By Vince Crisler, Dark Cubed
Though we’re all eager to enter a fresh year, many new circumstances have manifested since COVID-19 that have either accelerated or created new trends. As the market quickly evolves and more companies are accelerating digital transformation initiatives, new cybersecurity challenges are arising. The shift to work-from-home and remote networks has become mainstream and brought with it lessons for MSPs and MSSPs looking to secure their clientele in 2021.
Security is no longer optional if MSPs want to maintain a thriving practice—if you’re not offering it, your competitor will.
Remote Networks Will Require Enhanced Security
In the past, companies were reluctant to move their personnel to remote environments. In 2020, it became a matter of survival. Since then, many SMBs have ushered-in remote work and cloud migration on a more permanent basis. Yet moving people to the cloud brings with it a series of security challenges, requiring a new level of expertise—and a greater amount of personnel to implement that expertise.
For example, remote work and cloud migration require augmented access to a company’s VPN. For many SMB organizations, their existing VPN networks aren’t stable enough to accommodate an extensively dispersed workforce. These more demanding remote environments require advanced, layered solutions. Two-factor authentication has never been more critical and is the one cybersecurity upgrade we’d recommend all MSPs implement for their clientele immediately.
SMB Security Must Be Purpose-Built
Too many current products are modeled on enterprise solutions that are “dumbed down” for an SMB model. In contrast, an effective cybersecurity solution needs to be designed from the ground-up to meet the unique requirements of the SMB space. Retooling an enterprise product typically results in a partial solution—often one that maintains the complexity of an enterprise-level offering.
Few providers have approached SMB security from scratch, focusing on intelligence, automation, and simplicity. An effective SMB solution should allow the MSP to monitor traffic in and out of the network, enhance the functionality of the firewall, and integrate threat intelligence while letting users intuitively manage the solution without the call for excessive training. Complexity and high learning curves hinder usability, leaving companies with a difficult-to-deploy, half-baked, and nominally effective environment.
Shortfalls In Talent Will Increase Automation
According to the Cybersecurity Workforce Study by ISC, global IT security skills shortages have now surpassed four million unfilled positions, including more than 550,000 in North America. As cybersecurity solutions develop more sophisticated capabilities—and malicious hackers develop more stealth methods of breaching networks—cybersecurity companies will be forced to address this deficit of skills.
A skills gap will give rise to increased automation, artificial intelligence (AI), and machine learning (ML) to manage the need for security resources. Keep in mind that the majority of what the industry labels “AI” is more accurately defined as the automation of security functionality.
Many attacks on SMB networks are commoditized, automated attacks executed in great numbers. All attacks—whether phishing, malware, or more complex scenarios—originate at a computer with a unique IP address. If a solution can identify that address as a malicious base of operations, it can shut down a great volume of these attacks. With the right analytics and data, an effective automated solution can evaluate whether an IP address is malicious and rank each incoming threat, blocking questionable addresses. This automated protocol will screen a good amount of malicious activity, without the need for augmented staffing. Personnel with security expertise can then be better utilized implementing other mitigation activities.
SMB Demands Greater Accountability
Not long ago, MSPs complained that their clientele didn’t take security seriously enough, and end-customers were willing to delay security upgrades for another day. The crises and market disruptions of 2020 have changed business owners’ thinking about the plausibility of breaches and disasters. High-profile compromises and threats targeting vulnerable new remote and hybrid workplaces have made believers out of the SMB community.
Customers are now coming to their MSP partners with questionnaires and long lists of criteria regarding the kind of security they must deliver. Combined with growing compliance regulations such as the CCPA and GDPR, cybersecurity has become a top-of-mind priority.
While all of us look forward to a less eventful 2021, remember that luck favors the prepared, and a savvy MSP will let the lessons of 2020 make them a more accountable, effective, and successful cybersecurity partner for the channel in the coming year.
About The Author
Vince Crisler, CEO and president of Dark Cubed, has more than 20 years of IT and cybersecurity leadership within the Department of Defense, federal civilian government, and the private sector. A Former Chief Information Security Officer of the White House, Crisler is a proven cybersecurity and IT strategy leader.