Use layered security that follows key cybersecurity frameworks to prevent a bad ending.

October 21, 2019

6 Min Read
Medeival Iron Throne Made of Weapons
Shutterstock

By Rob Simopoulos

Simopoulos-Rob_Defendify-author-150x150.jpg

Rob Simopolous

Last year, Gartner predicted worldwide spending on information security products and services will reach $124 billion in 2019, growing 8.7% over the $114 billion invested in 2018.

To put that in perspective, HBO spent a whopping $90 million on the final season of Game of Thrones, which successfully hit a new record when 19.3 million people tuned in to watch the series finale. If you took the predicted spend for information security products and services and divided it by GOT’s Season 8 budget, HBO could make 1,377 more seasons of GOT. Think about that.

While George R.R. Martin may run out of plot twists, rich characterizations and moral complexities to fill another 1,377 seasons, the worldwide budget shows the vast opportunity for managed service providers to expand and perfect their security offerings in a market that will only become more opportunistic as cybersecurity threats continue to grow – and the money spent on protection increases.

A 2019 global study conducted by Continuum found some 77% of small- to midsized businesses already anticipate that at least half of their cybersecurity needs will be outsourced in five years. However, these businesses are also looking for the right allies and protection. A recent Vanson Bourne’s report found that MSPs in the U.S. are at risk of losing their small business customers if they don’t provide competitive, comprehensive cybersecurity solutions to their customers.

While MSPs have been working in and around security all along, the cybersecurity landscape and the way small businesses look at cybersecurity have evolved. Even for the most cybersecurity-conscious MSP, it can be easy to fall into bad habits or make common mistakes, ultimately putting clients at risk or negatively affecting their business.

3 GOT Cybersecurity Lessons

To help MSPs along their journey from a Night’s Watch steward to a lord commander, here are three things MSPs can learn about cybersecurity from Game of Thrones to prevent a bad ending:

  1. Protect thyself: A number of recent breaches of MSPs shows that even the most tech-savvy businesses are susceptible to attacks. It’s important MSPs get their own kingdom in order to help protect their clients and the entire industry.

MSPs often have privileged access into their clients’ networks; they need to in order to do their job. However, this inside access means that if the MSP is breached, the client is at risk as well — the attacker may be able to pivot to access the client’s network. Additionally, clients are beginning to realize the importance of working with vendors that have a strong cybersecurity posture. They trust their MSP with a lot of sensitive information, and will likely feel more comfortable selecting or staying with a provider who shows dedication to their security.

For an MSP, establishing a holistic approach within their own organization is a first step. Incorporating multiple layers of protection and prioritizing cybersecurity best practices is important in keeping a business secure. MSPs in particular should take care to prioritize security measures that affect their clients, such as using two-factor authentication on accounts that access client networks and information, employing the principle of least privilege and following documented offboarding procedures to remove access when employees leave their organization.

  1. Go beyond the (fire)wall: Antivirus and firewalls are important protective measures, but they aren’t enough to protect the whole kingdom. Cybercriminals are getting more creative by the day, employing new techniques, and using social engineering to circumvent even the most advanced technology. MSPs need to make sure their clients have a holistic cybersecurity strategy and multiple layers of protection.

There’s no single silver-bullet technology solution for cybersecurity, and its hard think there ever will be. Indeed, it comes back to people that make up the seven kingdoms; the human element will always be at play. An effective cybersecurity program addresses foundational components and cultural aspects while effectively utilizing the right technology. For MSPs, this means it is essential to …

… employ a layered security offering that follows key cybersecurity control frameworks such as NIST and CIS. Cybersecurity policies, plans, employee education, testing, training and regular scanning are important components of a cybersecurity program. Providing a comprehensive cybersecurity solution and delivering it as a managed service offering can protect clients more effectively and help grow recurring revenue at the same time.

  1. Ignorance isn’t bliss: Providing managed services without including an expanded cybersecurity program is a missed opportunity. Don’t overlook the huge potential for MSPs to differentiate themselves with a comprehensive offering. Many MSP clients are trying to navigate third-party vendor cybersecurity assessments, which are starting to become commonplace. What small businesses don’t know about cybersecurity could hurt them. They’re often blindsided by multipage vendor risk assessments from their enterprise customers who are realizing that some of their small business vendors are a threat. If a client is unable to complete the assessment appropriately, it could result in the client losing that customer’s business and possibly the MSP losing an important client.

Here’s where the MSP comes in: As the provider and de facto cybersecurity resource, they can help prepare their client for impending assessments by implementing a holistic program ahead of time and coaching them through completion and submission when they do arrive. Even if a client never receives an assessment, the cybersecurity they have in place thanks to their MSP is critical in protecting their business, their livelihood and providing peace of mind. At the end of the day, an MSP’s job is to help clients understand – and succeed in – the world of technology. An MSP who is also the trusted cybersecurity resource has the edge over a competitor who focuses only traditional managed IT services.

Bottom line: Cyberattacks are (still) coming. Let’s face it, the MSP market is very competitive. Everyone is fighting for control and having a differentiator is vitally important to stand out in the marketplace. Cybersecurity can be this differentiator. Business leaders tag cyber threats as their biggest concern. In fact, nearly 9 in 10 small businesses would consider hiring a new MSP if they offered the right cybersecurity solution, and nearly 1 in 4 have already changed MSPs in the aftermath of a cyberattack. MSPs can position themselves on the winning side of the cybersecurity battle to gain the edge over the competition.

MSPs have a great opportunity to help their clients solve their need for the right cybersecurity solutions. The MSPs who take the right precautions to protect themselves and offer multilayered protection within a holistic approach to their clients are more likely to gain the throne over their competitors.

Cybersecurity is no longer a nice-to-have, rather it is a must-have for the victorious provider. Make it your dragonglass, and don’t wait for the White Walkers to show up.

Rob Simopoulos is the co-founder of Defendify, an all-in-one cybersecurity solution for IT service providers. Rob is a 20-plus year veteran of the security industry, successfully building and growing multiple businesses, and taking on various industry advisory and board roles. He is a frequent national speaker and thought leader on security and recurring revenue model strategies. Follow him on LinkedIn or @Defendify.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like