5 Cybersecurity Services that MSPs Need to Offer Customers
Small to mid-sized businesses (SMBs) are becoming increasingly aware of cybersecurity as a major area of concern. In fact, our 2020 ConnectWise State of SMB Cybersecurity report found that over half of SMBs don’t have the skills to properly manage cybersecurity.
Cybersecurity services represent a massive window of opportunity for managed service providers (MSPs) in 2021 and beyond. Consider that the same report also found that 91% of small businesses would consider switching IT service providers if they found a new one that offered the “right” cybersecurity services.
As SMBs start thinking about security, they’re often turning to MSPs for help, and well-prepared MSPs who adopt an MSP+ playbook (traditional MSP services plus cybersecurity support) will be better equipped to take advantage of this growing demand.
Below we’ve broken down five key cybersecurity services that MSPs should offer—take a look to see where you could increase your service offerings to drive revenue, meet customer needs, and tap new markets.
Threat detection and response
Every endpoint—from laptops, to mobile phones, to tablets—in your customer’s organization represents a potential entry point for a hacker to infiltrate their systems. That’s why endpoint management is a crucial part of any cybersecurity program. One key service MSPs can offer their customers is monitoring for cyber threats, detecting them if/when they occur, and responding quickly to stop them in their tracks and prevent fallout.
For example, email is one of the most common ways hackers try to enter systems. By monitoring popular software and SaaS apps on your customers’ endpoints—such as Microsoft 365 and Azure—you can detect abnormal behavior, stop it, and investigate whether something malicious (or accidental but dangerous) is happening.
Other core threat detection and response services can include:
- Monitoring and analyzing logs
- Security information and event management (SIEM) management
- Customizing alerts for individual users and devices
- Dark web scanning to detect stolen credentials
- DNS protection
The least impactful cyberattacks are those that are caught, stopped, and remediated early. Endpoint monitoring and threat detection are the frontline in preventing attacks.
Dental offices, legal firms, and medical practices are all busy doing what they do best—fixing teeth, practicing law, and treating patients. They’re typically not cybersecurity experts, and they know it. So while your SMBs customers may be aware that cybersecurity is important, they may not know where their risks are or what to do about them. At the same time, they must keep up with industry regulations like the Healthcare Insurance Portability and Accountability Act (HIPAA) and protect patient and client data and confidentiality at all costs.
Presented in an easy-to-read report, a risk assessment should cover areas such as:
- How employees are trained/educated about cybersecurity
- If and how threats are documented and addressed internally
- Whether the organization assesses IT assets for vulnerabilities
- Any plans or processes for addressing cybersecurity incidents (and whether that plan is followed during an actual incident)
Based on the information gathered in a risk assessment, MSPs can then recommend actionable next steps for their customers to shore up security. A thorough risk assessment includes network vulnerabilities, data compliance issues, and even internal threats. It can also make the threat of cyberattacks more real for customers who are not well informed or fully aware of their risks.
A risk assessment can be a starting point for a discussion around compliance with key security and privacy regulations—such as the EU’s General Data Protection Rule (GDPR) or the California Consumer Privacy Act (CCPA)—and the difference between being secure and being in compliance. For healthcare and medical companies, HIPAA may come into play, and for law practices, there are often client confidentiality rules and laws that must be respected.
To get started, take a look at this sample report. MSPs can offer even more advanced risk assessment services with platforms like ConnectWise Identify, which uses the NIST Cybersecurity Framework to conduct a deep analysis of a customer’s systems and create a comprehensive but easy-to-understand analysis.
Security Operations Center (SOC) as a Service
Hackers never sleep, so monitoring and addressing threats needs to be 24x7, too. That’s why an around-the-clock security operations center (SOC) is an incredibly valuable resource for businesses of any size.
Due to budgeting, talent shortages, and business needs, a SOC is not something most companies will build internally. This makes a SOC an excellent cybersecurity service for MSPs to offer customers. But the same goes for MSPs—most cannot build a SOC in-house, largely because of budgeting concerns. We did some math at Connectwise and found that building a 24/7 SOC team from scratch costs around $2.3 million on average.
Fortunately, MSPs can still offer SOC-as-a-Service via trusted partners and vendors. For example, ConnectWise’s Stratozen offering includes a robust and 24/7 SOC team. By working with a team like this, MSPs can offer the peace of mind and protection of a SOC, without the high price tag.
Cybersecurity is a constant race—hackers evolve their tactics every day, and businesses need to keep up. To protect against emerging threats, organizations need to know exactly what the latest techniques are. That’s where threat intelligence comes in.
Organizations can receive information from an Information Sharing and Analysis Center (ISAC) or other threat intelligence provider. These organizations share data and information about emerging threats as they are spotted in the wild. With advance notice on a new method of attack or an increase in the incidence of a type of attack, organizations can scan for vulnerabilities, patch vulnerabilities, and get ahead of the bad guys.
MSPs can offer threat intelligence as part of a holistic IT management platform, notifying customers of common industry threats (such as phishing attacks), working with the SOC to monitor for emerging threats, and taking action to shore up technical defenses.
ConnectWise’s Perch solution integrates with numerous ISACs and providers to bring threat intelligence into the core of a customer’s SIEM, SOC, and other threat monitoring and management tools. For example, if an ISAC identifies hackers using a software vulnerability to enter corporate systems, MSPs can take quick action to patch a customer’s software.
Backup and disaster recovery
What happens to a business if their systems crash, data goes missing, or workers lose access? Everything comes to a standstill. The organization loses revenue and takes a reputational risk. And, without backups and recovery tools, organizations face an excruciating journey to rebuild from scratch.
MSPs can help customers by offering backup and disaster recovery (BDR) support. Consistent backups keep your customers from sweating over what-if scenarios, and if a disaster does occur, having BDR support in place can reduce downtime and lessen the impact of a disaster.
While disasters can include everything from power outages to storms to systems failure, another source of disaster is cybersecurity attacks. Tools such as ransomware are growing in popularity and often target SMBs. According to the Sophos 2020 State of Ransomware report, just over half (51 percent) of organizations surveyed had been attacked with ransomware within the last year.
Having a backup can be the difference between desperately paying a ransom to hackers or simply ignoring them. Plus, even if an organization does pay the demand, there’s no guarantee that the hackers will actually release the data, so having a backup also ensures that an organization can recover data, no matter what.
Dealing with ransomware attacks—or any other disasters that have the potential to bring down corporate systems and wipe out data—is costly. By offering BDR services, MSPs can save their customers headaches and offer peace-of-mind that the company can keep going, even in the face of a disaster.
Differentiate your MSP with cybersecurity services
Cybersecurity threats are now a normal part of doing business, especially with an increasingly mobile and remote workforce. As organizations contend with more mobile devices, SaaS products, and digital workflows, they will continue to turn to trusted IT professionals for help. MSPs have a unique opportunity to expand their offerings to include cybersecurity services.
The services above highlight opportunities to provide more immediate value to your customers and increase revenue via upsells, while also attracting new customers. Having processes in place to address the most common threats your customers face can help drive home your competitive advantage as an MSP—and keep your customers safe.