Why MSPs Need Out-of-Band Communication: The Critical Infrastructure Behind the Supply Chain

The Growing Target on MSPs' Backs

Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) have become indispensable partners for businesses worldwide. Supporting hundreds of clients each, they deliver vital outsourced IT services—from managed service desks and infrastructure support to software maintenance and cybersecurity. For many organisations, their MSP is a critical cog enabling daily operations to run smoothly.

But this central role comes with a dark side. MSPs have become high-value targets for cybercriminals and ransomware operators. The mathematics are simple and terrifying: compromise one MSP, and you gain access to hundreds of client networks simultaneously. It's supply chain exploitation at scale—a single point of failure that can cascade into widespread disruption.

The statistics paint a sobering picture:

• 76% of MSPs reported a cyberattack on their infrastructure in the past year - source
• 51% of these attacks resulted in unplanned expenses to fix security gaps - source
• Ransomware attempts increased by 2.75 times in 2024 - source
• The average cost of a data breach reached $4.4 million in 2024 - source
• Ransomware is projected to cost victims around $265 billion annually by 2031 - source

When an MSP falls, the consequences ripple outward. Clients lose access to critical systems, transactions halt, and operations grind to a standstill - often without warning or clarity about when normal service will resume.

The CTS Attack: A Wake-Up Call for the UK Legal Sector

In November 2023, the UK legal sector experienced a stark reminder of MSP vulnerability. CTS, a leading managed service provider specialising in IT services for law firms, conveyancers, and legal organisations, suffered a significant cyberattack that sent shockwaves through the industry.

The Impact Was Immediate and Widespread

The attack, which exploited the CitrixBleed vulnerability (CVE-2023-4966), affected between 80 and 200 law firms across the United Kingdom. The consequences were severe and tangible:

• Complete system lockout: Law firms lost access to phones, emails, and case management systems

• Transaction paralysis: Property buyers and sellers were unable to complete transactions throughout the week

• Operational shutdown: Firms couldn't conduct basic client business or progress legal matters

• Legal Aid disruption: Access to Legal Aid Agency (LAA) Digital was suspended for affected firms

• Financial strain: Firms faced cash flow problems and had to halt billing activities

One affected firm, O'Neill Patient, emphasised the broad impact: "This outage is impacting a number of organisations across the sector, as our provider is a specialist in secure legal systems for many law firms and barrister's chambers."

The irony was not lost on observers - CTS marketed itself as providing cyber protection services, including "cyber-attack detection and response, email and network security, and employee security awareness training." Yet they themselves fell victim to an attack that paralysed their operations and those of their clients.

The Communication Blackout

Perhaps most frustrating for clients was the lack of timely information. CTS struggled to provide clear updates about the scope of the attack or realistic timelines for restoration.

Their initial statement acknowledged "a service outage caused by a cyber-incident" but offered little detail. Clients and their customers - particularly homebuyers facing delayed property completions - were left in limbo for months, unable to plan or provide answers.

This communication vacuum highlighted a critical gap: when an MSP's primary systems are compromised, how can they continue to support and communicate with clients?

The Regulatory Context

The CTS incident occurred just weeks after the UK government failed to introduce proposed legislation that would have required MSPs to implement stronger cybersecurity protections.

The UK National Cyber Security Centre (NCSC) had previously warned that MSPs are "attractive and high value targets" for cybercriminals as "they can be used as staging points through which threat actors can compromise the clients of those managed services."

The attack validated these concerns and demonstrated that voluntary security measures alone were insufficient.

The Aftermath & What “Survive” Means

CTS did not  survive as it was before, according to a post-mortem report, the ICT / MSP division of CTS went into administration following the disruption caused by the cyber-attack.

In April 2024, the MSP division (i.e. the part of CTS providing managed IT services) was sold - by its administrators - to another firm, Bluecube Cyber Security Solutions.   A version of the ICT/MSP division of CTS was finally placed into administration and the remaining operations were sold by the administrator in April 2024.

Other High-Profile MSP Attacks: A Pattern of Vulnerability

CTS is far from alone. The MSP sector has experienced numerous devastating attacks that reveal a troubling pattern:

Kaseya VSA Attack (July 2021)

The REvil ransomware group exploited vulnerabilities in Kaseya's Virtual System Administrator (VSA) software, which MSPs use for network monitoring. The attack hit approximately 50 MSPs directly and spread ransomware to between 800 and 1,500 businesses worldwide. The attackers claimed to have infected "more than one million systems." One perpetrator was later sentenced to over 13 years in prison and ordered to pay $16 million in restitution - more detail

CompuCom Attack (March 2021)

This MSP suffered a DarkSide ransomware attack that cost the company between $5 million and $8 million in lost revenue and up to $20 million in cleanup costs. The attack forced CompuCom to temporarily suspend services to certain customers at a critical time when the company was being prepared for sale - more detail

Tietoevry Attack (January 2024)

