If you're running an MSP, your clients trust you to provide critical network services. This is why you need to offer the best protection against cyber attacks.

Why do hackers target MSPs?

Most MSP's infrastructure is designed to provide your technicians with direct access to your clients, so they can perform maintenance, troubleshooting, deploy programs, and more. It stands to reason that if a bad actor can compromise one MSP, they can target many victims at once.

As an MSP, you also know that your core offering is to keep everything running smoothly in the event of a cyber attack. This makes an MSP a prime target for hackers who want to extort you and your clients by threatening to disrupt this.

Cyber Threats to MSPs

A 2022 report by CISA revealed that cyber attacks against MSPs are on the rise and showing no signs of slowing down.

According to research commissioned by N-able, in late 2022 an astonishing 90% of MSPs had suffered a cyberattack in the past 18 months. The threats faced include:

Malware

Given the huge amount of network infrastructure managed by MSPs, it can be difficult to screen against every type of malware. In December 2020, Solarwinds was a victim of a "supply chain attack", when their network monitoring platform Orion was infiltrated by the Russian hacking group Nobelium.

These cyber criminals compromised the update feature in Orion, effectively turning it into a form of trojan virus, which could be used to load more malware and allow hackers to 'backdoor' access to the device in question. Dealing with the fallout of the hack cost Solarwinds alone around $18 million.

Ransomware

This form of malware encrypts data on an infected computer or device. Attackers will then demand a hefty 'ransom' in exchange for unlocking infected devices. This can bankrupt businesses, as the average ransom is $751,000.

When organizations refuse to pay, not only can the attackers refuse to unlock infected devices but they can leak sensitive company information onto the internet.

This is a particular risk for MSPs as not only their systems can be compromised but that of their clients. It's no wonder that 73% of MSPs report that ransomware is the most concerning threat they face.

In 2021, the REvil ransomware gang executed a supply chain attack against Kaseya, a provider of remote management solutions.

Posing as Kaseya, the gang used a malicious update to Kaseya's VSA (Virtual Server Administrator) software to spread the ransomware, compromising 40 MSPs and 1500 organizations worldwide.

Phishing

After malware, phishing attacks are the most common faced by SMBs. These can be as simple as sending an email impersonating a trusted colleague to trick the recipient into providing their login credentials.

In a "spear phishing" attack, a hacker may pose as a colleague, CEO, or vendor requesting money or payment information. It’s often incredibly difficult to differentiate a spear-phishing attack from standard email correspondence as it's easy to forge email addresses and company logos.

Mercifully successful phishing attacks against MSPs themselves are rare but it's a serious risk for your clients. In 2016, Belgian bank Crelan lost 70 Million Euros through spear-phishing attacks.

What can I do to protect my MSP?

As an MSP Manager, we understand you want to deliver an effective solution, in the least amount of time possible. You need to protect yourself and your clients easily and without costing an arm and a leg.

A DNS control product like Control D offers you a simple, secure, and reliable way to do this. Switching can be done in minutes and makes it easy to manage your MSP's internet traffic, allowing you to block and filter all types of content.

Our main security features include:

Detailed Analytics

Control D can provide your clients with valuable insights into internet usage patterns. This includes which websites are being accessed the most as well as what times of day have the highest traffic.

The analytics feature can help your clients identify potential security risks, enforce internet usage policies, and optimize their network performance.

Crucially for you, an MSP, 'sub-organization' admins can only view analytics data for devices within their own company.

Blocking Malicious Websites

Control D can also block websites known to contain malware and other potentially harmful types of software like aggressive ads and trackers. Like with phishing websites, this means even if someone does click the wrong link, known malware sites won't load. Naturally, this means there's no chance of any of your staff accidentally downloading malware from such pages.

This can be achieved through Control D's AI Malware Filter, which has 3 basic levels of blocking:

Relaxed - This setting is the one we recommend, as it only blocks domains that the AI recognizes as being at high risk of being malicious.

Balanced - This setting blocks domains that have an average risk of being malicious.

Strict - This setting blocks domains that have a medium/low risk of being malicious. This is not recommended as there can be a lot of false positives.

