Moody’s, the credit rating, and investment services company just released its assessment of cyber risk. I’m not sure any of us will be too surprised.
It found that specific sectors have either high or very high risk of exposure from an attack. The technology sector is definitely on the list.
Along with a slew of other industries, including electric, gas, utilities, and hospitals, technology has been identified as a high-risk domain.
The reason Moody’s pinpointed specific industries?
They have a “systemic role” in a critical supply chain. This makes them an attractive target that likely would react to a service disruption. In addition, these sectors—including our very own- have exceptionally large potential attack surfaces. They have more bang for their buck to attack an industry like IT.
The other big problem happening right now?
Cyber liability insurance providers are cracking down on high-risk industries as well. In fact, managed services providers have started to see problems renewing their policies. Some are seriously considering selling their businesses or just closing shop because they see their companies shouldering a lot of the risk today.
After taking a hard look at our industry, I think there is definitely a way out of this predicament. I even think our community can be stronger from being considered high risk.
Here’s what I think you need to start doing immediately to ensure on-going health within your business:
- Get a third party to evaluate your security controls. We do offer a free cyber stack assessment to the MSP community to get MSPs on track for the latest attacks. Even if you don’t use us, I strongly recommend getting a regular third-party evaluation of your network. Even the best teams cannot proofread their own work.
- Start elevating your teams. If your team doesn’t see ownership in all the problems around current threats, they aren’t going to think they are part of the solution. The most successful teams are ones that talk about security issues and get their entire teams involved in solutions. One easy way to do this is by presenting security operations (SecOps) issues to them regularly.
- Become the CSO that your clients need. Move from a commodity-based service to one that all boards and leaderships are starting to appreciate. If you can elevate your services to include a vCSO—that is, a virtual chief security officer—you and your team will be in a much stronger position to make recommendations that are consistently heard. For more information on how our community engages with the vCSO position, we have our own MSP-centric framework in helping leaders within MSPs really dominate in the CSO arena.
Our industry might be at risk right now, but I want you to see that you are not alone. Solutions are out there. Our MSP community can only get stronger from these threats and labels.