Watch Demo×

See NinjaOne in action!

2019 Predictions: The Impact of Security on an MSP’s Business

NinjaOne predictions for 2019 - The impact of security on an MSP#s business

At the end of every year, it seems like every business takes a moment to ponder over what’s been accomplished in the past year, looking for ways to improve operations and increase revenue in the coming year. In my last blog, I looked back at the state of security in 2018 and how it affected MSPs.  I’d like to take the opportunity in this article to do a bit of looking forward towards next year, focusing in on some security predictions that will change the way you offer security services.

If you aren’t yet offering security services to your clients (beyond simply including AV in your RMM offering), there’s much you should be doing: providing clients with a layered security offering that protects the network, endpoints, users, web, and email is a solid start. But, as we all know, the threat landscape is constantly changing, so it’s necessary to be watchful of how (and how quickly) your services need to equally change to remain effective.

In a recent webcast, NinjaOne teamed up with Webroot to discuss what’s changing and how it impacts your business.  I’m going to cover a few of the more important predictions from this webcast, as I believe they are very relevant to the success of your business.

Prediction #1: MSPs Become a Target

Cybercriminals are increasing the sophistication of their campaigns beyond the simple ransomware infection. Instead, they are targeting industries with specific access to data and/or sources of money that they can compromise, infiltrate, perform recon within, and devise a monetization strategy.  In the case of MSPs, you have access to dozens of clients – each with their own revenues. So, if you were a bad guy, would you try to target each of the client orgs or simply target the MSP who has admin access to all the client orgs?

When we’re hearing about attacks that involve infiltrating company A to setup a scam where company B is the victim tricked into sending company A money to a criminal-controlled bank account, it makes sense that these cybercriminals will be willing to use your access to steal from your clients.

Prediction #2: A Shift in Threats

The more prominent threat in 2018 was ransomware. It’s a simple business model, with lots of “as-a-service” dark web vendors out there offering some or all of the components making up a ransomware attack available to anyone. But, many security vendors are seeing the attack-of-choice change to bot-based attacks.  In 2018 it was cryptomining – in which either installed or browser-based malware used a compromised endpoint’s processing power to mine cryptocurrency. In 2019, I expect to see other uses of this kind of misuse of your client’s endpoints. For example, we’ve also seen 1.7 million endpoints used as part of an online advertising fraud scam that raked in $29M!

Now, these kinds of attacks may not seem like much of a threat, as the most they’re doing to your client is taking up CPU/GPU cycles and increasing the utility bill a bit. But remember, that’s malware on your client’s endpoint – it would make sense to me if I had admin access to an endpoint that I may want to sell that access on the dark web as another means of revenue. So, even if bot-based attacks don’t sound scary, they are the entre to more malicious actions.

Prediction #3: Too Many Attack Vectors to do it Yourself

2019 is going to continue the trends of 2018 with a growth in number of cybercriminal organizations, sophistication and frequency of attacks, and more detailed targeting of companies and verticals. So, the idea of a single MSP being able to keep up is simply not realistic.

MSPs that wish to remain effective in the fight against the changing face of attacks need to be looking for ways to leverage machine learning-based solutions that continually morph as threats evolve. Specifically using solutions that leverage threat and behavior data from a vendor’s millions of endpoints under management makes sense – this way your client benefits with updates that originated from an endpoint halfway around the world who was the first to see a zero-day attack.

2019: Security is the Name of the MSP Game

There’s money to be made with solid offerings, and money to be lost, should you choose to ignore the trends. Whether you’re just getting started with a security offering, or have something in place that needs to mature, now (literally today, this week, anything but putting it off) is the time to augment your offering’s security strategy to protect your clients – and yourself – against the changing face of cyberattack in 2019.

To hear more about the predictions for 2019 that impact your MSP business, watch the webinar recording 2019 Predictions: The Impact of Security on an MSP’s Business.

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).