As cybercrime continues to threaten the security of IT assets, lawmakers are responding with relevant laws to deal with the scourge. The cybersecurity regulations in several states compel managed service providers (MSPs) to report any breaches on their clients’ systems. Many organizations rely on external service providers to bolster the security of their IT environments.
Louisiana Act 117 – Senate Bill 273, which recently became law, focuses on IT firms that manage end-user systems for public entities. It builds on existing regulations designed to cover breach notification. The Act compels all MSPs that work for public bodies to register with Louisiana state authorities. Furthermore, MSPs must report cyberattacks to the authorities.
This law transfers the responsibility to disclose breaches from the affected entity to managed service providers. The reporting requirements also encompass incidents involving ransomware payments.
Baton Rouge IT professional Landon Futch with Essential Solutions shares what this means for IT professionals in Louisiana.
Background
With the bill, lawmakers are looking at addressing cybercrime issues following a spike in attacks on private and public organizations. Many businesses of varying sizes and public entities like municipalities have fallen victim to sophisticated cyber attacks.
In mid-2019, cybercriminals targeted four school districts in Louisiana. The ransomware attacks sent shockwaves in the state before the local Department of Motor Vehicles (DMV) offices took a hit in November of the same year. In this case, bad actors took the DMV system offline in another ransomware cybercrime.
As the new law comes into effect, the affected public body’s managed service provider must report. In turn, state authorities will use registration information linked to the MSP to log and track the matter. The disclosure requirements allow the authorities to keep tabs on incidents involving public organizations.
The MSP market
The managed service provider market is booming due to the increased demand for high-level IT skills. Many businesses are growing their information technology budgets to match their growing needs. Cybersecurity is a significant area of concern for both small and large companies. It is contributing to the growth in IT budgets.
According to recent reports, 44 percent of companies are looking to raise their spending on technology assets in 2020. The figure shows an increase of six percent from 2019. It comes as no surprise that this trend is feeding the MSP market, which looks set to double between 2017 and 2023. Forecasts predict that the market’s value will jump from $155.91 billion to $296.38 billion.
The growth registered in the IT services sector has led to the emergence of countless MSPs offering different types of services. Authorities expect the new law requiring the registration of managed service providers to enhance oversight in the sector without introducing stricter regulatory frameworks.
Implications of the legislation
The introduction of the reporting and registration requirements for managed service providers in Louisiana can lead to similar changes in other states. Thus, IT firms and their clients need to prepare for the possible introduction of similar laws in their locality. The best way to prepare is by improving the quality of IT service. Meanwhile, clients should seek partnerships with mature IT support providers.
In doing so, private and public entities can maximize security in the face of increased cyber-attacks. IT security experts emphasize user awareness as an essential tool in the fight against cybercrime. A combination of advanced IT security technologies and user awareness help protect organizations from a wide variety of threats.
Most managed IT service providers offer clients the latest security technologies like 256-bit AES and end to end data encryption. However, users’ conduct can undermine the effectiveness of these technologies by disregarding the best IT security practices. Businesses need to employ robust control measures and educate staff members about the risks associated with reckless conduct.
Interesting related article: “What is Cybersecurity?“