Category Archives for "Managed Services News"

Jan 20

Red Cross Cyberattack Compromises Highly Vulnerable People’s Data

By | Managed Services News

This attack shows how threat actors have ways to indirectly attack any organization.

In a particularly low blow, a Red Cross cyberattack compromised personal data and confidential information of more than 515,000 highly vulnerable people.

The cyberattack was against computer servers hosting information held by the International Committee of the Red Cross (ICRC).

The attacker[s] compromised personal data of people separated from their families due to conflict, migration and disaster. They also compromised data of missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

The ICRC’s most pressing concern following this attack is the potential risks that come with this breach. The attacker[s] may share confidential information for people the Red Cross and Red Crescent network seeks to protect and assist, as well as their families.

“When people go missing, the anguish and uncertainty for their families and friends is intense,” the ICRC said in a release confirming the attack.

Who’s Behind Attack Remains Unknown

The ICRC has no idea who carried out this cyberattack. It targeted an external company in Switzerland that the ICRC contracts to store data. There is not yet any indication that the attacker[s] have leaked or shared compromised information.

Sam Curry is Cybereason’s CSO.

Cybereason's Sam Curry

Cybereason’s Sam Curry

“The Red Cross and other nonprofit organizations are more vulnerable to cyberattack than other similarly sized organizations,” he said. “The nonprofit world may not have margins, but they are accountable to donors and backers for spending as high of a percent as possible of their funds on the mission.”

Every dollar spent on overhead or administration means a dollar not spent, for instance, on blood collection, storage and distribution, Curry said. It also means they have less money to attract the best and brightest for security positions.

“Having said that, those who answer the call to a nonprofit are often motivated not by money, and many have built excellent security shops,” he said. “It’s fair to say though that security at a nonprofit is playing the cyber game on the hardest difficulty level.”

All Data Is Valuable

Archie Agarwal is founder and CEO of ThreatModeler.

Threatmodeler's Archie Agarwal

Threatmodeler’s Archie Agarwal

“Organizations may not see themselves as targets because they don’t have the revenue of a Fortune 500 company, but may still be ripe targets because of the cache of data they own,” he said. “Perhaps attackers thought personal information of a half-million individuals the Red Cross serves was valuable because these victims might be less able to defend themselves when compromised. Perhaps the ICRC’s supplier simply had publicly accessible systems with obviously poor hygiene and were a target of opportunity.”

Threat modeling can help organizations think like these attackers, Agarwal said. They can understand what assets an adversary may value and imagine how they might get access to them.

“Having done so, organizations can evaluate what ends potential adversaries would be willing to go to obtain such data, and design appropriate controls to keep those data protected,” he said.

More than Just Financial Gain

Tim Wade is technical director of Vectra’s CTO team.

Vectra's Tim Wade

Vectra’s Tim Wade

“While some cybercriminal groups have rules to keep organizations like the Red Cross out of the line of fire, this isn’t a universally adopted position,” he said. “This attack seems to have little financial gain for the cybercriminals behind it. But we’re increasingly seeing attacks that are just as much about disruption, fear and discrediting opposing ideologies instead of making money. Regardless of whether this was targeted or merely opportunistic, it’s clear that every organization faces some level of material cyber threat today.”

Hank Schless is Lookout‘s senior manager of security solutions.

Lookout's Hank Schless

Lookout’s Hank Schless

“With few details about the nature of the attack itself, aside from confirming that it wasn’t a ransomware attack, it’s difficult to nail down the intentions of the actor,” he said. “However, when it comes to sensitive personal data, nothing is off limits to cybercriminals nor is any data low value. Depending on what data was stolen by the attackers, they could use it to carry out fraudulent activities online, blackmail the victims or sell it to other malicious actors on the dark web.”

Fairly Common Tactic

It’s interesting that attackers went after an external company that stores data on behalf of the Red Cross, Schless said. This is a fairly common tactic and exemplifies how third-party integrations present additional risk to any organization’s data.

