Webinar: Why modern attacks require both security and recovery

BleepingComputer will host a live webinar on Thursday, May 14, 2026, at 2:00 PM ET titled "From phishing to fallout: Why MSPs must rethink both security and recovery." The session features Austin O'Saben and Adam Marget of Kaseya, who will discuss how shifting attack methods are outpacing traditional managed service provider (MSP) defenses, and why combining prevention, detection, and rapid recovery is now critical for cyber resilience.

Phishing has become the primary engine behind modern cybercrime, with attackers using generative AI to create personalized, convincing lures that bypass traditional email security filters. These AI-driven campaigns pull data from public sources like LinkedIn, company websites, and industry news to craft messages that reference specific employees, recent company events, or client relationships, making them nearly indistinguishable from legitimate communications. Business email compromise (BEC) attacks, which often start with a successful phishing attempt, trick employees into transferring funds, sharing credentials, or granting access to sensitive systems, with losses from BEC exceeding $2.7 billion globally in 2025 alone according to FBI data.

Ransomware groups have also shifted their focus to MSPs, recognizing that compromising a single MSP can give them access to hundreds or thousands of downstream client environments. Once inside an MSP's network, attackers can deploy ransomware across all managed client systems at once, encrypting data and demanding payment to restore access. Even when MSPs detect an attack early, many lack the recovery planning needed to restore operations quickly, leading to extended downtime, lost revenue, and damaged client relationships.

Traditional MSP security strategies focus almost entirely on prevention: deploying firewalls, email filters, endpoint detection and response (EDR) tools, and conducting employee security training. While these measures are necessary, they are no longer sufficient. Attackers now use trusted infrastructure, such as compromised legitimate SaaS platforms, cloud storage services, and even other MSPs' systems, to move laterally through networks without triggering alerts. They also exploit misconfigured SaaS environments, where default settings often leave data exposed or allow attackers to gain persistent access using stolen credentials.

Most MSPs also overlook recovery planning, assuming that their prevention tools will stop all attacks. This leaves critical gaps when breaches do occur. Many MSPs store backups in the same cloud environment as their production data, meaning attackers can delete or encrypt backups alongside primary data. SaaS backups are another common blind spot: most SaaS providers like Microsoft 365 and Google Workspace operate on a shared responsibility model, where the provider guarantees service uptime but the client is responsible for backing up their own data. Microsoft retains deleted SharePoint and OneDrive data for only 30 days, after which it is permanently purged. If an attacker wipes a client's entire SaaS environment, or a user accidentally deletes critical files, the MSP has no way to recover that data without a third-party SaaS backup solution.

Kaseya provides cybersecurity, backup, and IT management solutions designed specifically for MSPs, helping them build cyber resilience by integrating prevention, detection, and recovery tools across client environments. The upcoming webinar will break down the specific ways modern attacks bypass traditional defenses, and where most MSP security strategies fail after an initial compromise.

Session topics include:

• Why AI-driven phishing and brand impersonation campaigns outpace legacy email security tools
• How attackers exploit trusted infrastructure and SaaS platforms to gain undetected access to business environments
• Common failure points in MSP security strategies once an attacker gains initial access
• The role of SaaS backups and business continuity and disaster recovery (BCDR) plans as critical layers of cyber resilience
• Case studies of leading MSPs that have successfully integrated security and recovery to reduce downtime and limit breach impact

Leading MSPs are moving away from siloed security and recovery teams, instead adopting a unified cyber resilience strategy that treats prevention and recovery as equally important. This includes regular backup testing to ensure data can be restored quickly, storing backups in immutable offline or cloud storage that attackers cannot access, and conducting tabletop exercises to test BCDR plans under simulated attack conditions. Employee training also extends beyond phishing recognition to include recovery protocols, so all staff know their role in containing a breach and restoring operations.

MSPs that fail to adapt to this new reality risk not only financial losses from breaches, but also loss of client trust and potential regulatory penalties for failing to protect sensitive data. The line between security and recovery has blurred, and MSPs that treat them as separate priorities will struggle to survive in an environment where breaches are inevitable.

Don't miss this opportunity to learn how your MSP can strengthen both security and recovery to reduce the impact of modern cyberattacks. Register for the free webinar via BleepingComputer's events page to secure your spot.