Active Threats + The Business Model Shift For MSPs

I sat down with Luis Giraldo from ScalePad — an 18-year MSP veteran who’s now helping other MSPs scale — and he dropped some truth bombs that you should hear.

He says that 32% of MSPs are losing money.

The ones thriving aren’t just better at managing firewalls. They’ve fundamentally changed how they think about client relationships.

Luis spent 18 years as an MSP before moving to the vendor side, so he’s seen this transformation from both angles.

What he shared isn’t theory. It’s what actually works.

Before we get into that (and in case you missed it)… we launched our State of MSP Agent Fatigue in 2025 report!

Threat Brief: Interlock Ransomware Targets Cities and MSPs

From Adam Pilton, Cybersecurity Advisor at Heimdal Security and Ex-Cybercrime Detective

St. Paul, Minnesota declared a state of emergency after Interlock ransomware crippled city systems in July 2025.

The Minnesota National Guard was called in to help restore operations.

Interlock stole 43 gigabytes of data and leaked it online after the city refused to pay ransom.

Active since September 2024, this group targets governments and critical infrastructure across North America.

MSPs are prime targets. Breach one MSP, compromise dozens of downstream clients.

Your action items:

✅ Segregate critical systems to prevent ransomware spread

✅ Test restores regularly — maintain offline, immutable backups

✅ Monitor for unusual logins and large file transfers

✅ Partner with SOC/MDR if you lack 24/7 coverage

✅ Run tabletop exercises to practice incident response

Interlock is actively targeting MSPs. Don’t get caught without a plan.

The Growth Loop That Actually Works

Luis calls it the “bow tie model” – and it’s brilliantly simple.

Traditional thinking says the sales funnel leads to acquiring a client, then you’re done.

That’s only half the equation.

The right side of the bow tie is where the real money lives: discovery, value alignment, impact delivery, and expansion.

Here’s what this looks like in practice.

Instead of: “We need to standardize your firewalls because it’s more efficient for us.”

Try focusing on their business processes and identifying where technology improvements could create measurable impact on their operations and revenue.

The difference?

The first conversation is about your operational needs. The second is about their business impact.

Luis says that if MSPs only want to improve their own situation — focusing on standardization because it’s more efficient for them — the client doesn’t care.

That’s been the premise of the relationship for 20 years.

The MSPs making that transition are asking different questions:

• How does this business work?

• How do they use technology?

• Where can technology help them actually double or triple their revenue over the next few years?

Stop Selling Point Solutions, Start Selling Risk Reduction

Luis shared that many clients don’t care about compliance requirements, but most businesses do care about risk.

Think about it.

When your apartment floods (yes, this happened to me last week), you don’t care about the technical specs of water extraction equipment. You care about reducing the risk of it happening again.

Here’s the tactical shift.

Old approach: “You need EDR, XDR, and SIEM because compliance requires it.”

New approach: “Your business faces three critical risks that could shut you down for days. Here’s how we reduce those risks and keep you operational.”

Why this works?

Risk is universal business language. Every CEO understands it. Most have never heard of XDR — and don’t want to.

Luis shared a story from an Exchange security event where a white hat hacker said something profound:

“The legislation will always be 10 years behind the technology.”

Even when you talk about compliance, many clients don’t really care because maybe they’re not legally required to.

But guess what most businesses do care about?

Risk.

That conversation helps you understand the customer’s risk appetite and what kind of reality they live in versus what you’re experiencing.

MSP Hot Seat – “How do I start implementing customer success without hiring someone?”

This question came from one of our listeners, and Luis nailed the answer.

Customer success isn’t a person. It’s an organizational mindset.

The tactical approach starts with mapping existing roles. Who on your team already touches clients?

Everyone, right?

Then you assign ownership by giving specific customer success activities to existing team members.

Here’s the key insight Luis shared: change the conversation frequency.

Stop conflating “strategic” with “once per year during QBR season.”

What this looks like:

Your level-1 tech notices a client’s aging servers during a ticket. Instead of just fixing the immediate issue, they flag it for a strategic conversation about business continuity planning.

Luis emphasized something crucial.

Even with small customers where you might think they’re not strategic, don’t let them fall off the wagon of communication.

You might hear from a customer that says they’re moving offices.

Well, an office move is a big project for an MSP.

An office move could signal they got an investment — and you didn’t know because you hadn’t been talking to them.

Every team member becomes responsible for client success in their area of expertise.

Stop Trying to Be Everything to Everyone

Luis shared a sobering stat. Service Leadership’s research shows 32% of MSPs lose money.

The MSPs breaking into that profitable top decile all do one thing consistently:

They focus and execute.

They pick the specific thing they want to solve and work through it completely. No half-measures.

The biggest thing Luis sees is clarity and focus. MSPs that hone in on one thing and execute relentlessly are the ones moving forward.

He mentioned seeing conversations on LinkedIn where MSPs are already talking about how they have to evolve the relationship — get out of the server room and back into the boardroom.

Conversations are shifting from standardizing on a stack to creating impact.

Stop trying to be everything to everyone.

Get obsessed with understanding your clients’ businesses, align everything you do with their success, and execute relentlessly.

Thanks for reading!

PS. Want more tactical insights like this? Every episode of MSP Security Playbook is packed with actionable strategies from MSP operators who’ve been where you are.

Listen and subscribe so you don’t miss the next one, or find on LinkedIn here.

Danny Mitchell

Head of Content at Heimdal. A journalist by trade who cares about helping MSPs and security teams make better decisions, enjoy their work, and see real results.