Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) have become indispensable partners for businesses worldwide. Supporting hundreds of clients each, they deliver vital outsourced IT services—from managed service desks and infrastructure support to software maintenance and cybersecurity. For many organisations, their MSP is a critical cog enabling daily operations to run smoothly.
But this central role comes with a dark side. MSPs have become high-value targets for cybercriminals and ransomware operators. The mathematics are simple and terrifying: compromise one MSP, and you gain access to hundreds of client networks simultaneously. It's supply chain exploitation at scale—a single point of failure that can cascade into widespread disruption.
The statistics paint a sobering picture:
When an MSP falls, the consequences ripple outward. Clients lose access to critical systems, transactions halt, and operations grind to a standstill - often without warning or clarity about when normal service will resume.
In November 2023, the UK legal sector experienced a stark reminder of MSP vulnerability. CTS, a leading managed service provider specialising in IT services for law firms, conveyancers, and legal organisations, suffered a significant cyberattack that sent shockwaves through the industry.
The attack, which exploited the CitrixBleed vulnerability (CVE-2023-4966), affected between 80 and 200 law firms across the United Kingdom. The consequences were severe and tangible:
Complete system lockout: Law firms lost access to phones, emails, and case management systems
Transaction paralysis: Property buyers and sellers were unable to complete transactions throughout the week
Operational shutdown: Firms couldn't conduct basic client business or progress legal matters
Legal Aid disruption: Access to Legal Aid Agency (LAA) Digital was suspended for affected firms
Financial strain: Firms faced cash flow problems and had to halt billing activities
One affected firm, O'Neill Patient, emphasised the broad impact: "This outage is impacting a number of organisations across the sector, as our provider is a specialist in secure legal systems for many law firms and barrister's chambers."
The irony was not lost on observers - CTS marketed itself as providing cyber protection services, including "cyber-attack detection and response, email and network security, and employee security awareness training." Yet they themselves fell victim to an attack that paralysed their operations and those of their clients.
Perhaps most frustrating for clients was the lack of timely information. CTS struggled to provide clear updates about the scope of the attack or realistic timelines for restoration.
Their initial statement acknowledged "a service outage caused by a cyber-incident" but offered little detail. Clients and their customers - particularly homebuyers facing delayed property completions - were left in limbo for months, unable to plan or provide answers.
This communication vacuum highlighted a critical gap: when an MSP's primary systems are compromised, how can they continue to support and communicate with clients?
The CTS incident occurred just weeks after the UK government failed to introduce proposed legislation that would have required MSPs to implement stronger cybersecurity protections.
The UK National Cyber Security Centre (NCSC) had previously warned that MSPs are "attractive and high value targets" for cybercriminals as "they can be used as staging points through which threat actors can compromise the clients of those managed services."
The attack validated these concerns and demonstrated that voluntary security measures alone were insufficient.
CTS did not survive as it was before, according to a post-mortem report, the ICT / MSP division of CTS went into administration following the disruption caused by the cyber-attack.
In April 2024, the MSP division (i.e. the part of CTS providing managed IT services) was sold - by its administrators - to another firm, Bluecube Cyber Security Solutions. A version of the ICT/MSP division of CTS was finally placed into administration and the remaining operations were sold by the administrator in April 2024.
CTS is far from alone. The MSP sector has experienced numerous devastating attacks that reveal a troubling pattern:
The REvil ransomware group exploited vulnerabilities in Kaseya's Virtual System Administrator (VSA) software, which MSPs use for network monitoring. The attack hit approximately 50 MSPs directly and spread ransomware to between 800 and 1,500 businesses worldwide. The attackers claimed to have infected "more than one million systems." One perpetrator was later sentenced to over 13 years in prison and ordered to pay $16 million in restitution - more detail
This MSP suffered a DarkSide ransomware attack that cost the company between $5 million and $8 million in lost revenue and up to $20 million in cleanup costs. The attack forced CompuCom to temporarily suspend services to certain customers at a critical time when the company was being prepared for sale - more detail
Finnish IT and cloud services provider Tietoevry was hit by ransomware that disrupted government agencies, universities, and municipalities across Sweden. The Akira ransomware group claimed responsibility, demonstrating how attacks on MSPs can directly impact public services - more detail
The ALPHV (BlackCat) ransomware group attacked this IT services firm, exposing sensitive data including passports, contact lists, emails, and confidential company documents. The breach likely occurred through exploitation of a Citrix Bleed vulnerability, showing how known vulnerabilities become gateways for widespread compromise - more detail
IT distributor Ingram Micro suffered a ransomware attack claimed by the SafePay group. The attack disrupted core operations and affected numerous downstream customers, illustrating the fragility of the digital supply chain when a central player goes down - more detail
The Play ransomware group has specifically targeted MSPs worldwide in an ongoing campaign, using compromised MSP systems and remote monitoring and management (RMM) tools to gain access to downstream customers. The group employs sophisticated "intermittent encryption" techniques to evade detection while rendering data inaccessible - more detail
Few MSP attacks are reported publicly, making it difficult to gauge the true scale of the problem. Organisations often keep breaches confidential due to:
This culture of silence means that for every publicised incident like CTS or Kaseya, numerous unreported attacks likely occur. The cybersecurity community acknowledges that publicly known incidents represent only the tip of the iceberg.
