Unsung Digital Frontier Heroes: MSPs Lead the Charge in Cybersecurity Defense

Brian Kane

The best cybersecurity products are pointless if their alerts are ignored. This happens more than it should, especially in small and medium-sized businesses, where IT staff is stretched, resources are limited and existing personnel lack the training and time to prioritize and act on valid security issues. When alerts and alarms from endpoint detection and response (EDR) solutions go unheeded, hacks that could have been prevented blossom into effective and expensive attacks.

SMBs aren’t just vulnerable to cyberattacks, they’re specifically targeted. While cyberattacks fell slightly in 2021 for large companies, they rose for small businesses, according to business insurance company Hiscox (PDF). The FBI’s Internet Crime Report found the cost of cybercrimes to small businesses reached $2.4 billion in 2021.

And yet, according to a McKinsey & Co study in February 2023, a quarter of businesses will reduce their technology spending by up to 25% in the next 12-24 months. The report says that “for SMBs with more than 25 full-time-equivalent (FTE) employees, budget cuts in IT could rise as high as 30%.”

3-Legged Partnership for Monitoring

Managed service providers can help vulnerable SMBs by partnering with cybersecurity vendors to make sure the customer’s cybersecurity setup is always being monitored by experts. The tripod of customer plus vendor plus MSP is critical, because inside small businesses, the talent gap is significant. And the cost of an unchecked security notification can be crippling. Globally, in 2022 an average data breach cost $4.35 million. In the U.S., the average expense was $9.44 million. Breach costs have been rising steadily, too, up from $7.35 million (in the U.S.) five years prior to that.

Unfortunately, many already-paid-for cybersecurity solutions aren’t being used to their full capabilities. Unused solutions are bad news for the seller as well as the buyer, who ends up frustrated, or worse, infected. And this is while the security product is theoretically on watch.

In the most extreme cases, powerful security products are shelfware — sold, bought and paid for, but idle. And even the most capable security products in the world must address attack surfaces that evolve as business technology infrastructure changes, as well as innovations in attack vectors.

Ideally, each business would be able to hire, train, and retain IT personnel skilled in security to implement these available tools. Realistically, resource-constrained businesses lack financial flexibility as we head into a choppy economy. Furthermore, the roster of available trained professionals isn’t deep enough to fill what is projected to be, in 2025, 3.5 million open cybersecurity jobs.

MSPs Are the MVPs

When we have a security customer who lacks the resources to fully use a product, it can be powerful to refer them to a provider who can address their needs. We can offer to connect them with an MSP who uses and manages EDR and/or managed detection and response (MDR) for their customers.

Pairing understaffed SMB IT departments with MSPs or other channel experts can fill in the gaps and make the best use of the security tools they are licensing. Just as hacker groups will spread their criminal expertise among several targets, service providers can collect expertise and skilled professionals, servicing several clients. Concentrating security expertise is efficient and more likely to be effective at combatting attacks.

To make the tripod approach of cybersecurity work — customer plus vendor plus channel partner — cybersecurity resellers should look for vendors that offer features such as multitenancy, an MSP-friendly console that allows them to service multiple customers from a single viewpoint. It’s essential that MSPs leverage solutions with high efficacy — check third-party testers like MRG Effitas to see how vendors compare. And don’t overlook dedicated 24/7 support lines. Ease of use for channel partners is what helps them maintain margins on customer accounts.

For distributors and resellers, the ability to offer customers other management technologies for cybersecurity endpoint solutions is a big win. Look for vendors that offer cloud-based dashboards and that can be configured to send alerts to their IT teams.

Channel partners can pick up a lot of the security load from SMBs who have purchased cybersecurity tools they’re not using or are using incorrectly. However, the best opportunity for businesses and partners is to design and implement security solutions collaboratively, and to offer the kind of ongoing security monitoring and support that the SMBs cannot provide themselves. This will provide the best security, as well as the best value.

Brian Kane is director of global MSP programs at Malwarebytes, where he puts his 20 years technology experience to work. You may follow him on LinkedIn or @Malwarebytes on X.