Sales handshake

Let’s hear it for the go-betweens

Partners are becoming tempting targets for cyber criminals but there are no better businesses capable of adapting, says Billy MacInnes
Image: Pixabay

14 April 2022

For many years now, the role of channel partners has been to act as intermediaries between vendors and their customers. The success of the channel shows that, for the most part, being in the middle isn’t the worst place to be. The space a channel partner occupies in the middle widens and narrows depending on what services it provides to vendors and customers.

The role of go-between is generally a positive experience. Why shouldn’t it be? At best, partners are helping customers to get the technology and services that best suit them while enabling vendors to get the technology and services to them in the most appropriate way. In essence, the job is about helping the businesses and people on both sides to be happy with what they do.

If you were going to take the most positive stance possible, you could sometimes describe it as “spreading happiness” to customers and vendors. And who wouldn’t want to be doing that?




There are difficulties, obviously, when it might not be possible to keep both sides happy and when the partner’s position of honest broker may not be welcome to the vendor or customer. But if they have the been doing their job properly, they can be trusted, appreciated and respected even when they deliver news that the customer or vendor wants to hear.

There can be a temptation by some to see channel partners as the weakest link in the three-way relationship between vendor, partner and customer but you could argue that they are often the strongest link. They have a better understanding of what customers and vendors are trying to achieve and the ability to see where the two interconnect – and where they diverge.

But that relationship is becoming slightly more complicated with the emergence and growth in the ranks of managed service providers. This is particularly true when it comes to security. Put simply, being in the middle has become a big potential liability, as demonstrated by the findings of the ConnectWise 2022 MSP Threat Report.

According to the report, ransomware attacks became even more MSP-focused in 2021. ConnectWise argues this isn’t a surprise as MSPs are a much more lucrative target than individual businesses because they provide the opportunity to ransom several companies at once. In other words, the position of MSPs in the middle with multiple customers gives attackers the potential to access a much wider range of victims than if they targeted a single business.

Moving targets

No wonder MSPs are becoming increasingly popular targets. Of the top 10 industries targeted by ransomware in 2021, MSPs (along with MSSPs and TSPs) accounted for 39% of all attacks. To appreciate how much they are being singled out by attackers, it’s worth pointing out that the next highest sector was health with 12%.

If anything, the trend is increasing. The report notes “a significant increase in ransomware incidents targeting MSPs” in the second half of 2021, revealing that 72% of all ransomware incidents directly targeting MSPs occurring in that period. “The data suggests that MSPs are in the spotlight more than ever,” it states.

Analysing the nature of how attackers gain access, ConnectWise found that phishing and valid accounts were the most used techniques for initial access. Zero-day and exploiting public-facing applications were major concerns but the report suggested MSPs could “significantly reduce their attack surface by implementing common mitigations such as email filters, user training, password hygiene and MFA [multi-factor authentication]”.

Execution was often through tools and applications built into the operating system “with PowerShell (T1059.001) and Windows Command shell (T1059.003) scripting being the most common techniques”.

The report recommended SIEM (security information and event management) as a tool for detecting these techniques, especially if PowerShell script block logging is enabled. Execution control, script blocking and code signing were all highlighted as “good mitigations for dealing with these techniques”.

While the rise in ransomware attacks on MSPs seeks to expose the potential vulnerability of their space in the supply chain, if they successfully stave off, prevent or mitigate those attacks, they reinforce the value of their role to customers and vendors. If their defences prove to be effective, they also serve as a real-time demonstration of their security credentials to customers who may have needed some cajoling to put something equally effective in place for themselves.

The report also identifies the emergence of “a new MSP species”, otherwise known as the “super-MSP”, created through mergers and acquisitions into “complex, highly capable, fast-growth organisations”. It adds that “cybersecurity will always be the future for these MSPs, but it will become more critical than ever before”.

I’m not completely convinced by the ‘super-MSP’ label although I can see the attraction for companies in adopting it. How do you arrive at a definitive interpretation of what “super” means? Still, we’ve had Superman, Supergirl, Superboy and Krypto the Superdog, so I guess there’s probably room for Super-MSP as well.

Read More:

Comments are closed.

Back to Top ↑