Given the threats MSPs face, having an out-of-band communication platform is no longer optional - it's an essential component of business continuity and client service.
Out-of-band communication refers to a separate, independent communication channel that operates outside an organisation's primary IT infrastructure.
When main systems are compromised by ransomware or cyberattacks, out-of-band channels remain functional, enabling continued operations and client support.
1. Continuity of Client Support
When an MSP's primary systems go down, clients still need support—often more urgently than ever. An out-of-band platform ensures that help desk operations, technical guidance, and problem resolution can continue without interruption.
2. Real-Time Crisis Communication
During a cyberattack, clear and timely communication is essential. An out-of-band system allows MSPs to:
3. Access to Critical Recovery Information
Out-of-band platforms can store essential recovery documentation:
When primary systems are encrypted or inaccessible, this information remains available and can significantly accelerate recovery efforts.
4. Multi-Client Management
MSPs supporting hundreds of clients need a structured way to manage communications during a crisis. Using centralised spaces where each client has their own securely ring-fenced environment allows for:
5. Video Conferencing and Collaboration
Complex technical issues often require real-time collaboration. An out-of-band platform with video conferencing capabilities enables:
6. Complete Audit Trail
A comprehensive audit trail is invaluable for:
At YUDU Sentinel, we specialise in supporting the MSP and MSSP sector with purpose-built out-of-band communication platforms. Our approach centres on creating dedicated spaces for each client, providing:
Each client receives their own ring-fenced space managed by the MSP, ensuring:
Our platform supports various communication methods:
Each Sentinel Space can store:
Every interaction is logged and timestamped:
Because the platform operates independently from your main infrastructure:
For MSPs, implementing an out-of-band communication platform isn't just about risk management - it's a powerful marketing differentiator.
When pitching to potential clients, demonstrating that you have:
...sets you apart from competitors who may not have considered these scenarios.
Many industries have regulatory requirements for business continuity and disaster recovery. An out-of-band communication platform helps demonstrate compliance with:
When breaches do occur, how you respond determines whether clients stay or leave. MSPs with effective out-of-band communication can:
Sophisticated organisations conducting vendor due diligence increasingly ask about:
Having robust answers to these questions can win high-value contracts that competitors cannot secure.
While MSPs are the primary beneficiaries, end clients also gain significant advantages when their MSP implements out-of-band communication:
Clients' most essential information - recovery procedures, configurations, contact lists - is stored in a secure, separate location. If their own systems are compromised, they can still access this vital data through their MSP's out-of-band platform.
With immediate access to recovery documentation and direct communication channels to their MSP, clients can restore operations more quickly after incidents affecting either party.
Every hour of downtime costs money. Out-of-band communication minimises these costs by:
Knowing that their MSP has planned for the worst and maintains independent communication capabilities provides reassurance, especially for organisations in regulated industries or those handling sensitive data.
MSPs considering out-of-band communication platforms should evaluate:
Reliability
Cost Structure
You can find more detail in our Out-of-Band Communication Platform Buyers Guide for 2025.
The question is no longer whether MSPs will be targeted - it's when. The CTS attack, alongside numerous other incidents, demonstrates that even security-focused MSPs are vulnerable. The criticality of MSPs in the supply chain demands proactive measures.
Assess Current Capabilities: Honestly evaluate what would happen if your primary systems were compromised tomorrow. Can you still communicate with clients? Access recovery documentation? Provide support?
Evaluate Out-of-Band Solutions: Research platforms specifically designed for MSP business continuity, like YUDU Sentinel, that understand the unique challenges of managing multiple client relationships during crises.
Develop Implementation Plans: Create a phased rollout strategy that prioritises:
Communicate the Value: Update marketing materials, proposals, and client communications to highlight your business continuity capabilities. Make it a selling point in pitches and renewals.
Test Regularly: Schedule quarterly exercises where you simulate primary system unavailability and practice using out-of-band systems. Identify and address gaps before a real incident occurs.
Build a Culture of Preparedness: Ensure all staff understand the importance of out-of-band communication and know how to access and use these systems during emergencies.
The modern MSP is not just a technology provider—it's a critical infrastructure partner. Clients depend on MSPs to maintain their operations, protect their data, and support their growth. This dependency creates both responsibility and vulnerability.
Out-of-band communication platforms represent a fundamental shift in how MSPs approach business continuity. Rather than hoping breaches won't happen, forward-thinking MSPs are preparing for the inevitable, ensuring that when primary systems fail, client relationships and support capabilities remain strong.
The CTS incident and similar attacks have shown us that traditional approaches to business continuity are insufficient. MSPs need independent, reliable channels that function when everything else fails. This isn't just about technology—it's about trust, professionalism, and the fundamental promise MSPs make to their clients: that they will be there when needed most.
At YUDU Sentinel, we believe that every MSP should have the tools to deliver on this promise. Out-of-band communication isn't a luxury or a nice-to-have feature—it's a core component of modern MSP service delivery.
The question for every MSP is simple: When your systems are compromised, will you be able to support your clients, or will they be left in the dark like the law firms affected by the CTS attack?
The time to act is now - before the next attack makes the choice for you.