Chris Swagler | June 16th, 2022

Most channel partners believe that moving to managed services providers (MSPs) is their best bet for the future. According to a recent survey “The next-gen managed service provider”, life as an MSP is not without challenges. When it comes to cybersecurity, MSPs revealed that 80% of their clients had been affected by cyberattacks and were “not very confident” in their ability to respond successfully to cyberattacks. The survey revealed that the UK government’s plans to update the Network and Information System (NIS) regulations included a threat to fine organizations, including MSPs, up to 17 million pounds if they failed to implement effective security measures.

With many clients investing more in MSPs and expanding their range of obligations, the challenge for MSPs is how to ensure they can meet responsibilities without succumbing to pressure. In a world where cyberattacks are becoming more common and sophisticated, how do they offer the services clients require? According to a CEO of a cybersecurity company, MSPs need to hire specialist security staff and invest in endpoint monitoring to successfully defend their clients. Even though costs will rise, failure to provide effective services can result in financial penalties. Security incidents mean that clients can sue MSPs, and some might go out of business if they fail to adapt.

By putting all security responsibilities on MSPs, companies may get complacent, and every company needs to understand its own cybersecurity responsibilities. Recent Log4Shell attacks demonstrate how a simple line of code can result in the potential breach of 90% of the world’s IT. Government proposals can be seen as a positive step forward to build a standard framework to secure all companies from attacks. MSPs are critical in assisting small and medium-sized enterprises (SMEs) in protecting their businesses, as many users lack the specialized abilities to manage this area on their own. It demonstrates how MSPs can establish good practices and adhere to NIS regulations. Users rely on digital and IT services the same way they rely on other vital services, like water and electricity. The NIS regulations are about strengthening practices, which MSPs should adopt to provide a standard framework.

If the proposals become law, the channel will play a critical two-fold function. MSPs need to ensure that cybersecurity solutions are delivered to the right standard. MSPs need to assist companies in addressing the cybersecurity skills gaps required to meet the new standard. Most MSPs lack the security architecture, design, governance, and operational capabilities to ensure that clients are safe. MSPs can demonstrate ISO27001 compliance, and some offer ISO27017 compliance. Few, however, audit beyond the compliance needs.

It’s important that MSPs rethink their operations and execution. As the balance and spending swing toward strengthening cyber resiliency, more markets will move toward larger cloud service providers and MSPs need to be prepared to invest to sustain the profitability they earn from offering those services. MSPs have struggled to put sufficient cyber security controls in place to mitigate the risk to clients for many years. The growth in supply chain attacks over the last 18 months has demonstrated it’s expected to continue in 2022. MSPs need to act quickly to implement robust cyber security measures that focus on separation of responsibilities and reduction of attack surface.

Client security and satisfaction are extremely vital and need to be on the top of every MSP’s priority list. This leads to adopting multi-factor authentication (MFA) as a standard across all clients. Even though deploying MFA takes time and effort, responding to a ransomware attack is considerably more difficult, from both a technical and customer trust standpoint. Many SMEs see security measures, including MFA, password protection, and password rotation as time-consuming and inconvenient for users. MSPs need to change their mindset by providing training and recommendations to clients that balance security with operational efficiency.

Clients aren’t always the best judge of their own safety and are often unaware of risks facing their companies. A study shows that 60% of SMEs failed within six months after a security breach. MSPs need to take the initiative and educate their clients about the risks and deliver a service to reduce the risk of business-critical disruptions by periodically testing to ensure clients have the right security measures in place. Adopting a collaborative and flexible support model, wherein one team member isn’t bearing numerous urgent requests, including cyberattacks, is the best way for MSPs not to buckle under the weight of their responsibilities to clients. MSPs need to be around the clock with resources to assist the team and have a mix of team members who work on a global model.

With MSPs attempting to handle clients’ IT data infrastructure and their cybersecurity risks at once, it’s important that MSPs remain ahead of the current threat landscape and safeguard their clients’ sensitive information. At SpearTip, we offer pre-breach risk services into MSPs’ current catalog and help upsell their security offerings. SpearTip’s extensive experience improves MSPs’ clients’ operational, procedural, and technical control gaps based on security standards. Additionally, SpearTip monetizes compliance and insurance-based risk assessments that go beyond simple compliance checks and ensure valuable insurance coverage. SpearTip allows MSPs teams instant access by integrating into their current workflows so MSPs can focus on strengthening relationships.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.