Supply Chain Breaches: The Biggest Financial Threat to MSPs This Year?

Data Leak article

While security experts are still sorting out the Microsoft Office 365 and SolarWinds supply chain breaches, the most versatile managed service providers in the business have already increased security offerings for their clients, according to inSOC CIO Jeff Gulick.

The bad news for lagging MSPs: refusing to intensify their security offering to protect the supply chain will result in client departures as they migrate to their nimbler competitors.

However, by protecting clients with better security, Gulick sees strong financial gain for those MSPs willing to recognize the massive consequences of security incidents leading to supply chain breaches.

It’s a critical change that will separate the successful from the failing MSPs.
So let’s break it down.

Here are three ways Gulick sees MSPs innovating to meet the supply chain security threat:

1. Innovative MSPs See Supply Chain Security as a Crisis

How serious is the problem?
When US President Joe Biden signed an Executive Order requiring a supply chain review for weaknesses and bad actors in the system, corporate executives recognized their need to batten down their supply chain against global cybersecurity threats, including theft of sensitive data.

By the time Biden signed the Executive Order, large corporations were already tightening their security and reconsidering their relationships with vendors. Already shouldering the burden of regulations, they will now require greater security expectations from their vendors.

“So as an MSP, if I’m not doing more security, I could go out of business for a number of reasons, mostly loss of a customer.”

Hackers know that larger corporations have teams of security working to harden their systems. So the best entry point is the more vulnerable and less secure vendors. Once into a vendor’s network, hackers can slip into their larger corporate clients and either nest in the network or take down their systems.

The proof of the damage already made national news several times, as some of the country’s largest companies fell victim to data breaches via their weakest vendor (the 2020 SolarWinds breach being an example of how hacked source code can be spread security risks along the global supply chain).

MSPs have already responded to this demand by acting as the key link in the chain for their clients. By offering a variety of security services, MSPs will increasingly help vendors integrate the needed security controls to be compliant.

MSPs also know the risks of these security threats are pervasive and potentially damaging to major corporations, Gulick says.

2. Corporate Clients Will Demand Proof of Security

Gone are the days when MSPs could verbally promise security, according to Gulick. Expect more regulation and compliance at the top that will trickle down to vendors.

Gulick says the larger companies are now recognizing that their weakest link is usually their vendors. They have to hold them accountable. They have to demonstrate they are secure.

“No one is asking MSPs to prove it,” Gulick said. “Now companies are going to ask you to prove it.”

Corporations will demand security compliance in two ways.

  1. By responding to an audit questionnaire detailing and attesting to the company’s security practices.
  2. Providing a customer certification document showing your company has been independently audited.

“This is all coming down the pipe,” Gulick says. “And you’d better be leaning into it.”

3. Innovative MSPs See SOCs as the Cost-Effective Opportunity

MSPs at the lead of the supply chain risk have already crunched the numbers.
Hiring a Chief Information Security Officer (CISO) and/or training staff is a long process, pushing costs up into the multiple six-figures and with mixed results.

By outsourcing the SOC and key security roles, that team can take over the burden of security, save the MSP money, and support MSP financial growth as it scoops up sales from non-compliant competitors.

“Companies that can demonstrate they are secure in a cost-effective way are going to take customers away from those that can’t,” Gulick said.

To understand how inSOC can help protect customers against supply chain threats, contact us.

#supplychain  #logistics  #msp