The cost of staying the same
Wes Spencer is CISO of Perch Security
As a managed service provider (MSP), your responsibilities can loom large. Cloud management, backup recovery, email encryption, web content filtering, and antivirus and firewall software—your customers rely on you to manage all this, but the work doesn’t stop there. Whether you like it or not, your team is on the hook if a customer’s data is compromised. You are likely their first and only line of defense, even if no one on your team is fluent in cybersecurity practices. To your customers, you’re the expert—and unless you’re willing to shoulder the liability that comes with a cyberattack, now’s the time to make a change.
As with many journeys, yours begins with education. To achieve risk-management success and better serve your customers, it's imperative to learn the ins and outs of cybersecurity.
Security threats and tactics are always evolving. If your business isn’t growing to meet the increasing security demands of your customers, it’s dying. I recently did a webinar where I explained the cost of staying the same/keeping the status quo for security.
What is the cost of staying the same?
The world is changing. Once upon a time, most people believed that only large companies needed to worry about the consequences of not being cyber smart. Large enterprise organizations are known for operating a cybersecurity program with enormous budgets to reduce their cyber risk. But for the small and medium-sized companies, a data breach didn’t seem as likely.
Not anymore. The odds of a cyberattack on your business are going up, fast. Cybersecurity is the top risk to markets in 2019. In the past year, 58% of SMBs experienced a cybersecurity attack—costing these companies an average of $400,000. No matter the size, your customers should be aware of their risks—and once they are, they’ll expect you to stand guard over their IT premise. Your liability is immense, whether or not your team is capable of delivering cybersecurity solutions. If you don’t take the step to learn more, you could put your customers at risk—and end up with a painful loss.
Here are some tips that were covered in the webinar:
Reduce your liability
Only offering antivirus protection and putting up a firewall isn’t enough anymore to keep your customers safe against ransomware and data. When, not if, your customers are hit with a cyberattack, you’re ultimately liable.
According to the Ponemon Institute: 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) study, the average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption of normal operations increased from $955,429 to $1,207,965.
By focusing on enhancing your cybersecurity offerings to prevent and respond to these attacks, you’ll reduce your liability.
Be socially responsible
MSPs are an ideal target for cyberattacks. Why? If attackers gain access to your database, they can get access to all your customers as well. Time well spent for the bad guys. Knowing that this exposure to risk exists for your customer leaves you with a social, moral, and fiduciary responsibility to protect them and their data.
Think of the data you touch each day—how much is it worth? To your customers, it’s everything—including their intellectual property, reputation, and clients’ trust. As their MSP, you hold the keys to their kingdom. It’s a social responsibility that can’t be underestimated; if they experience a breach, their reputations, and their clients’, could be ruined.
Beyond this, consider the people and organizations behind cybersecurity attacks. They’re criminals—and the reality is, there’s not much stopping them. Governments place the responsibility of cyber defense almost entirely on companies, and while a number of government organizations are tasked with helping secure the nation, their options are limited. Overreaction could put a strain on international relations. All of this means that hackers have no real risk of prosecution, giving them the freedom to keep pushing your infrastructure until they find a way in.
The bottom line is, attackers don’t just want to hurt you and your customer—they want to inflict widespread damage. And by not ensuring against cybersecurity, you’ll put them one step closer to that goal.
Grow your revenue potential
On the flip side, there’s a lot of money to be made by extending your offerings to protect your customers. IDC says managed security services are now the fastest growing segments of the IT security sector, with a compound annual growth rate of 14.7% expected through 2021. Gartner estimates that by 2020, managed and subscription-based security services will account for half of the revenue generated in the cybersecurity category. Now is not the time to be left behind.
The willingness of companies to pay for cybersecurity is increasing. There was a time when companies were only focused on cybersecurity if they were required to (in order to be compliant) or had already been breached, but that’s changing.
Today, nearly every business relies on a secure digital infrastructure. If even one component of their system is crippled by a cyberattack, they’ll be left scrambling—and risk losing profits.
As an MSP, you’re in a position to earn more for your work. Your IT expertise gives you excellent foundational knowledge for learning cybersecurity practices—and once you take steps to understand methods for password protection, security awareness training, and more, you’ll earn a coveted seat in an emerging industry.
Where we are today
Hackers are out there in large numbers trying to get through your customers’ firewall. With more attempts coming our way, we’re experiencing a rise in the number of attacks. Think of this like at a hockey game. The team with more shots on goal has a better opportunity are scoring as the goalkeeper can’t keep up with all of them.
Hackers don’t have any inhibitions when it comes to increased cyberattacks, so it’s on us to protect ourselves and our customers. They are on the offense with little to nothing to lose and everything to gain. We are on the defense and have to stay alert and ready, starting with the following:
- Security Expertise - As the MSP, you’re likely working on developing your cybersecurity expertise. However, your customers are not experts and have no intention of learning, so it’s up to you to ramp up quickly to differentiate yourself in a competitive market.
- Security Assessment - Risk assessment is the right way to start to assess gaps. Every time I walk into a new organization as a CISO, the first words that come out of my mouth are, “Where does our risk lie?” and I can’t do that without a risk assessment tool like ConnectWise Identify.
When prevention fails: Threat detection and response
Our industry isn’t prepared for the worst. There’s currently an overreliance on prevention. What happens if prevention fails? Perch is a managed threat detection and response platform. We help when prevention fails.
The hardest part to solve for cybersecurity is the people. It’s harder to staff cybersecurity experts. With Perch, you’ll get 24/7 monitoring with skilled, qualified, credentialed analysts.
Our success relies on you being the hero. We are here to arm you with the knowledge to be able to handle a threat with your customers successfully.
It’s time to make a change
Staying the same is easy and comfortable, but in your field, it’s no longer viable. With each new headline on a catastrophic data breach, your customers’ anxiety only grows. It’s up to you to understand the security implications for each client—customers need you to offer support and solutions. If you don’t, they’ll look for a service provider who can.