technologyreseller.co.uk 27 OPINION The UK’s upcoming Cyber Security and Resilience Bill will force many Managed Service Providers (MSPs) to rethink their security strategy. With Parliament set to grant regulators more teeth and introduce stricter incident reporting and resilience testing obligations, MSPs face tougher expectations around best practice and mandatory compliance – and greater fines for non-compliance. The Bill is anticipated to reach Parliament in the second half of 2025, although the exact timeline remains uncertain. One thing is clear: relying solely on native Microsoft 365 security features will not be good enough. Despite what the E5 licence price tag might suggest, Microsoft’s native tools – Exchange Online Protection, Defender for Office 365 and Purview – leave dangerous blind spots such as gaps in detection and response, configuration complexity and inconsistency, and the risk of single-vendor reliance. The government knows it, threat actors know it, and if MSPs don’t get ahead of it, their clients will know it too. The reality of shared responsibility Microsoft operates under a shared responsibility model, meaning they keep the cloud infrastructure running, but responsibility for protecting the data lies with the customer. Or, in the case of most UK SMBs, on the MSP they work with. This is where the cracks can start to show. Exchange Online Protection misses low-volume Business Email Compromise (BEC) attacks. Defender isn’t tuned for QR code phishing or MFA bypasses. Audit logs? They’re either buried in Purview or missing altogether on lower-tier plans. We all know that the threat of a breach is real and growing. Indeed, our own recent research confirms this and paints quite a stark picture: 64% of organisations expect phishing threats to increase in 2025. 1 in 5 MSP customers suffered a successful BEC attack in 2024. 45% of MSP customers have experienced a breach of sensitive employee data. Over 20% have been hit by credential theft via QR code phishing, an attack vector that bypassed Microsoft 365’s native defences entirely. Take into account the increasing use of generative AI and deepfake-based impersonation attacks and the potential risk grows exponentially. These aren’t theoretical threats; they’re happening now – and the regulators are watching. Microsoft 365 isn’t the enemy, but on its own, it’s not enough I’m not calling for MSPs to abandon Microsoft and its native security tools, but there needs to be a sense of realism. Microsoft 365 is a powerful productivity suite, but it’s not a fully-fledged cybersecurity platform. In fact, 98% of the organisations using Microsoft 365 sampled in our research said that third-party security solutions are ‘highly important’ for defending against advanced threats. Perhaps this is why MSPs are shifting to layered protection strategies such as: AI-powered email filtering and behavioural detection; DNS-level filtering and link rewriting; Proactive phishing simulation and user training; and Backup and rapid recovery across email, endpoints and SaaS apps. This isn’t security overkill; it’s the new baseline. Get ahead of the regulation or risk being left behind Smart MSPs are using the upcoming Cyber Security and Resilience Bill as an opportunity to reassess their tech stack. This isn’t just for the sake of compliance, but also because the reputational and financial damage from a breach is too great to risk. MSPs must demonstrate not only uptime, but also proactive cyber resilience – the ability to detect, defend, respond and recover at speed. The bottom line is if you’re an MSP relying solely on Microsoft 365 to keep clients safe, you’re not just under-protected, you’re under-prepared. The cybersecurity landscape has changed, the law is catching up, and it’s time your security strategy changed too. www.cybersentriq.com What’s on your playlist at the moment? It depends on where I am and what I’m doing: if I’m listening on my own, it’s Morgan Wallens’ new album I’m the Problem; if I’m doing the school run, my daughter insists on Taylor Swift! What’s the most used app on your phone and why? WhatsApp is my go-to for staying connected with friends and family, whether via quick check-ins, group chats or sharing updates. With busy schedules and different time zones, it helps keep those relationships strong and effortless. It’s simple, reliable and just a great way to keep personal connections alive in the middle of everything else that’s going on. How do you like to spend your spare time? If I’m not with my family, you’ll almost definitely find me on the golf course. Golf is my way to unwind - it’s competitive, technical and gives me a bit of headspace outside of work. It also lets me enjoy the outdoors and catch up with friends. That balance between quality family time and a few hours chasing a little white ball around really keeps me grounded. Favourite holiday destination? I’d have to say Queenstown, New Zealand. I spent some time there earlier this year, and honestly it has everything you could want from a holiday – stunning landscapes, great food, loads of outdoor activities and a really relaxed, welcoming vibe. Whether you’re into adventure or just want to take in the beauty, it’s all there. It’s one of those places that stays with you long after you’ve left. Why relying only on Microsoft 365 security is too great a risk for MSPs With the Cyber Security and Resilience Bill set to raise the bar on compliance and reporting, James Griffin, CEO at CyberSentriq, a unified cybersecurity and data resilience platform for MSPs, advises MSPs to adopt a layered security strategy as their new baseline rather than relying solely on native Microsoft 365 tools Netgear has expanded its range of mobile routers with the Nighthawk M7 Pro Mobile Router, offering multi-gig 5G speeds, next-generation WiFi 7 performance and enhanced security in one sleek, portable device. With global 5G roaming in 125+ countries, up to 13 hours of battery life and support for up to 64 devices across up to 1,000 sq. ft., the M7 Pro is ideal for mobile businesses, pop-up locations and temporary installations and/or for primary or failover connectivity in small or remote offices. https://www.netgear.com/uk/ home/mobile-wifi/hotspots/mr7450
RkJQdWJsaXNoZXIy NDUxNDM=