Over the past year, we’ve seen supply chain threats rear their ugly heads to impact nearly every business worldwide. These risks have taken many forms, from the disruption of goods and services to cybersecurity vulnerabilities in the software and hardware used across a company’s environment.
For managed services providers (MSPs) sworn to protect their customers and optimize their use of technology, the inevitable question becomes: What can be done to help? The good news is that MSPs can do many things to help their customers reduce risks in their supply chains and set themselves up for a more stable future. Luckily, budgets are opening up for these efforts, with 49 percent of all organizations surveyed saying they are increasing their spending on third-party risk management.
The first step towards de-risking the supply chain is to get visibility into the devices, vendors, and other elements that comprise IT environments. Unfortunately, this elementary step presents a significant challenge for many businesses. Seventy-two percent of IT and security leaders surveyed said that supply chain visibility is important, and only 26 percent said they could fully map their environments, according to a recent survey.
The impact of that lack of supply chain visibility was clear. In the same survey, 60 percent of IT and security leaders said they had experienced a cybersecurity incident in the past two years due to access privilege issues with a third-party partner. While many cited total costs below $100,000, 45 percent said those incidents incurred higher costs, with some seeing impacts of $1 million or more.
Once there’s an understanding of the assets within the environment, MSPs can help their customers build strategies to manage and monitor these items to prevent disruption. This includes patching devices for known cybersecurity vulnerabilities and threats and flagging any other potential issues that may lead to disruption, such as global shortages. Technologies like artificial intelligence and automation can help an MSP do these tasks efficiently and effectively.
In addition, an MSP should look inside its own four walls when it comes to supply chain risk. Unfortunately, the very same deep integration with customer environments that can make MSPs so successful is the same reason they’re increasingly becoming the target of supply chain attacks themselves to target their customers.
To counteract this effect, MSPs should take the necessary steps to limit risk for themselves and their customers. One way to do this is to limit risk through remote monitoring and management (RMM) software, which gives the MSP high privilege access to customer environments. MSPs should ensure they’re taking steps to secure this software, including leveraging multi-factor authentication and implementing least privilege access principles.
Supply chains and cyberattacks have become front and center in the past year, and those worlds are colliding. It’s up to MSPs to make sure they’re offering their clients the protection they need and take the necessary precautions for their own business to limit this growing risk category.