The Hard Truth: Managed Service Providers Are Hackable
You read that right: Managed Service Providers (MSPs) are businesses that must make tough security decisions, just like anyone else, yet their choices have consequences that extend beyond their organization. When an MSP gets hacked, there is a risk that the impact flows downstream, leading to their clients being compromised and the data the MSP is entrusted to protect being exposed.
MSP Mainstream Hacks
SolarWinds is an example of how a large service provider can cause massive ripples in the industry. In late 2019, the company was targeted, and malicious code was inserted into its system. SolarWinds was unaware that the attackers had made the changes until it was too late.
The threat actors remained in the systems for longer than the average time, and the impact is estimated to have affected over 30,000 organizations1.
Oracle Cloud Services have recently been found to have had two breaches through an undisclosed vulnerability, which resulted in hackers gaining access to and exposing six million records from the provider’s systems.
The troubling part was that the MSP attempted to deny that any breach occurred until it was unable to do so any further!2
Market Trend Report
In the state of the market report of 2022, N-able provided the following statistics3:
• MSPs are fast becoming primary targets for cyberattacks
• Almost all MSPs have suffered a successful cyberattack in the past 18 months, and 90% have seen an increase in attacks since the pandemic started
• With just 40% implementing two-factor authentication (2FA) on their own systems, MSPs still need to focus more on implementing the basics
These statistics in 2022 were troubling, but there has been little progress in encouraging MSPs to improve their security status. Businesses may pressure their providers to obtain certifications or undergo audits, but if they are unaware of what to look for, they may assume that all providers are equal.
Third-Party Assurance Matters
Whether you look for the GTIA Cybersecurity Trustmark, SOC 2 assertions, or ISO certification, knowing that your MSP takes security seriously and has the right resources in their organization to manage a security program should be a discussion that leaves you feeling confident and informed about their approach. Providers of all sizes are vulnerable to hacking, and when they are compromised, it’s not just about their business and data; it’s also about the access they have to your business.
In the case of the GTIA Cybersecurity Trustmark, a provider must be familiar with a wide range of industry standards and frameworks, including CMMC, NIST CSF, HITRUST, SOC, ISO, and CIS. These letters encompass administrative, physical, and technical controls that are audited by an independent third party, ensuring that all elements are implemented according to the framework. This is not just a one-and-done event either. Every year, the MSP will be assessed to maintain its standing and must continue to prove compliance and improvement in its security posture. This is more than just checking a box; it is about being intentional and accountable in reducing client business risk. MSPs increase cyber risk, so it’s time for businesses to start asking tough questions and maintaining high expectations of their provider.
IntelliSystems on GTIA Cybersecurity Trustmark
For IntelliSystems, obtaining the GTIA Cybersecurity Trustmark was about achieving a designation that aligned with its core values of continuous improvement and doing the right thing. The standard for being a great provider of technology and security services is not stationary; it requires constant effort and focus to move the bar even higher. The company firmly believes that the industry is moving in a direction where MSPs must make open and transparent efforts to reduce risk to their clients’ businesses. If it is expected that clients will be subject to audits and mature their cybersecurity practices over time, then IntelliSystems believes it should demonstrate that it holds itself to the same standards through its actions.
IntelliSystems will continue to push the bar, and if you are interested in hearing more about the GTIA Cybersecurity Trustmark designation, you can get more information here:
https://www.intellisystems.com/wp-content/uploads/2025/06/Intellisystems-GTIA-One-Pager.pdf
IntelliSystems have successfully fulfilled the requirements to earn the GTIA Cybersecurity Trustmark by demonstrating the implementation of their control body, which is fundamentally based on CIS Security Controls and crosswalks into other globally recognized frameworks, such as ISO 27001, NYDFS-500, and NIST 800-171. IntelliSystems is a provider of cybersecurity, consulting, managed IT, cabling, and telecommunications services.
