It’s no secret that MSPs (Managed Service Providers) are cybersecurity’s ace in the hole: providing services in network, application, infrastructure, and more. Whilst they have been around for some time, they are becoming more prominent in the frontal lobe of the UK IT community.
In recent times, there have been several cybersecurity breaches, and considering we can’t blame it all on Skynet or the oncoming doom, we have to start thinking carefully about how we handle this (and no, leather-clad Austrian robots aren’t the answer… not this time anyway).
The most common issues you face in the cybersecurity space are any one of three things:
- Phishing
- Ransomware
- Finally, (that’s right, you guessed it) regulations, which as you’re going to see from the rest of this blog are about to become a big deal.
So, who can we blame for our cybersecurity problems?
Well, that’s not a question that can easily be answered. We can blame cybercriminals, of course. But, sometimes companies with little regard for cybersecurity need to take some of the accountability. Sometimes, even MSPs find themselves in trouble.
The best way to think about it is like driving a car down a busy motorway at high speed, you’re pushing 100 miles per hour and that’s your security posture. You need the speed to keep ahead in this vast, ever-growing business. But speeding ahead of you like a Ferrari in a drag race is the technological landscape that’s constantly changing around you.
Naturally, it’s hard to keep up, but that doesn’t mean you can get complacent. A laissez-faire attitude towards cybersecurity is asking for trouble.
Inadequate security measures could result in new legislation
With that in mind, the government has started a proposal for legislation that would ‘crackdown’ on MSPs with inadequate security measures in place. This means MSPs now come under NIS (Network and Information Systems) regulations essentially making them just another brick in the wall with the looming possibility that they could face up to £17 Million in fines.
Speaking on the latest MSP legislation UK Minister of State for Media, Data and Digital Infrastructure Julia Lopez said, “Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.” In laymen’s terms, it’s serious stuff.
MSPs should continue to monitor this
Surprisingly, this has largely been swept under the metaphorical rug. It’s being talked about, but most articles are just telling you the same things over and over again like a revision textbook.
When people see large numbers and hefty fines, they naturally panic. But the fact of the matter is, if we are to believe the words of Ettine Greef (the CEO of Flow Communications), you likely won’t see many fines of that size. However, you can never rule it out, and staying up to date on MSP legislation can prevent something like this from affecting you and your clients.
There are five major steps to follow for what’s best described as ‘Cyber Hygiene’. In another post, coming tomorrow, we will share these steps. Stay tuned for tomorrow’s post and some effective best practices to put in place to gain some peace of mind regarding these potential legislation changes.
Photo: Marian Weyo / Shutterstock
these last to postings focusing on the UK is applicable to everyone, I like the term Cyber Hygiene.
This subject should be on the forefront of elevating the standards required for MSPs. MSPs can either be the, as the post states, the ‘ace in the hole’ OR the ‘hole in the security’. At times, it is quite staggering to see the disparity in levels of cybersecurity adherence.
Great article
Great Reminders