“If you’re going to integrate with a third party, even if it’s through a simple API to store data, it’s critical to go through a full security review with the solution provider,” he said. “Doing so on a regular basis will help mitigate the risk of your data mistakenly being leaked from an environment that’s out of your control. It’s also important to be able to understand how data is moving in and out of your infrastructure — both through automated processes and manual employee actions.”

This attack shows how threat actors have ways to indirectly attack any organization, Schless said. With broad cloud adoption, organizations of every type now have complex ecosystems of integrated solutions. That opens up countless avenues for unauthorized users to be able to access sensitive data.

“The ability to identify and classify sensitive data, as well as apply the right level of encryption to it, even after it leaves your infrastructure, is key to mitigating the risk of data loss in today’s threat landscape,” he said.

Jan 20

AT&T, Verizon Compromise on Airport 5G Controversy, Launch ‘Secret Sauce’ C-Band

By | Managed Services News

C-band could create new use cases for businesses. But do partners actually want to sell 5G?

Business customers gained access to a crucial component of 5G networking on Wednesday amid concerns over how the 5G rollout impacts airplanes.

AT&T and Verizon both switched on 5G services that use “C-band” spectrum, two weeks after pausing the deployment amid an outcry from airlines and regulators about how the service could interfere with flights. However, both wireless providers agreed not to switch on the service in “buffer zones” in close proximity to certain airports.

AT&T and Verizon have already deployed 5G services using mmWave, also known as high-band, spectrum, but C-band, which is part of the mid-band spectrum, provides a more consistent mix of geographical coverage and speed.

Max Silber, MetTel‘s vice president of mobility and IoT, said business mobile users with 5G-enabled phones will see improved network access and speeds.

MetTel’s Max Silber

“Businesses have lagged in the deployment of 5G capable phones because they didn’t really see the benefit of a slightly faster network compared to 4G LTE. 5G C-band will significantly improve network access and speed, in some cases as much as 10 times over LTE,” Silber told Channel Futures. “That makes for a strong business case to enable connectivity for work-from-home employees and verticals with large field forces like health care, trucking and field services.”

Channel partners and analysts agree that the 5G expansion helps move the technology into more actionable customer use cases.

Safety Debate

Despite the eagerness of mobile operators to fire up C-band spectrum, aviation companies and regulators have warned that C-band can interfere with a plane’s radio altimeter (which it uses to measure altitude). Indeed, the Federal Aviation Administration (FAA) says it raised the issue as early as 2015.

A lead pilot working off Boeing Field in Seattle told Channel Futures that his crew has already experienced problems due to C-band. He explained that while older airplanes may experience minimal issues, more advanced planes that use a fly-by-wire system “get rocked.”

“This is a big problem. 5G C-band needs to be shut off immediately until we understand its effects,” the pilot said. “… Airplanes go through years of certification testing to simulate all different kinds of scenarios but in this case we have done zero testing. It’s all by the seat of our pants.”

Verizon and AT&T have protested that C-band spectrum has worked near airports in 40 other countries, including China and South Korea.

“We have voluntarily agreed to temporarily defer turning on a limited number of towers around certain airport runways as we continue to work with the aviation industry and the FAA to provide further information about our 5G deployment, since they have not utilized the two years they’ve had to responsibly plan for this deployment. We are frustrated by the FAA’s inability to do what nearly 40 countries have done, which is to safely deploy 5G technology without disrupting aviation services, and we urge it do so in a timely manner,” an AT&T spokesperson said.

The FAA on Wednesday announced that its new approvals allowed approximately 62% of the U.S. commercial fleet to make low-visibility landings at C-band adjacent airports. The FAA has cleared five different types of altimeters. This news is a development from Jan. 5, when the agency said that 88 airports would not have been available for such landings.

Jason Leigh is research manager for mobility and 5G at IDC. He emphasized that the airport snafu has not paused the rollout of 5G — only the rollout of 5G “super close” to the airports.

