Large numbers of managed security services providers are making a promise they know they can’t deliver on. There’s no such thing as perfect security. In fact, given the sophistication of social engineering attacks it’s probable malware is already lurking somewhere on the systems of the clients a managed service provider has promised to protect. Once that malware gets activated, the client invariably puts some of the blame on the MSP, no matter how much their employees may have been responsible for downloading that malware directly onto their system.
Given the current state of cybersecurity affairs, MSPs focusing on security should consider changing the promise of their value proposition. Rather than promising to protect customers from cyberattacks, the value an MSP really provides is cyber resiliency. Malware is ubiquitous. The capability that most MSPs provide that internal IT organizations are not any good at is being able to respond to a cyberattack quickly once it’s determined that some form of malware has been activated.
Incident response struggles
A study this week by IBM drives this point home. Conducted by The Ponemon Institute, the study concludes that more than three-quarters of the respondents (77 percent) admitted that their organizations don’t have a formal incident response plan that is consistently enforced across the organization. Plus, more than half (57 percent) said the time it takes for them to resolve an incident has increased in the past year.
New Ponemon study: 77% of businesses don’t have a formal incident response plan that’s consistently enforced #cybersecurity @smartermsp
The reason this is significant is that IT leaders are increasingly being judged not on their ability to prevent malware infestations, but rather on how quickly they can contain the damage once malware gets discovered. Because of this shift, many IT organizations are making significant adjustments to their cybersecurity strategies. Organizations are now spending much more time and money on threat detection on the assumption that malware has already made it past the network perimeter. If the malware is not discovered before it gets activated, the next major area of focus is on how the organization responds once that malware starts to, for example, encrypt data or exfiltrate data.
The power of cyber resiliency
No matter the cyberattack method they’re responding to, organizations need to be able to contain, inspect, and remove that malware in short order, as well as immediately protect any data that might become infected before that malware can be removed. That requires a level of execution that most internal IT organizations can only dream about. Savvy MSPs, on the other hand, have cyber resiliency playbooks they can reliably execute time and again. Instead of a cyberattack being the equivalent of a major disaster, malware remediation can become a relatively momentary annoyance.
Naturally, cyber resiliency provides more value to a business than simply managing a firewall. There’s no doubt that network security at the perimeter still plays a critical role in limiting the amount of malware that might need to be detected and remediated. But, the critical thing for MSPs to remember is that managing firewalls and anti-malware software on endpoints is only one piece of a total solution to a major problem. MSPs that provide that complete solution are not only going to be significantly more profitable, but they will also be providing a capability that no sane customer will want to live without.