Finnish IT and cloud services provider Tietoevry was hit by ransomware that disrupted government agencies, universities, and municipalities across Sweden. The Akira ransomware group claimed responsibility, demonstrating how attacks on MSPs can directly impact public services - more detail

HTC Global Services (December 2023)

The ALPHV (BlackCat) ransomware group attacked this IT services firm, exposing sensitive data including passports, contact lists, emails, and confidential company documents. The breach likely occurred through exploitation of a Citrix Bleed vulnerability, showing how known vulnerabilities become gateways for widespread compromise - more detail

Ingram Micro (July 2025)

IT distributor Ingram Micro suffered a ransomware attack claimed by the SafePay group. The attack disrupted core operations and affected numerous downstream customers, illustrating the fragility of the digital supply chain when a central player goes down - more detail

The Play Ransomware Campaign

The Play ransomware group has specifically targeted MSPs worldwide in an ongoing campaign, using compromised MSP systems and remote monitoring and management (RMM) tools to gain access to downstream customers. The group employs sophisticated "intermittent encryption" techniques to evade detection while rendering data inaccessible - more detail

The Hidden Epidemic: Underreporting of MSP Breaches

Few MSP attacks are reported publicly, making it difficult to gauge the true scale of the problem. Organisations often keep breaches confidential due to:

• Reputational concerns
• Legal implications
• Ongoing investigations
• Contractual confidentiality
• Fear of losing customers

This culture of silence means that for every publicised incident like CTS or Kaseya, numerous unreported attacks likely occur. The cybersecurity community acknowledges that publicly known incidents represent only the tip of the iceberg.

The Critical Need for Out-of-Band Communication

Given the threats MSPs face, having an out-of-band communication platform is no longer optional - it's an essential component of business continuity and client service.

What Is Out-of-Band Communication?

Out-of-band communication refers to a separate, independent communication channel that operates outside an organisation's primary IT infrastructure.

When main systems are compromised by ransomware or cyberattacks, out-of-band channels remain functional, enabling continued operations and client support.

Why MSPs Must Have This Capability

1. Continuity of Client Support
When an MSP's primary systems go down, clients still need support—often more urgently than ever. An out-of-band platform ensures that help desk operations, technical guidance, and problem resolution can continue without interruption.

2. Real-Time Crisis Communication
During a cyberattack, clear and timely communication is essential. An out-of-band system allows MSPs to:

• Update clients on the situation
• Provide realistic timelines
• Coordinate incident response activities
• Prevent rumours and misinformation

3. Access to Critical Recovery Information
Out-of-band platforms can store essential recovery documentation:

• System configurations
• Network diagrams
• Disaster recovery procedures
• Contact lists and escalation paths
• Encryption keys and credentials (securely stored)

When primary systems are encrypted or inaccessible, this information remains available and can significantly accelerate recovery efforts.

4. Multi-Client Management
MSPs supporting hundreds of clients need a structured way to manage communications during a crisis. Using centralised spaces where each client has their own securely ring-fenced environment allows for:

• Targeted communications to affected clients
• Separate incident tracking per client
• Customised recovery procedures
• Private channels for sensitive discussions

5. Video Conferencing and Collaboration
Complex technical issues often require real-time collaboration. An out-of-band platform with video conferencing capabilities enables:

• Virtual war rooms for incident response
• Screen sharing for troubleshooting
• Face-to-face client updates that build confidence
• Remote support when on-site visits aren't possible

6. Complete Audit Trail
A comprehensive audit trail is invaluable for:

• Post-incident analysis and improvement
• Training staff on real-world responses
• Demonstrating compliance with SLAs
• Legal protection showing due diligence
• Insurance claims documentation

The YUDU Sentinel Solution

At YUDU Sentinel, we specialise in supporting the MSP and MSSP sector with purpose-built out-of-band communication platforms. Our approach centres on creating dedicated spaces for each client, providing:

Secure Client Spaces

Each client receives their own ring-fenced space managed by the MSP, ensuring:

• Isolation from other clients for confidentiality
• Customised access controls
• Dedicated storage for critical documentation
• Private communication channels

Multi-Modal Communication

Our platform supports various communication methods:

• Secure instant messaging
• Video conferencing
• File sharing
• Task and ticket management
• Status updates and announcements

Critical Document Repository

Each Sentinel Space can store:

• Disaster recovery plans
• Configuration backups
• Contact information
• Escalation procedures
• Service level agreements
• Incident response playbooks

Full Audit Capabilities

Every interaction is logged and timestamped:

• Message history
• File access records
• Configuration changes
• User activities
• Response timelines

Always-Available Access

Because the platform operates independently from your main infrastructure:

• It remains accessible during primary system outages
• No dependencies on compromised networks
• Alternative authentication methods available
• Mobile and web access from any location

The Marketing Advantage: Turning Security Into Competitive Differentiation

For MSPs, implementing an out-of-band communication platform isn't just about risk management - it's a powerful marketing differentiator.

Building Client Confidence

When pitching to potential clients, demonstrating that you have:

• Planned for worst-case scenarios
• Invested in business continuity
• Prioritised client support during crises
• Maintained communication capabilities regardless of circumstances

...sets you apart from competitors who may not have considered these scenarios.