Leigh, Jason_IDC

IDC’s Jason Leigh

“By and large, they’re still building out the spectrum. They’re installing the infrastructure. It’s in place,” Leigh told Channel Futures. “It’s simply a matter of when we get to turn these radios on.”

Prognosis?

Leigh initially thought this issue would find a quick resolution when it first arose; however, he said the wireless providers and their counterparts in aviation will need to work out an agreement over time.

Christopher Whitaker, who leads Telarus‘ mobility practice, agreed that …

Jan 20

Optiv, ReliaQuest Among LogRhythm Partners Honored With Americas Partner Awards

By | Managed Services News

Learn why they won and who else made the list.

Optiv, ReliaQuest and Kudelski Security are among LogRhythm partners honored this week with the company’s 2021 Americas Partner Awards.

The awards recognize partners that contribute to the company’s revenue achievements. They also solved customers’ critical challenges through the deployment and management of LogRhythm’s security information and event management (SIEM) platform.

In 2021, LogRhythm’s partners accounted for a significant portion of global revenue, the company said.

LogRhythm’s partner program includes VARs, distributors, SIs and MSPs. LogRhythm invests in partners who jointly engage in opportunities that drive value and sustained customer success. Moreover, it provides partners with ongoing enablement, go-to-market tools and sales programs.

The 2021 Americas Partner Awards honor the accomplishments of partners based in North, South and Central America.

Mitch Rowe is LogRhythm‘s chief revenue officer.

“When our customers succeed, we succeed, and much of LogRhythm’s success is fueled directly by our strong partner program,” he said. “The [awards] showcase our partners’ ongoing dedication and pursuit of excellence in delivering the value of our platform to customers.”

Award Winners

LogRhythm announced the award winners at its annual revenue kickoff meeting.

Revenue Partner of the Year:

Managed Services Partner of Year:

  • Overall winner: Avertium
  • Growth winner: Kudelski Security

National Partner of the Year: SHI

Distributor of the Year: Climb Solutions

Regional Partner of the Year:

  • East: MRK
  • Central: RedLegg
  • West: NDM

Public Sector:

  • Partner of the Year: Epoch Concepts
  • Distributor of the Year: DLT Solutions
  • SI of the Year: General Dynamics Information Technology

LATAM Partner of the Year: Cable and Wireless Business

LATAM Distributor of the Year: TD Synnex

Jan 20

AT&T, Verizon Compromise on Airport 5G Controversy, Launch ‘Secret Sauce’ C-Band

By | Managed Services News

C-band could create new use cases for businesses. But do partners actually want to sell 5G?

Business customers gained access to a crucial component of 5G networking on Wednesday amid concerns over how the 5G rollout impacts airplanes.

AT&T and Verizon both switched on 5G services that use “C-band” spectrum, two weeks after pausing the deployment amid an outcry from airlines and regulators about how the service could interfere with flights. However, both wireless providers agreed not to switch on the service in “buffer zones” in close proximity to certain airports.

AT&T and Verizon have already deployed 5G services using mmWave, also known as high-band, spectrum, but C-band, which is part of the mid-band spectrum, provides a more consistent mix of geographical coverage and speed.

Max Silber, MetTel‘s vice president of mobility and IoT, said business mobile users with 5G-enabled phones will see improved network access and speeds.

MetTel’s Max Silber

“Businesses have lagged in the deployment of 5G capable phones because they didn’t really see the benefit of a slightly faster network compared to 4G LTE. 5G C-band will significantly improve network access and speed, in some cases as much as 10 times over LTE,” Silber told Channel Futures. “That makes for a strong business case to enable connectivity for work-from-home employees and verticals with large field forces like health care, trucking and field services.”

Channel partners and analysts agree that the 5G expansion helps move the technology into more actionable customer use cases.

