MSPs That Don’t Upgrade Their Security Will Be ‘Roadkill’: Cybersecurity Experts

The days of unregulated MSPs are quickly drawing to a close, says cybersecurity consultant at XChange Security 2022.

MSPs and other channel players need to significantly beef up cybersecurity measures for themselves and their clients — or risk becoming competitive “roadkill” in the near future.

That’s the assessment of cybersecurity consultant Joy Beland and other security officials who warned IT service providers at Tuesday’s XChange Security 2022 that the days of unregulated MSPs and other security firms are quickly drawing to a close.

The bottom line: MSPs and other security industry players will have to comply with the increasing number of security regulations and compliance orders issued by a wide range of government agencies and other clients.

[RELATED STORY: EXPERTS WARN OF BRAZEN NEW ATTACKS FACING IT SERVICE PROVIDERS]

“It’s happening,” Beland, a consultant at Columbia, Maryland-based Edwards Performance Solutions, said of new government security edicts. “You need to accept it (and) embrace it.”

The U.S. Department of Defense has become the largest and most visible government agency to demand more stringent cybersecurity measures from its contractors and their suppliers, as well as the MSPs serving them, Beland said.

But at least 20 other federal government agencies are closely eyeing how DOD’s security mandates work – and they appear ready to impose many of the same rules on their MSPs, contractors and supply-chain firms, Beland said.

Meanwhile, state governments are getting more involved with privacy and security issues, said Beland, adding insurance carriers are also issuing their own security compliance requirements.

All of which means MSPs and their clients are going to have to meet more stringent cybersecurity standards moving forward – or they’ll simply fail as companies.

“There’s going to be lot of roadkill out there,” Beland predicted of MSPs going out of business for not adapting to the new regulatory times. “You’re either going to be roadkill or you (get it right) and be stronger.”

Also speaking at XChange Security 2022 in Reston, Va., Brian Doty, channel development manager for Kaseya, said it’s critical that MSPs realize they need to step up their compliance game or face the consequences, including the loss of customers.

“Most MSPs see the writing on the wall,” he said.

He noted that MSPs should embrace the new regulatory era as an “opportunity,” since many of their clients will need help complying with various new security rules.

Some MSP executives attending this week’s XChange Summit 2022, hosted by CRN parent The Channel Company, said they’re usually not fans of more regulations.

But they said MSPs have increasingly become major targets of hackers – and more security measures are justified. They also noted many of their more of their SMD customers are also getting hit by cyber-attacks.

“It’s welcome,” Phillip Walker, chief executive of Los Angeles-based Network Solutions Provider, said of new compliance mandates for MSPs. “It’s necessary. MSPs have to be held to a higher standard.”

Martin Perkins, director of managed services at ABM Co. in Fort Wayne, Indiana, said most of his clients are SMBs, not government agencies. So his firm hasn’t yet increased security measures to comply with new government edicts.

But he said his firm plans to adapt to the changing times. “It’s long overdue,” he said of MSPs increasing their security posture. “It’s important to hold MSPs accountable.”