Meeting Compliance Requirements

Many industries have regulatory requirements for business continuity and disaster recovery. An out-of-band communication platform helps demonstrate compliance with:

• Data protection regulations
• Industry-specific standards
• Contractual obligations
• Insurance requirements

Retaining Clients After Incidents

When breaches do occur, how you respond determines whether clients stay or leave. MSPs with effective out-of-band communication can:

• Maintain transparency throughout the incident
• Demonstrate preparedness and professionalism
• Continue delivering value even during disruptions
• Build long-term trust through crisis management

Attracting High-Value Clients

Sophisticated organisations conducting vendor due diligence increasingly ask about:

• Business continuity plans
• Incident response capabilities
• Communication protocols during outages
• Independent backup systems

Having robust answers to these questions can win high-value contracts that competitors cannot secure.

For End Clients: The Hidden Benefits

While MSPs are the primary beneficiaries, end clients also gain significant advantages when their MSP implements out-of-band communication:

Protected Critical Information

Clients' most essential information - recovery procedures, configurations, contact lists - is stored in a secure, separate location. If their own systems are compromised, they can still access this vital data through their MSP's out-of-band platform.

Faster Recovery

With immediate access to recovery documentation and direct communication channels to their MSP, clients can restore operations more quickly after incidents affecting either party.

Reduced Downtime Costs

Every hour of downtime costs money. Out-of-band communication minimises these costs by:

• Enabling faster diagnosis of issues
• Providing alternative work methods during primary system outages
• Coordinating recovery efforts efficiently
• Keeping stakeholders informed to prevent duplicated efforts

Peace of Mind

Knowing that their MSP has planned for the worst and maintains independent communication capabilities provides reassurance, especially for organisations in regulated industries or those handling sensitive data.

Out-of-Band Implementation Considerations for MSSPs

MSPs considering out-of-band communication platforms should evaluate:

Security Requirements

• End-to-end encryption
• Multi-factor authentication
• Role-based access controls
• Regular security audits
• Compliance certifications

Scalability

• Ability to add clients quickly
• Performance under load
• Storage capacity for documentation
• Concurrent user support

Usability

• Intuitive interface requiring minimal training
• Mobile accessibility
• Integration with existing tools where possible
• Customizable per client needs

Reliability

• Uptime guarantees
• Geographic redundancy
• Independent infrastructure
• Regular disaster recovery testing

Cost Structure

• Per-client pricing
• Storage costs
• Feature tiers
• Training and support costs

You can find more detail in our Out-of-Band Communication Platform Buyers Guide for 2025.

Taking Action: The Time Is Now

The question is no longer whether MSPs will be targeted - it's when. The CTS attack, alongside numerous other incidents, demonstrates that even security-focused MSPs are vulnerable. The criticality of MSPs in the supply chain demands proactive measures.

Immediate Steps MSPs Should Take

Assess Current Capabilities: Honestly evaluate what would happen if your primary systems were compromised tomorrow. Can you still communicate with clients? Access recovery documentation? Provide support?

Evaluate Out-of-Band Solutions: Research platforms specifically designed for MSP business continuity, like YUDU Sentinel, that understand the unique challenges of managing multiple client relationships during crises.

Develop Implementation Plans: Create a phased rollout strategy that prioritises:

• Your most critical clients first
• Essential documentation and procedures
• Staff training and adoption
• Regular testing and refinement

Communicate the Value: Update marketing materials, proposals, and client communications to highlight your business continuity capabilities. Make it a selling point in pitches and renewals.

Test Regularly: Schedule quarterly exercises where you simulate primary system unavailability and practice using out-of-band systems. Identify and address gaps before a real incident occurs.

Build a Culture of Preparedness: Ensure all staff understand the importance of out-of-band communication and know how to access and use these systems during emergencies.

Conclusion: Resilience as a Core Service

The modern MSP is not just a technology provider—it's a critical infrastructure partner. Clients depend on MSPs to maintain their operations, protect their data, and support their growth. This dependency creates both responsibility and vulnerability.

Out-of-band communication platforms represent a fundamental shift in how MSPs approach business continuity. Rather than hoping breaches won't happen, forward-thinking MSPs are preparing for the inevitable, ensuring that when primary systems fail, client relationships and support capabilities remain strong.

The CTS incident and similar attacks have shown us that traditional approaches to business continuity are insufficient. MSPs need independent, reliable channels that function when everything else fails. This isn't just about technology—it's about trust, professionalism, and the fundamental promise MSPs make to their clients: that they will be there when needed most.

At YUDU Sentinel, we believe that every MSP should have the tools to deliver on this promise. Out-of-band communication isn't a luxury or a nice-to-have feature—it's a core component of modern MSP service delivery.

The question for every MSP is simple: When your systems are compromised, will you be able to support your clients, or will they be left in the dark like the law firms affected by the CTS attack?

The time to act is now - before the next attack makes the choice for you.