Many managed service providers (MSPs) already know that cybersecurity is essential in today’s digitally transformed business environment. However, cybersecurity may have a different meaning depending on who you are speaking with inside your customer’s organization.
To get the best advice on how to articulate the importance of cybersecurity to your customer, and what is basic security hygiene, SmarterMSP sat down with JP Kehoe, Senior Sales Director of Barracuda Managed XDR. JP offers expert tips on how MSPs can address cybersecurity with their customers and protect them from the evolving cyber threat landscape.
Q: Why is cybersecurity so important to businesses today?
A: Digital transformation and the acceleration of hybrid work has modernized businesses by allowing them to operate more efficiently and engage in collaboration easily. regardless of where their employees are located. However, this has also increased their exposure to threat actors and the lack of security talent available intensifies the cybersecurity problem. To address this, many businesses are tapping into MSPs to not only manage their IT infrastructures but also to defend against the increasingly sophisticated cyberthreats.
Q: Many MSPs are already providing security services with their existing offering, is that not enough?
A: Cybersecurity is not a product, it is a journey, and it requires more than standalone security solutions to build the managed security services today’s businesses require. One analogy I like to use is home security. You can lock your doors and windows when away to stop an opportunistic burglar. Businesses really aren’t much different from your home – you use the security tools today to protect your environment to stop an opportunistic bad actor. When that bad actor circumvents those controls, you need to know you have a problem. Visibility is key and the alarm needs to go off.
This is what I often refer to as basic cybersecurity hygiene.
Q: What is basic cybersecurity hygiene and how can MSPs achieve this?
A: There are 5 steps to basic cybersecurity hygiene:
- Establish what you want to protect the most. Many businesses aren’t familiar with what their business-critical assets are. They may think it’s their ordering system, or their customer relationship management system. However, their website or eCommerce is equally as important. They need an MSP’s guidance to determine everything that is important to them.
- Building the concentric layers of cybersecurity. Make sure there is a defense in depth strategy that has concentric rings of security around what needs to be protected. This is often called the “cyber kill chain” and MSPs today are doing a great job with building concentric rings of security for their customers.
- Visibility – Monitoring your environment. To know there’s a problem, you need visibility. Therefore, monitoring is recommended as essential. Without monitoring, you won’t know if there’s a cyber incident problem. There have been lots of times where we’ve been called, and an MSP might have had a challenge with their security for a month or 2 months before they even knew about it. In fact, the average length of time is 197 days.
- Reduce the Response Time: When you have that visibility you can reduce the response time.
- Framework standardization. And the last one is good for all business particularly for an MSP is to have a framework that focuses on people process and technology. When you have a standard chosen like NIST, that has real value when you have a problem you can point to the fact you chose a standard to measure yourself against. Technology is great and so important to have but often the people and process piece is not being thought about A framework actually allows customers to have a roadmap of when they want to invest in security and how over time.
Cybersecurity is top of mind for businesses of all sizes; however, it remains one of the hardest concepts to understand. There is no one-size-fits all. By utilizing the above analogy on securing a home, MSPs can more easily convey the importance of cybersecurity and basic cybersecurity hygiene to their customers, and at the same time create opportunities to grow their business.
Photo: user4894991 / Freepik