The State of the Virtual CISO 2023 Report by Cynomi, the number of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) providing virtual Chief Information Security Officer (vCISO) services is set to increase by 480% from 19% to 86% in North America by the end of next year. This trend is due to the rising frequency of cyberattacks and SMBs turning to vCISO services as they cannot afford to hire a full-time security professional. The top benefits of vCISO services center on business growth, but service providers cite limited in-house security and compliance expertise, high upfront investment, and cybersecurity skill gaps as the top barriers to entry. Most MSPs and MSSPs already offer components of vCISO, so they could potentially repackage them into a lucrative vCISO offering.
The Play ransomware group is targeting managed service providers (MSPs) globally to distribute ransomware to their downstream customers. The group uses intermittent encryption to evade detection and targets midsized businesses in various sectors across the US, Australia, the UK, Italy, and other countries. The group gains access to MSP systems via a phishing campaign and exploits vulnerabilities in Microsoft Exchange Server and Fortinet appliances. The Play ransomware tool uses intermittent encryption to make data inaccessible on victim systems, and the group has claimed at least 150 victims so far.
Why do we care?
Providers are a crucial inflection point for the security chain. They have to be on their game to execute for customers with increasing demand. A formal program like vCISO makes sense.
They’re also a pressure point for attack. This isn’t the first group attacking providers; it won’t be the last. You may not want to be in the security game, but you’re in the security game.