Safety Debate

Despite the eagerness of mobile operators to fire up C-band spectrum, aviation companies and regulators have warned that C-band can interfere with a plane’s radio altimeter (which it uses to measure altitude). Indeed, the Federal Aviation Administration (FAA) says it raised the issue as early as 2015.

A lead pilot working off Boeing Field in Seattle told Channel Futures that his crew has already experienced problems due to C-band. He explained that while older airplanes may experience minimal issues, more advanced planes that use a fly-by-wire system “get rocked.”

“This is a big problem. 5G C-band needs to be shut off immediately until we understand its effects,” the pilot said. “… Airplanes go through years of certification testing to simulate all different kinds of scenarios but in this case we have done zero testing. It’s all by the seat of our pants.”

Verizon and AT&T have protested that C-band spectrum has worked near airports in 40 other countries, including China and South Korea.

“We have voluntarily agreed to temporarily defer turning on a limited number of towers around certain airport runways as we continue to work with the aviation industry and the FAA to provide further information about our 5G deployment, since they have not utilized the two years they’ve had to responsibly plan for this deployment. We are frustrated by the FAA’s inability to do what nearly 40 countries have done, which is to safely deploy 5G technology without disrupting aviation services, and we urge it do so in a timely manner,” an AT&T spokesperson said.

The FAA on Wednesday announced that its new approvals allowed approximately 62% of the U.S. commercial fleet to make low-visibility landings at C-band adjacent airports. The FAA has cleared five different types of altimeters. This news is a development from Jan. 5, when the agency said that 88 airports would not have been available for such landings.

Jason Leigh is research manager for mobility and 5G at IDC. He emphasized that the airport snafu has not paused the rollout of 5G — only the rollout of 5G “super close” to the airports.

Leigh, Jason_IDC

IDC’s Jason Leigh

“By and large, they’re still building out the spectrum. They’re installing the infrastructure. It’s in place,” Leigh told Channel Futures. “It’s simply a matter of when we get to turn these radios on.”

Prognosis?

Leigh initially thought this issue would find a quick resolution when it first arose; however, he said the wireless providers and their counterparts in aviation will need to work out an agreement over time.

Christopher Whitaker, who leads Telarus‘ mobility practice, agreed that …

Jan 20

AT&T, Verizon Compromise on Airport 5G Controversy, Launch ‘Secret Sauce’ C-Band

By | Managed Services News

C-band could create new use cases for businesses. But do partners actually want to sell 5G?

Business customers gained access to a crucial component of 5G networking on Wednesday amid concerns over how the 5G rollout impacts airplanes.

AT&T and Verizon both switched on 5G services that use “C-band” spectrum, two weeks after pausing the deployment amid an outcry from airlines and regulators about how the service could interfere with flights. However, both wireless providers agreed not to switch on the service in “buffer zones” in close proximity to certain airports.

AT&T and Verizon have already deployed 5G services using mmWave, also known as high-band, spectrum, but C-band, which is part of the mid-band spectrum, provides a more consistent mix of geographical coverage and speed.

Max Silber, MetTel‘s vice president of mobility and IoT, said business mobile users with 5G-enabled phones will see improved network access and speeds.

MetTel’s Max Silber

“Businesses have lagged in the deployment of 5G capable phones because they didn’t really see the benefit of a slightly faster network compared to 4G LTE. 5G C-band will significantly improve network access and speed, in some cases as much as 10 times over LTE,” Silber told Channel Futures. “That makes for a strong business case to enable connectivity for work-from-home employees and verticals with large field forces like health care, trucking and field services.”

Channel partners and analysts agree that the 5G expansion helps move the technology into more actionable customer use cases.

Safety Debate

Despite the eagerness of mobile operators to fire up C-band spectrum, aviation companies and regulators have warned that C-band can interfere with a plane’s radio altimeter (which it uses to measure altitude). Indeed, the Federal Aviation Administration (FAA) says it raised the issue as early as 2015.

