When it comes it cybersecurity an increasing percentage of IT organizations are starting to realize they are pretty much sitting ducks. A survey of 1,300 IT and security professionals conducted by CyberArk, a provider of privileged account management software, finds that 46 percent of security professionals say that their organization can’t prevent attackers from breaking into internal networks each time it is attempted. The same percentage also confirmed their organization’s security strategy rarely changes substantially, even after a cyber attack has been launched against them.

 Why cybersecurity defenses are lacking

Adam Bosnian, executive vice president at CyberArk, says the primary reason more organizations are not able to respond more adroitly comes down to simple inertia. Organizations are investing their security budgets disproportionately toward perimeter defenses, without having much of a plan for how to stop attackers once they get through this first layer of defense, says Bosnian.

To make matters worse, as workloads move to the cloud it’s not at all clear who inside the organization is responsible for securing them. Very few organizations have any means of remotely monitoring who is accessing what resources when for what purpose, adds Bosnian. 

Subscribe to SmarterMSP.com

The fact that inertia is one of the major reasons cybersecurity defenses are so lacking won’t come as much of a surprise to the average managed service provider (MSP). But now that nearly half the respondents are at least aware of the fact that they have inflexible cybersecurity defenses can be viewed as heartening. Most IT professionals have been loath to admit they might need help. The first step to getting help is, of course, admitting there’s a problem. Until a patient admits they need help most therapists will tell you that most of the time spent treating that patient is wasted.

In terms of cybersecurity the respondents to the CyberArk survey identified targeted phishing attacks (56 percent), insider threats (51 percent), ransomware or malware (48 percent), unsecured privileged accounts (42 percent), and unsecured data stored in the cloud (41 percent) as areas where they might need the most help.

The CyberArk survey suggests that the pool of organizations that might be willing to rely more on external service providers for cybersecurity is steadily increasing. In fact, admitting help is needed is no longer the sign of weakness it once was for many IT and cybersecurity professionals. The challenge and opportunity for MSPs is finding a way to approach IT and cybersecurity professionals in a way that affirms the fact that when it comes to cybersecurity everybody needs help. In fact, it could easily be said that those that don’t want to admit they need help are bordering on recklessness, perhaps even insanity.

The impact on MSPs

Not every customer is worth having, especially when it comes to cybersecurity. MSPs can easily find themselves losing money when a customer refuses to either properly fund cybersecurity or implement any best practices. But as the number of customers worth having increases there’s cause for more optimism. It may take a while for many organizations to adjust to the cybersecurity processes put in place by an MSP. But like most patients that need to change their lifestyle to continue living, most of them eventually discover that it’s for their own good.

Subscribe to SmaterMSP

Photo:  Wright Studio / Shutterstock.

Mike Vizard

Posted by Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike blogs about emerging cloud technology for Smarter MSP.

Leave a reply

Your email address will not be published. Required fields are marked *