arthead - stock.adobe.com
For SMBs, cyber attacks are more of a matter of if, not when. Threats such as ransomware, phishing and denial-of-service attacks have the potential to interrupt critical business operations and damage these organizations irreparably.
SMBs, as a result, increasingly turn to their MSPs as their de facto security experts and advisors, even if cybersecurity isn't the MSP's core focus. This reliance on MSPs has only intensified since the start of the COVID-19 pandemic when employees transitioned to home-based work en masse.
Despite the heightened awareness around cyber threats, security isn't anything new for many MSPs, however.
"I wouldn't characterize it as a sudden shift over the last 12, 18 or 24 months, basically since the pandemic, that MSPs have suddenly found cybersecurity," said Charles Weaver, CEO of MSPAlliance, a managed services industry association based in Chapel Hill, N.C. "I think you've had a heightened concentration of attention on cybersecurity threats, which is new, and I would say all the MSPs were fairly well positioned for this."
MSPs have a massive opportunity around cybersecurity, which will only increase as more customers take security seriously, Weaver said. Focusing on cybersecurity can empower MSPs to both prevent attacks against their customers and also mitigate damage and maintain business continuity when systems or data is compromised.
"Cybersecurity expertise is a critical component to any providers offerings and a 'must' to remain relevant [within] today's landscape," said Matthew Fox, creative director for Valiant Technology, based in New York. "It [demands] an investment of time and resources that is ongoing and often requires a shift in your approach to the services and support you provide to customers. A display of expertise must be woven throughout your offerings or, at least, the baseline ones at a minimum."
SMBs have more to learn
Customers' security concerns vary from vertical market to vertical market, depending on regulatory needs and other factors. Phishing attacks, however, represent one of the largest ongoing problems across industries, contributing to a considerable number of security incidents. The threat of these attacks may fly under some SMBs' radars.
"Most small business owners think they are too small to be a target of bad actors," said Diana Giles, president of Skyline IT Management, an MSP based in Edmond, Okla. "They don't realize that most victims of these attacks are not being specifically targeted, [and they] simply fall victim to a spray of attacks that go out to see who will fall for them."
Weaver agreed, but he noted that many organizations have gotten wise to their vulnerabilities, regardless of their organization's size. "Any sized organization is a target … and I think that message alone has broken down the barrier of what used to be there, which is, 'Nobody cares about me. I'm not on any bad person's radar. No one in the world would want to focus on me as a cyber target,'" he said. "That has largely been swept away as any legitimate belief."
MSPs respond with new services
Many MSPs have added endpoint detection and response to their portfolios, often replacing traditional antivirus software. In addition, MSPs have expanded options around identity management, multifactor authentication and other services that cater to SMB cybersecurity needs. The same goes for improved data protection options, as reliable backups can play a major role in recovering from a cybersecurity incident. MSPs are also including tools and services around zero-trust security.
Diana GilesPresident, Skyline IT Management
MSPs that opt not to specialize in cybersecurity are bound to face limitations. Nevertheless, trying to specialize without the right expertise and tools to back it up should be avoided. "MSPs must be security-focused to properly serve their clients, but we should not try to be something we are not," Giles said.
Giles noted that MSPs can form strategic partnerships with managed security service providers to meet their customers' security needs.
One challenge MSPs continue to deal with among SMBs is price resistance, as adding security features will often increase the cost for the end customer. "A business owner that doesn't understand why they should be concerned about security doesn't want to pay for it," Giles said. As a result, she said, security-focused MSPs can lose price-conscious customers to another provider with a cheaper offering.
Ongoing learning is required
SMBs need to continue to learn about existing and emerging threats, Fox said. As SMBs become more educated about security, they can make technology decisions that will protect their businesses, while enabling them to grow their businesses. Some MSPs have created their own educational content, resources and trainings to educate SMB clients.
MSPs must also continue to learn about cybersecurity and stay informed about best practices, Fox said.
"Cybersecurity is the cornerstone of modern MSP offerings -- it's simply a part of what we do," Fox noted. "The importance of cybersecurity will continue to grow, along with SMBs' awareness of the need, and MSPs will have to decide whether to bring varied levels of expertise in-house or work with partners to meet the needs of customers."