The 2024 Verizon Data Breach Investigations Report (DBIR) has landed, and it’s delivering a clear and urgent message for Managed Service Providers: your clients are vulnerable, and attackers are evolving fast. On this week’s Cyber Call, Phil—the lead data scientist behind the DBIR—joined us to discuss the findings. The report reveals a surge in breaches caused by exploited vulnerabilities, meaning patching delays are now a major liability. MSPs must prioritize exposure, particularly on edge devices, and adopt a risk-based patching strategy aligned with their clients’ operational needs. SMBs are especially at risk, with 88% of their breaches involving ransomware. Attackers are opportunists, and smaller businesses often lack enterprise-level defenses—making MSPs the frontline of protection.
Third-party risk is also increasing. Supply chain attacks and vendor breaches are spreading quickly, and MSPs need to conduct better due diligence on partners while also securing their own environments. The DBIR reminds us that MSPs themselves are third-party vendors, and must operate with the same rigor they demand of others. While the human element remains a common breach vector, automation is becoming the attacker’s preferred tool. This means user training alone isn’t enough—controls like least-privilege access and smart automation must minimize the impact of human error.
Perhaps most concerning is the state of the edge. Perimeter devices are often where compromises begin, yet are frequently neglected. MSPs must know the vulnerability landscape of their clients’ edge infrastructure and maintain patching discipline. The bottom line: the DBIR underscores the need to return to the basics—vulnerability management, patching, user education—while elevating strategic focus through automation, risk-based prioritization, and proactive security frameworks. To stay relevant and protect client operations, MSPs must evolve into true cybersecurity advisors. The DBIR is more than a report; it’s a roadmap for survival in today’s threat landscape.