You can also block ads, trackers, and 18 other categories of sites manually on all of your devices with a simple flick of a switch.

Limit Inappropriate Content

Both your clients and your business reputations are important, so you want to be sure that anyone accessing the internet via your infrastructure is doing so only for the right reasons. Control D can be used to block access to inappropriate websites by category, such as those containing adult or gambling content, once again just by clicking a few switches.

Admins can also do this to limit access to social media sites and other non-work-related websites during work hours. This can help increase your clients' employee productivity and reduce distractions.

Limiting Ads and Trackers

Control D offers you and your clients the ability to filter unnecessary ads and trackers. The main advantage to both parties is better security, as some ad networks have been exploited to introduce spyware to users' devices.

If improperly set up, some ads and trackers can also inadvertently leak personal data, so this can provide your clients with better protection against data breaches.

Control D is one tool among many

While Control D offers an excellent way to protect your business from harmful websites, it's not proof against every type of threat.

For instance, after the Solarwinds attack in 2021, Kaspersky reported that 72% of MSPs decided to tighten their security, even though they weren't directly affected. These steps included switching to other security providers, hiring additional security experts, and investing in security training.

According to the independent security report commissioned by N-able, MSPs have raised their security budget by an average of 5%, though it remains to be seen if this will be enough to protect against most threats.

The same report states that only 40% of MSPs back up workstations every 48 hours or sooner, which is a good defense against ransomware. Only around the same amount of MSPs (40%) implemented strict 2FA (two-factor) authentication on their systems, which the report concludes needs to improve to provide better protection against hackers stealing login credentials.

Getting Started with Control D

If you've decided Control D offers the security your business needs, you'll be pleased to learn that setup only takes minutes. The benefits of using Control D to secure your and your clients' DNS include:

Sub-Organizations

Naturally, as an MSP, each of your clients has different needs, so not all devices will fall under the same virtual umbrella.

This is why Control D supports creating an unlimited number of 'Sub Organizations' to compartmentalize your devices and profiles into logical groups. You can manage sub-organizations via a simple table, which lists key data like Users, Routers, Profiles, and Admins.

By default, only you as the primary admin can provision users and devices to a sub-organization. However, with just a few mouse clicks you can add/edit members for the sub-organization to delegate tasks like these to your clients.

With just two mouse clicks, you can also view a sub-organization as if you're a member, to view and edit profiles and devices.

Most importantly for MSPs, members only have access to their own sub-organization. You can also change the maximum number of users and routers within the sub-organization at any time.

Mass Provisioning

Creating a 'device' in Control D takes only moments so you can have a unique DNS 'resolver' configured with the settings you choose. This is done via a simple graphical user interface.

The wizard prompts you to choose the right resolver for your device and there's even a tutorial if you need help. Once this is done, Control D can then generate a setup URL for the end user to click so that the DNS settings are applied automatically.

As an MSP however, you and/or your clients may need to set up hundreds of devices. This is why the platform supports Mass Provisioning via a simple install script that can be deployed on multiple endpoints simultaneously.

Control D can not only be deployed easily on your client employees' BYOD (Bring your Own Devices) but also on your business routers, meaning any connected hardware will benefit from our DNS Security. No software is required, but if you want to make life even easier Control D offers simple graphical apps for automatic onboarding of BYOD and unmanaged devices. Our web panels and dashboards also provide essential information and are easily configurable without employing millions of toggles.

We also have a robust API, which can be integrated into your MSP's existing workflow to easily manage settings.

Control D Pricing

Control D offers a clear per-device or per-router pricing plan for businesses based on the features required. This is done on a month-to-month basis, saving so your organization doesn't have to commit to any long-term contracts. You can also cancel your subscription at any time.

All plans allow admins to block, route, and monitor their organization's network traffic with the touch of a button. You can also create enforceable 'global' policies to apply to all your clients such as blocking domains known to contain malware.

If you choose to create 'sub-organizations' to manage your clients, the associated cost for the maximum number of routers and users you've set will be displayed in a helpful table.

We understand that every MSP is different. If you would like to discuss a custom price plan tailored to your specific needs, please contact us for a quote.