CTS Cyberattack: Why MSPs must make security an ongoing priority

Image related to CTS Cyberattack: Why MSPs must make security an ongoing priority

Last month, CTS — a managed service provider (MSP) for law firms — fell victim to a cyber attack (November 24), preventing many law firms across the UK from accessing their case management systems. After three weeks of disruption, systems are still not back to normal, and the true scale of the issue is still to be determined.

This case highlights the specific cyber risk that MSPs face.

They are, by their very nature, a high-profile target. MSPs remotely manage a customer’s IT infrastructure and systems. If breached, they provide attackers with a ‘gateway’ into the data or operations of many other businesses.

MSPs are very aware of their value to malefactors and have been investing in security. The Government — recognising the strategic importance of MSPs to UK IT infrastructure — has also been looking to help tighten defences in the sector. It plans to bring MSPs under the scope of the Network & Information Systems (NIS) regulation, which would introduce new legal duties for security and for reporting breaches. To date, however, this hasn’t happened.

This attack will be the latest reminder that this focus on security must be an ongoing priority for MSPs’ management teams and that they must be doing all they can themselves, now, to protect their organisations and their customers. The risk of attack is only likely to get more and more severe, and attackers’ methods more sophisticated.

CyXcel's Chief Revenue Officer Hamish Singh explores the CTS cyberattack and its implications for UK cyber policy.

Read more: https://www.weightmans.com/media-centre/news/cts-cyberattack-why-msps-must-make-security-an-ongoing-priority/