is not necessary for us. We’ve continuously increased our managed IT security baseline standards for years. We also offer cybersecurity detection and response (SOC) and risk management services designed to help clients address situations like this.”
Is this driving more customer engagement and business for you as a result?
“We have not seen an increase in customer engagement as a result of the Kaseya event.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We will be looking for vendors to provide SOC and SIEM services to our clients. Additionally, we are looking for an insurance company that is savvy in cyber insurance to partner with because I feel that all our clients should have cyber insurance.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Absolutely! This has been on my mind for several years. As the sophistication of cyberattacks increases, I believe that attackers will increasingly target MSPs and other vendors as a way to breach many victims at the same time.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Yes. There has been a noticeable increase in contacts from security vendors.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“We have not increased our service rates or per-seat prices yet. However, we have been able to increase our security-related conversations with our clients and I believe that will lead to an increase in revenue per client.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Absolutely. We take third-party risks very seriously and apply an intelligence-driven approach to managing vendor and supply chain risks. We’ve put further scrutiny into this pursuant to the Kaseya incident and have reached out to several vendors to collaborate on remediating findings.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“Yes, but we take a very market-driven approach to product management and spend significant time vetting technologies prior to adopting them.”
Are you looking to hire more infosec professionals to meet demand from customers?
“We are constantly hiring passionate cybersecurity professionals and only expect demand to continue to increase.”
Is this driving more customer engagement and business for you as a result?
“Most of our customers are largely unaware of what an RMM tool is and even fewer are concerned with what tool we use. Bottom line is they expect us to protect, detect and respond with whatever tools are required. This most recent incident, however, was a stark reminder we shared with them about the necessity for effective security measures to protect their business.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We continually and proactively evaluate tools and technologies in the marketplace to best serve the interests of our clients, even if they are largely unaware of the services we provide.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Reliance alone on the PRM vendors to secure their tool sets without us taking our own additional security measures isn’t acceptable. It’s a small comfort to tell our clients, “It wasn’t our fault and we weren’t the only ones hit” when our company and our clients’ businesses are destroyed.
“Ultimate accountability lies with us as an MSP. We need to continuously secure ourselves independently of whatever “best practices” our vendors recommend. This requires an investment of dedicated internal infosec resources for the MSP which is how we approach our own security.
“The market will likely gravitate away from MSPs and RMM providers that have been most recently hit, but that’s a reactive “whack-a-mole” approach. We are at a time when we should have a proactive industry-wide compliance framework with independent audits and certifications (regulation) so that buyers can honestly assess risk and make the appropriate risk vs. economics decision for their business.”
Are you looking to hire more infosec professionals to meet demand from customers?
“We have consistently increased our investment over time into our own dedicated infosec capabilities. We lead with a security-first profile in the market.”
“It’s important for MSPs to consistently explore options and make informed decisions regarding their stack. We currently have an increased focus on moving to both a RMM-free and zero-trust environments. We understand that security is an ongoing journey, and we are continuously looking for vendor partners that will fill in gaps in the NIST framework. Being involved with the Connectwise Evolve community has also paid dividends in developing not only our cybersecurity posture early on, but also our first cybersecurity service offering that we launched in 2019.
“Since then, we’ve relaunched our managed infrastructure services early this year with different levels of baked-in cybersecurity tools. At the same time we’ve added more security training and responsibilities to our engineering staff to bring up the cybersecurity skill level of what we consider a standard engineer.”
Is this driving more customer engagement and business for you as a result?
“It’s certainly driven more engagement from clients, but not entirely positive. Our clients are naturally reading the news, and then asking questions. Each interaction requires a calculated, consistent response, ensuring they know the facts, both about the Kaseya breach, about our own systems, and how they differ. It’s certainly opened up new conversations about cybersecurity, and helped in closing opportunities that have been lingering.”
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“We’re always looking for new vendors to address this type of attack, but we’re looking at existing vendors even more. The big players (Connectiwse, Datto, etc.) are embedded in so many MSPs, and it’s their responsibility to give the MSPs confidence that this won’t happen to them.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“I’m sure after this Kaseya breach, and others in the past, everyone is progressively more worried, and we need to be prepared, both proactively and reactively, on handling a breach of our own.”
Are you getting more calls from security vendors to partner with them because their solutions could prevent such attacks?
“No, but we’re proactively looking for opportunities to further secure our environment.”
Are you partnering with other MSPs to solve these types of supply chain problems for your customers?
“The immediate response from the MSP community after the Kaseya breach was “how can I help,” further reinforcing how united this community is, despite its competitive nature.”
Have you been able to raise your per-seat or services prices as a result of these attacks?
“No, we’re not looking to capitalize on raising prices just because of a single breach. We’re ensuring that clients understand the road map to a protected business, and have us as a resource for analysis, selection, deployment, and management.”
“For many of us, this is not the three-day weekend we were hoping for, but the MSP and security communities overall have come to the forefront to attack this issue head-on. There are many people that are helping others. This situation cannot be painted in any other way than the worst-case scenario for the MSP community. We have seen MSP cases in the past that have been a result of a MSP not doing the right things. In this case, the MSPs, their clients and others were the victims of a supply-chain attack.
“I know many companies will not understand “how their MSP let this happen,” but it is not that simple. I hope the bloodshed is not as bad as I fear and I hope many are understanding and don’t overreact to what occurred if they are victims.”
“For many of us, this is not the three-day weekend we were hoping for, but the MSP and security communities overall have come to the forefront to attack this issue head-on. There are many people that are helping others. This situation cannot be painted in any other way than the worst-case scenario for the MSP community. We have seen MSP cases in the past that have been a result of a MSP not doing the right things. In this case, the MSPs, their clients and others were the victims of a supply-chain attack.
“I know many companies will not understand “how their MSP let this happen,” but it is not that simple. I hope the bloodshed is not as bad as I fear and I hope many are understanding and don’t overreact to what occurred if they are victims.”
The feet of MSPs everywhere are being held to the fire after the Kaseya VSA supply chain ransomware attack last weekend. The attack breached about 50 customers, including 35 MSPs, and impacted up to 1,500 of their customers in way or another.
The breach understandably induced a shake-up in the industry. It caused many MSPs to take a hard and close look at their security stacks. It has also driven home the point, once again, that security is not just one product, initiative, service or solution. Creating a fabric of integrated and automated policies, procedures, along with project and managed security solutions, is the best defense.
We asked our 2021 MSP 501ers to weigh in on this issue. Curious about the impact the Kaseya breach had on MSP businesses, we wanted to know several things. Is this driving more customer engagement and peer-to-peer work? Furthermore, are MSPs fielding more customer calls? Are they sorting through which strategic infosec partnerships they should add to their portfolios?
Our slideshow above features our 501er commentary on the Kaseya ransomware attack. Are your experiences the same as your peers’?
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Allison Francis or connect with her on LinkedIn. |
About the Author(s)
You May Also Like