On July 2, 2025, global IT distributor Ingram Micro was crippled by a ransomware attack, disrupting operations across multiple regions. Weeks later, the company is still working to restore systems. If a company of Ingram’s size, resources, and deep IT expertise can be disrupted, what does that say about the risks facing MSPs, SMEs, and enterprises alike? 

• How do you know if you’re truly prepared?
• What steps should you be taking today to avoid becoming the next headline?

At CyberQP, we collaborate with hundreds of MSPs and internal IT teams to help reduce attack surfaces, particularly in areas such as privilege abuse and credential compromise. Drawing on these front-line experiences, we’ve mapped out a Cybersecurity Maturity Journey that organizations can follow to transition from a reactive to a resilient approach.

.This journey outlines three common stages organizations pass through on the path to effective privilege access management (PAM).

Stage 1: Reactive & Exposed : “We respond to incidents after they happen.”

At this stage, there’s little structure around access control. Teams rely on implicit trust and manual responses.

Indicators: 

• Shared or overprovisioned admin accounts 
• Manual or no privilege elevation
• No audit trails for privileged access 
• No endpoint privilege management 
• Local admin rights everywhere 

Ingram Micro Lesson: The attack reminds us that if attackers gain access to even one account, they can move laterally across your systems quickly and often find overprivileged access to cause more damage. 

Recommended Actions:

• Inventory all accounts, including service accounts and non-human accounts, to identify the account attack surface.
• Audit and remediate persistent privilege escalations to identify the account attack surface.
• Remove standing admin rights wherever possible to reduce the account attack surface.
• Train staff on phishing and social engineering threats to enable prompt detection and notification when common compromise tactics are used.

Stage 2: Baseline Security: “We’ve started building controls, but they’re fragmented.”

You’ve made progress, but inconsistencies and manual processes still leave gaps.

Indicators: 

• Some user access control policies exist, but are not enforced  
• Limited logging or auditing for critical access events  
• Elevation is done via ticketing, which is often delayed or skipped 
• No centralized privilege management  

Ingram Micro Lesson: Attackers today are fast. Lateral movement and privilege escalation can happen in minutes. Manual ticketing or scattered controls are too slow to stop modern threats. 

Recommended Actions:

• Implement Just-in-Time (JIT) access approvals to ensure least privilege and reduce the risk of account misuse.
• Introduce endpoint privilege management for end users to limit unauthorized activities.
• Centralize access logs and begin alerting on anomalous activity. 
• Utilize a Security Information and Event Management System (SIEM) to allow event analysis across company assets.
• Phase out shared accounts and move those necessary into vaults to ensure accounts are better managed, controlled, and secured.

Stage 3: Proactive & Adaptive: “Security is built into daily operations.”

Here, access controls are embedded, automated, and continuously monitored. 

Indicators: 

• Zero standing privileges across endpoints and servers 
• JIT elevation and audit trails for all elevated sessions 
• Role-based access aligned to least privilege principles 
• Integration between identity, privilege, and incident systems 
• Continuous detection and automated remediation processes 

Ingram Micro Lesson: No one is breach-proof, but proactive teams can contain threats faster and prevent further escalation with strong privilege management and lateral movement defenses. 

Recommended Actions: 

• Enforce JIT elevation on all critical systems to enable a zero trust approach. Only provide access to those who need it for a limited period to prevent misuse. 
• Map user roles to business functions and enforce least privilege. Role based access will ensure lateral movement is limited. 
• Integrate PAM data with SIEM for real-time anomaly detection. Centralizing log collection will ensure multiple events can be evaluated in real-time and action can be taken if the event becomes an incident.   
• Implement an incident response playbook for ransomware and privilege misuse. 
• Conduct quarterly access reviews and privilege cleanups. Access reviews can assist in removing over-provisioned access and ensuring the removal of terminated accounts. 

CyberQP empowers MSPs and IT teams to enforce zero-trust privileges without disrupting user workflows. Our tools enable JIT elevation, granular audit trails, and identity verification, core pillars of PAM maturity. 

While we cannot prevent every threat, we can make it harder for attackers to escalate and persist. 

Ransomware isn’t going away, and supply chain management threats like the attack on Ingram Micro are proof that even the best-resourced IT shops aren’t immune. But cybersecurity isn’t a binary; it’s a journey. The most important thing you can do today is know where you are on the path and take that next step forward. 

If you’d like to map your cybersecurity maturity or discuss how to accelerate your privilege access journey, contact us today to learn about CyberQP’s offerings.