A lead pilot working off Boeing Field in Seattle told Channel Futures that his crew has already experienced problems due to C-band. He explained that while older airplanes may experience minimal issues, more advanced planes that use a fly-by-wire system “get rocked.”

“This is a big problem. 5G C-band needs to be shut off immediately until we understand its effects,” the pilot said. “… Airplanes go through years of certification testing to simulate all different kinds of scenarios but in this case we have done zero testing. It’s all by the seat of our pants.”

Verizon and AT&T have protested that C-band spectrum has worked near airports in 40 other countries, including China and South Korea.

“We have voluntarily agreed to temporarily defer turning on a limited number of towers around certain airport runways as we continue to work with the aviation industry and the FAA to provide further information about our 5G deployment, since they have not utilized the two years they’ve had to responsibly plan for this deployment. We are frustrated by the FAA’s inability to do what nearly 40 countries have done, which is to safely deploy 5G technology without disrupting aviation services, and we urge it do so in a timely manner,” an AT&T spokesperson said.

The FAA on Wednesday announced that its new approvals allowed approximately 62% of the U.S. commercial fleet to make low-visibility landings at C-band adjacent airports. The FAA has cleared five different types of altimeters. This news is a development from Jan. 5, when the agency said that 88 airports would not have been available for such landings.

Jason Leigh is research manager for mobility and 5G at IDC. He emphasized that the airport snafu has not paused the rollout of 5G — only the rollout of 5G “super close” to the airports.

Leigh, Jason_IDC

IDC’s Jason Leigh

“By and large, they’re still building out the spectrum. They’re installing the infrastructure. It’s in place,” Leigh told Channel Futures. “It’s simply a matter of when we get to turn these radios on.”

Prognosis?

Leigh initially thought this issue would find a quick resolution when it first arose; however, he said the wireless providers and their counterparts in aviation will need to work out an agreement over time.

Christopher Whitaker, who leads Telarus‘ mobility practice, agreed that …

Jan 20

Top IT, MSP M&A, Private Investment Deals of 2022 So Far

By | Managed Services News

M&A activity is at an all-time high, and shows no signs of slowing. Here are some of the big deals of 2022 so far.

M&A deals in 2021 topped $5 trillion, reaching new records, and 75% of global dealmakers predicted that this space will remain hot in 2022. 

Quite the understatement, as we have seen not just a flurry of mergers and acquisitions this year, but a downright blizzard. And it’s still January!

Beyond M&A deals, the amount of private investment pouring in has reached nearly unfathomable levels. Private equity firms and other investors are seeing the value of the channel like never before.

Deals have spanned the gamut, from names like Vendasta and Dataprise to players such as Cerberus Sentinel and Charles IT.

Scroll through the images above to see a sampling of the latest and M&A and investment deals in the IT/MSP channel in 2022. Then check out what we thought were the biggest mergers and acquisitions of 2021!

Jan 20

Prodapt Acquires Synophic Worldwide, Gains 600+ Employees

By | Managed Services News

The company plans to invest $45 million to expand its capabilities in network virtualization and cloudification.

Prodapt Solutions, which calls itself a partner to telecom operators and digital service providers, has acquired Synophic Worldwide. The acquisition further expands India-based Prodapt’s presence in the United States and Latin America.

Additionally, it provides an entry into APAC countries, including Japan, Philippines and Australia. Prodapt didn’t say how much it’s paying for Synophic.

Network Services Portfolio

Synophic Worldwide is a Silicon Valley-based firm providing network transformational and managed services to digital service providers (DSPs) and ISVs. It also works with product and platform companies. Founded in 2009, Synophic employs more than 600 people globally, and is a partner to leading OEMs/NEMs, ISVs and enterprises.

With the Synophic acquisition, Prodapt strengthens its network services portfolio, the company said. It also enables Prodapt to offer end-to-end services around network transformation, network orchestration and automation to network-managed services.

 Prodapt's Vedant Jhaver

Prodapt’s Vedant Jhaver

Vedant Jhaver is chairman and CEO of Prodapt.

