Why Your IT Support Company's Tools Are Actually a Massive Security Risk (And What They Should Do About It)

The Uncomfortable Truth About IT Management Tools

Let me paint a scenario for you. It's Friday afternoon. You're wrapping up work for the week when your IT support company sends an urgent message: the software they use to monitor and manage your network has been compromised. Not just compromised—weaponized by ransomware attackers to deploy malware across hundreds of businesses.

This isn't hypothetical. This happened with Kaseya VSA in July 2021, and it exposed a really uncomfortable truth about cybersecurity that we don't talk about enough: the tools we use to protect ourselves can become the very weapons used against us.

The Supply Chain Problem Nobody Wants to Acknowledge

Here's the thing that keeps security professionals up at night: when you hire an IT managed service provider (MSP), you're not just trusting them with your network. You're trusting every tool they've integrated into their operations. You're betting that their vendors are secure. And their vendors' vendors. It's like a chain of trust, and it only takes one weak link to break everything.

The Kaseya situation is actually part of a troubling pattern. Before Kaseya, there was Solarwinds Orion getting compromised in 2020. Before that, ConnectWise RMM tools were weaponized multiple times since 2019. These aren't obscure, poorly-maintained tools—they're industry-standard software used by thousands of IT professionals worldwide.

So how do attackers keep hitting these jackpots?

The answer is simple and terrifying: remote monitoring and management (RMM) tools are essentially skeleton keys to your entire business. They need broad access to work properly. They need to see everything, touch everything, manage everything. When one gets compromised, attackers inherit all those permissions automatically. They don't need to break in—someone just handed them the master key.

When Your Trusted Partner Actually Questions Everything

What I found genuinely refreshing about how one major IT support company handled the Kaseya situation was their willingness to ask the hard question: should we even be using traditional RMM tools anymore?

Most companies would've sent a quick email saying, "We don't use that software, you're safe, have a nice weekend." And technically, that's true. But this company went further. They looked at the bigger pattern and realized something important: the risk profile of these tools had fundamentally changed.

They had already seen this movie before with SolarWinds. They'd watched ConnectWise get exploited three separate times. And now here was Kaseya. The pattern wasn't random—it was a deliberate strategy by sophisticated attackers to compromise the tools that IT professionals rely on most.

Their response? They decided to pilot a completely different approach. Instead of relying on traditional RMM software, they'd find alternative ways to provide the same monitoring, maintenance, and support capabilities. And here's the kicker—they decided to absorb the transition costs themselves rather than pass them to customers.

That's not just good customer service. That's actually thinking about security differently.

Why This Matters for Your Business

You might be thinking, "Okay, but my IT provider already told me they don't use Kaseya. So I'm fine, right?"

Maybe. But that's also missing the forest for the trees.

The real question isn't whether your IT provider uses this specific tool. The question is whether they're actively thinking about the security risks of the tools they do use. Are they constantly re-evaluating? Are they willing to make expensive changes if the threat landscape shifts? Do they see cybersecurity as something they adapt and evolve, or as a set-it-and-forget-it checklist?

Here's what I'd suggest: have a conversation with your IT support company about their approach to RMM tools. Ask them:

• What monitoring tools do you use?
• How often do you review their security?
• What would you do if one of your primary tools got compromised?
• Are you willing to make major changes if threat profiles change?
• How transparent are you about tools and security decisions?

A good IT provider should have thoughtful answers to these questions. They should be able to articulate not just what they use, but why they use it and what they'd do if that calculus changed.

The Bigger Conversation About Trust

This whole situation has made me think differently about what "security" really means in the context of outsourced IT support.

It's not enough to just use "secure" tools. It's not enough to pass compliance audits or have strong passwords. Real security in this context means your IT provider is paranoid in the right way—constantly questioning their assumptions, staying ahead of attackers by thinking like them, and willing to make uncomfortable changes when the data suggests they need to.

The companies that will be most protected in the next few years won't be the ones using the "latest" tools. They'll be the ones willing to question whether their most critical tools are actually appropriate anymore.

That's the kind of partner you want watching your network.

The Takeaway

Supply chain security isn't just something that happens to Fortune 500 companies. It happens to businesses of all sizes when they use common tools that attackers have identified as valuable targets.

Your IT support provider matters. Not just for the technical work they do, but for the security mindset they bring. Look for partners who treat these breaches not as isolated incidents but as data points in a larger pattern. The ones actively adapting their approach aren't overreacting—they're actually paying attention.

Because here's the truth: the next major RMM tool compromise is probably coming. When it does, you want to be protected by someone who saw it coming.

Tags: ['ransomware', 'cybersecurity', 'it support', 'supply chain security', 'kaseya breach', 'rmm tools', 'managed services', 'network security']