By Branden Boag, Action1
Cybersecurity is a growing concern for businesses of all sizes, and SMBs are no exception. Large-scale security breaches — such as the Microsoft Exchange server hack, which impacted at least 30,000 organizations in the US, including many small businesses — have put security threats squarely in the public eye. But SMBs are struggling to combat those threats. As the COVID-19 pandemic forced many of them to adopt new technologies to serve customers and support employees, their IT environments became more complex and therefore more difficult to support and secure. At the same time, the cost of a successful breach hit a 17-year high in 2021, totaling $4.24 million, up 10% from 2020 — which can easily put an SMB out of business altogether.
Since SMBs often lack the skills and resources needed to establish comprehensive defenses on their own, they often turn to MSPs for help. Accordingly, cybersecurity can be quite a lucrative business opportunity for MSPs in 2022 and beyond.
Here are three cybersecurity trends MSPs can leverage to better serve their clients.
Trend 1: The Distributed Workforce
The remote and hybrid work models initially forced on businesses by the pandemic have now gained widespread acceptance. Indeed, an Action1 survey found that 76% of organizations intend to continue hybrid work arrangements in 2022. There are sound reasons behind this decision — in particular, according to Gartner, by 2023, 75% of organizations leveraging distributed enterprise benefits will reap revenue gains 25% faster than competitors.
This new business reality opens the door for MSPs to offer security plans tailored to addressing the risks associated with remote and hybrid working. Those plans should include everything essential for managing and security the hybrid workforce, including endpoint protection, password policies, multifactor authentication (MFA) and Zero Trust, and mobile device security. MSPs should also revisit firewalls and VPNs to ensure that the client IT infrastructure can support remote workloads safely.
Another strategy that MSPs should consider is increasing operational effectiveness internally. As more and more companies turn to MSPs for help in supporting and securing their hybrid workforces, speed and accuracy in IT service and cybersecurity delivery will become critically important. MSPs need to be capable of seamlessly providing the requested value with the technologies in their arsenal. Therefore, they should ensure that none of the approaches and tools their technicians leverage act like bottlenecks. All too often, technicians waste precious time and effort because they have to juggle multiple tools to do their everyday work. For example, when it comes to such routine but essential tasks as patching OS and third-party software for customers’ environments and managing clients’ devices, it is essential for technicians to be able to perform everything from a single pane of glass instead of having to master multiple tools and constantly switch between various screens.
Trend 2: Ransomware And Escalating Threats
It is no secret that 2021 was infamous for cyberthreats. Among other things, ransomware skyrocketed by 148%, and a record-breaking 28,695 vulnerabilities were disclosed.
Under such circumstances, internal IT teams at SMBs are finding it more and more difficult to keep up with new threats, and they often lack the tools and skills required to adequately secure their organization’s IT ecosystem. Inevitably, vital elements are overlooked or shortchanged, leaving the company vulnerable to attacks.
MSPs can help by providing SMBs with well-rounded cybersecurity services that cater to their needs. To maximize the value of their offerings, MSPs should be sure to include threat detection and response, threat intelligence, backup and recovery (on average, just 65% of data is restored following a ransomware attack!), and risk assessment. At a more detailed level, essential elements include proper vulnerability scanning and remediation to reduce the customer’s attack surface area, as well as regular disaster recovery testing to ensure that the client’s hybrid workforce will be able to access their data if an incident occurs.
Trend 3: Lack Of Cybersecurity Awareness
Experts report that as many as 91% of cyberattacks start with phishing emails. Whatever the exact percentage, phishing is certainly a serious and growing threat — especially with malicious actors eager to take advantage of the stress of the global pandemic and the rapid digitalization it engendered.
In fact, the Phishing and Fraud Report discovered that phishing attacks increased 220% during the peak of the COVID-19 outbreak, as cybercriminals looked to capitalize on pandemic-induced work and lifestyle changes. Some phishing emails leveraged the World Health Organization’s logo or a government seal and claimed to contain up-to-date information about the crisis and vaccination. Others were disguised as job offers or solicited donations to scam charities. Too many of these phishing campaigns were successful in getting victims to share their login credentials, click a malicious link, or download an attachment containing ransomware or other malware.
With this in mind, it’s not surprising that 85% of data breaches involve a human element. As a result, employees are now an organization’s first line of defense against cyberattacks. Unfortunately, however, the overall level of cybersecurity awareness at this point in organizations around the globe still leaves much to be desired.
This situation provides an opportunity for MSPs to jump in and help their customers by bundling cybersecurity awareness training services into their offerings. Indeed, there is a need among companies of all sizes for such a service. MSPs can develop various offerings to ensure the training fits the client’s size, risk level, and budget. To encourage customers to opt into cybersecurity training, MSPs should emphasize the value and importance of security awareness, highlighting the steep financial and reputational losses that come with even a single successful breach. If the client is still not interested in cybersecurity awareness training, it can be a good idea to offer a phishing simulation. Once the customer sees how susceptible their workforce is to the manipulations of cybercriminals, they will be far more motivated to invest in robust cybersecurity awareness training.
MSPs Are Poised To Anticipate Customer Needs
MSPs today are face-to-face with multiple opportunities for significant growth. If they effectively anticipate customer needs and evolve their services to match those needs, they can thrive into 2022 and beyond. And by pairing their business strategy with a carefully chosen suite of powerful yet easy-to-use technologies, MSPs can position themselves light years ahead of the competition.
About The Author
Branden Boag, Director of Sales & Alliances at Action1 Corporation, provider of remote monitoring and management (RMM) software. Branden has more than 20 years of sales and leadership experience in the software market, including senior positions at Netwrix, Huddle, and Quest Software. He played an integral part in building those businesses through partnerships with local and global strategic partners.