“Synophic’s wide range of capabilities in network solutions, cloud, IoT, mobility, data centers and security augments our portfolio of network transformational services. It further expands our services that help accelerate connectedness,” Jhaver said.

Further Investment

Prodapt had earlier announced plans to invest $45 million to increase its capabilities in network virtualization and cloudification. The Synophic acquisition is part of this investment strategy. The is planning additional investments in network cloud, autonomous networks and NetSecOps.

Kondal Rao is CEO of Synophic Worldwide.

“Joining forces with Prodapt will help expand our managed services and network transformation portfolio. This will also open a plethora of growth potential for the employees of Synophic,” Rao said. “I am pleased to be part of the Prodapt team and excited about the multi-fold scale with which we can operate and leverage Prodapt’s transformational expertise in delivering solutions to our customers.”

Synophic is Prodapt’s third acquisition in the last year. Prodapt earlier announced the acquisitions of Innovative Logic and SLR Dynamics.

Jan 20

AT&T, Verizon Compromise on Airport 5G Controversy, Launch ‘Secret Sauce’ C-Band

By | Managed Services News

C-band could create new use cases for businesses. But do partners actually want to sell 5G?

Business customers gained access to a crucial component of 5G networking on Wednesday amid concerns over how the 5G rollout impacts airplanes.

AT&T and Verizon both switched on 5G services that use “C-band” spectrum, two weeks after pausing the deployment amid an outcry from airlines and regulators about how the service could interfere with flights. However, both wireless providers agreed not to switch on the service in “buffer zones” in close proximity to certain airports.

AT&T and Verizon have already deployed 5G services using mmWave, also known as high-band, spectrum, but C-band, which is part of the mid-band spectrum, provides a more consistent mix of geographical coverage and speed.

Max Silber, MetTel‘s vice president of mobility and IoT, said business mobile users with 5G-enabled phones will see improved network access and speeds.

MetTel’s Max Silber

“Businesses have lagged in the deployment of 5G capable phones because they didn’t really see the benefit of a slightly faster network compared to 4G LTE. 5G C-band will significantly improve network access and speed, in some cases as much as 10 times over LTE,” Silber told Channel Futures. “That makes for a strong business case to enable connectivity for work-from-home employees and verticals with large field forces like health care, trucking and field services.”

Channel partners and analysts agree that the 5G expansion helps move the technology into more actionable customer use cases.

Safety Debate

Despite the eagerness of mobile operators to fire up C-band spectrum, aviation companies and regulators have warned that C-band can interfere with a plane’s radio altimeter (which it uses to measure altitude). Indeed, the Federal Aviation Administration (FAA) says it raised the issue as early as 2015.

A lead pilot working off Boeing Field in Seattle told Channel Futures that his crew has already experienced problems due to C-band. He explained that while older airplanes may experience minimal issues, more advanced planes that use a fly-by-wire system “get rocked.”

“This is a big problem. 5G C-band needs to be shut off immediately until we understand its effects,” the pilot said. “… Airplanes go through years of certification testing to simulate all different kinds of scenarios but in this case we have done zero testing. It’s all by the seat of our pants.”

Verizon and AT&T have protested that C-band spectrum has worked near airports in 40 other countries, including China and South Korea.

“We have voluntarily agreed to temporarily defer turning on a limited number of towers around certain airport runways as we continue to work with the aviation industry and the FAA to provide further information about our 5G deployment, since they have not utilized the two years they’ve had to responsibly plan for this deployment. We are frustrated by the FAA’s inability to do what nearly 40 countries have done, which is to safely deploy 5G technology without disrupting aviation services, and we urge it do so in a timely manner,” an AT&T spokesperson said.

The FAA on Wednesday announced that its new approvals allowed approximately 62% of the U.S. commercial fleet to make low-visibility landings at C-band adjacent airports. The FAA has cleared five different types of altimeters. This news is a development from Jan. 5, when the agency said that 88 airports would not have been available for such landings.

