Given the costs of investigating security breaches and then cleaning up after them, managed service providers (MSPs) arguably now have a vested interest in training end users to better recognize cybersecurity threats. After all, it’s the MSP that usually absorbs the cost of cleaning up the mess after an end user unwittingly downloads a piece of malware that then rapidly spreads across an organization.
A new survey of 500 full-time office employees across the U.S. conducted by Finn Partner Research, a unit of public relations firm, highlights the extent of the problems facing MSPs. The survey finds nearly two in five workers admit to clicking on a link or opening an attachment from a sender they did not recognize.
New survey from @FinnPartners finds that two in five employees admit to clicking on a link or opening an attachment from a sender they did not recognize.
The survey also shows that most users are not likely to recognize a potential cybersecurity threat in first place largely because of limited access to training. The survey finds that 29 percent of the users surveyed receive quarterly cyber hygiene training, 19 percent receive bi-annual training, 23 percent receive annual training, while only 25 percent receive training monthly. And yet, only 26 percent of employees change their login credentials and/or passwords for personal and work applications at least once a month. Not surprisingly, nearly a third (31 percent) report being a victim of a security breach or attack.
Most organizations don’t have the internal cybersecurity expertise required to train their employees, which naturally creates an opportunity for MSPs to provide training based on platforms that can simulate various types of social engineering attack vectors such as phishing.
The issue that MSPs need to come to terms with is how to go about pricing such as service. Many organizations tend to skimp on end user training. It’s one of the first line items to often be cut from any proposal. The problem that creates for the MSP is that without that training the cost of supporting that customer is going to be invariably higher. Each end user that for one reason or another downloads malware winds up increasing the cost of the managed services being provided. The savvier end users are about cybersecurity hygiene the less expensive it should be to support that organization. That translates into more profitability from the MSP. Given that dynamic, it almost behooves the MSP to find some way to bury the cost of cybersecurity training for end users into the managed service itself.
How end user training can open additional opportunities
Of course, no amount of training is going to prevent all cybersecurity issues from occurring. The Finn survey notes more than half of employees (55 percent) are using their personal devices for work. But at the very least some training is going to cut down on the number of incidents that occur. Those reductions over time wind up having a significant impact on the total cost of supporting that organization. Just as important for the MSP, training also provides them with a reason to regularly engage with their clients. Those engagements that not only create affinity for the MSP, they also create a regular opportunity to discuss additional needs and requirements.
All things considered most MSPs can’t afford to not provide cybersecurity training to end users. The challenge and opportunity now is figure out how best to go about providing that training within an economic model that makes sense for all concerned.
Photo: Mott Jordan / Shutterstock.