Four Ways Security Will Shape MSPs

Five ways security trends that CDOs at MSPs and at their customers need to take note.

Consolidation will drive security innovation.

Security has been a massive change catalyst for the managed service provider (MSP) marketplace. The dynamic threat environment has challenged MSPs to evolve their offerings and skillsets and move beyond toolsets (i.e., anti-virus). It includes providing their customers with more comprehensive security-centric solutions, while at the same time driving vendors to expand their security offerings beyond anti-virus. Most of this expansion has come in the form of mergers and acquisitions versus organized research and development, and we expect that consolidation will continue again in 2020. Many see consolidation as great for the industry as it can reduce finger-pointing. At Barracuda, we see it differently in that it will drive competitive R&D, which ultimately leads to better products and customer experiences.

The cybersecurity talent shortage will continue.

Not all MSPs have the capacity to meet the security needs and requirements of their customers. The risk will only continue to increase in terms of size and complexity. The security operation center, or SOC, is one of the ways in which MSPs will be able to combat the talent shortage.

MSPs will also need to embrace cloud security, beyond email, and ensure that they are protecting their desktop and application infrastructures. A SOC can help automate the monitoring and management of workloads in the cloud from a tactical standpoint, while the MSP’s staff focus on more strategic initiatives associated with growing the business and expanding services offerings. If you are an MSP and you don’t currently have a security partner, 2020 is the year to get one.

Furthermore, integrating your RMM tool and your security portfolio will enable you to stretch your resources through automation further. A security-centric RMM solution can provide the MSP with all of the tools they need to secure and proactively protect customers from today’s advanced threats. By placing data protection and email security at the center of their operations, MSPs can continue to grow and drive business success.

Automation and cybersecurity awareness training will be the best way to combat threats.

It is estimated that there were over 293 billion emails sent per day in 2018, and that number is expected to grow to nearly 350 billion per day by 2025. With the high volume of emails entering and exiting an organization daily, cybercriminals have recognized that this is an easy threat vector to exploit. In the coming year, it will continue.

Traditional email security products, however, find it difficult to cope with attacks such as targeted spear-phishing, which are becoming more prevalent. These are harder for many solutions to detect, as they do not use viruses or malware to break into systems, but instead prey on human weaknesses. Attackers are even hijacking users' accounts – through account takeovers and business email compromise – to send spoofed messages from legitimate accounts.  

According to a recent email security report from Barracuda:  

  • 74% of respondents said that email attacks are having a significant impact on their businesses
  • Breach costs and monetary losses are on the rise
  • 78% of organizations said that the cost of email breaches is increasing
  • 66% claimed that attacks have had a direct monetary cost on their organization in the past year
  • Nearly a quarter of respondents advised that attacks have cost their organization USD 100,000 or more
  • There are growing concerns about insider threats and Office 365
  • 79% of IT professionals said they are worried about attacks and breaches stemming from inside the organization
  • 92% of Office 365 users have security concerns

In 2020, there will be a continued emphasis placed on the need for automated email security and cybersecurity awareness training by businesses, regardless of size or vertical market focus. 

The fact is, there are only 24 hours in a day. The rise of AI is presenting new opportunities to help combat email security threats through automation. Solutions that combine machine learning and big data, for example, can make it easier to spot attempts to compromise an email and stop them before they cause damage. By learning communication patterns, identifying high-risk users, and providing domain fraud visibility, these technologies can help protect customers from threats that are hard for the naked eye to detect.

The practice of automating email security, in combination with security awareness training to ensure that employees are staying up to date on the latest trends in the industry, will help organizations better combat the evolving email security threat landscape.

MSPs will have to become security pros.

In 2020, we predict that MSPs will continue to come under attack as hackers try to gain access to their customers’ infrastructure through any vulnerabilities that may exist. If an MSP cannot protect its own infrastructure, it certainly cannot protect their customers' infrastructure.

MSPs will need to become security professionals to position themselves for growth and success and remain relevant to their customers. Instead of worrying about how to sell or market their MSP business, MSPs need to focus on getting better at security by embracing extended security skillsets – i.e., increasing their internal training, developing their security offering, and taking a security-first approach.

The bottom line is that security needs to be an MSP’s job, a profit center if you will. Security cannot be a peripheral concept to other focus areas, especially as customers continue to increasingly move their application, desktop, and server workloads to the cloud. And, as an essential reminder for MSPs, MSSPs, and VARs, just like you are protecting your customers, make sure your MSP is protected as well.

MSPs will need to get smarter about how they are leveraging security to grow and acquire new customers.

Not every MSP is offering or can offer, managed security and data protection services, but all businesses need them, especially with the heightened threat landscape. One of the common misconceptions among SMBs is that if they have an MSP partner, then they are covered from a security standpoint. MSPs must get smarter about how they are leveraging security within their business. Security assessments are a great way to drive conversations with customers around the level of protection they need to protect their businesses. MSPs should be in the business of providing solutions that protect their customers for life. Security assessments are a great way to demonstrate to customers just how quickly the threat landscape is evolving and why the new and innovative solutions that are available can better protect their business and build a safer world for everyone. And, an important reminder for MSPs, MSSPs, and VARs – practice what you preach and use the tools you sell – you must protect yourself too!

Brian Babineau, General Manager, Barracuda MSP, authored this article.

The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.