Jason Leigh is research manager for mobility and 5G at IDC. He emphasized that the airport snafu has not paused the rollout of 5G — only the rollout of 5G “super close” to the airports.

Leigh, Jason_IDC

IDC’s Jason Leigh

“By and large, they’re still building out the spectrum. They’re installing the infrastructure. It’s in place,” Leigh told Channel Futures. “It’s simply a matter of when we get to turn these radios on.”

Prognosis?

Leigh initially thought this issue would find a quick resolution when it first arose; however, he said the wireless providers and their counterparts in aviation will need to work out an agreement over time.

Christopher Whitaker, who leads Telarus‘ mobility practice, agreed that …

Jan 20

Top IT, MSP M&A, Private Investment Deals of 2022 So Far

By | Managed Services News

M&A activity is at an all-time high, and shows no signs of slowing. Here are some of the big deals of 2022 so far.

M&A deals in 2021 topped $5 trillion, reaching new records, and 75% of global dealmakers predicted that this space will remain hot in 2022. 

Quite the understatement, as we have seen not just a flurry of mergers and acquisitions this year, but a downright blizzard. And it’s still January!

Beyond M&A deals, the amount of private investment pouring in has reached nearly unfathomable levels. Private equity firms and other investors are seeing the value of the channel like never before.

Deals have spanned the gamut, from names like Vendasta and Dataprise to players such as Cerberus Sentinel and Charles IT.

Scroll through the images above to see a sampling of the latest and M&A and investment deals in the IT/MSP channel in 2022. Then check out what we thought were the biggest mergers and acquisitions of 2021!

Jan 20

UK Government to Regulate MSPs in Fight Against Supply Chain Attacks

By | Managed Services News

MSPs will be treated like essential service providers and could face millions in fines if they don’t comply with regulations.

The UK government is to extend cybersecurity regulations to MSPs in a bid to counter supply chain attacks.

In May 2021 the UK government called for views on how to improve cybersecurity in supply chains and in MSPs. Then in November it announced that intervention would be required to address the problem. The government will publish the call for views later this year.

In the meantime, the government is to extend Network and Information Systems (NIS) regulations to include MSPs.

NIS regulations came into force in 2018 to improve the cybersecurity of companies which provide essential services such as water, energy, transport, health care and digital infrastructure. Organisations which fail to put in place effective cybersecurity measures can face fines as high as £17 million ($23 million).

The regulations require essential service providers to undertake risk assessments and put in place reasonable and proportionate security measures to protect their networks. They have to report significant incidents and have plans to ensure they quickly recover from them.

Regulations currently apply to some digital services such as online marketplaces, online search engines and cloud computing. However, there has been an increase in the use and dependence on digital services for providing corporate needs such as information storage, data processing and running software.

‘It’s Not an Optional Extra’

Research by the Department for Digital, Culture, Media and Sport (DCMS) shows only 12% of organisations review the cybersecurity risks coming from their immediate suppliers. Only one in 20 firms (5%) address the vulnerabilities in their wider supply chain.

Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez, said the plans will “help protect essential services and our wider economy from cyber threats.

Minister Julia Lopez

Minister Julia Lopez

“Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra,” she said.

Lawmakers are also proposing improvements in the way organisations report cybersecurity incidents. Additionally, they want reform legislation to be more flexible and react to the speed of technological change.

The plans follow recent high-profile cyber incidents such as the cyberattack on SolarWinds and on Microsoft Exchange Servers which showed vulnerabilities in the third-party products. They also follow an increase in ransomware threats to organisations, including some in critical national infrastructure such as the Colonial Pipeline attack in the U.S.

UK MSPs and other cybersecurity professionals have roundly welcomed the proposals. Some have described them as “a wake-up call” for MSPs. Others have said it is an opportunity for firms to “practise what they preach.”

The cybersecurity channel sounds off in the slideshow above.

 

>