When it comes it cybersecurity an increasing percentage of IT organizations are starting to realize they are pretty much sitting ducks. A survey of 1,300 IT and security professionals conducted by CyberArk, a provider of privileged account management software, finds that 46 percent of security professionals say that their organization can’t prevent attackers from breaking into internal networks each time it is attempted. The same percentage also confirmed their organization’s security strategy rarely changes substantially, even after a cyber attack has been launched against them.
Why cybersecurity defenses are lacking
Adam Bosnian, executive vice president at CyberArk, says the primary reason more organizations are not able to respond more adroitly comes down to simple inertia. Organizations are investing their security budgets disproportionately toward perimeter defenses, without having much of a plan for how to stop attackers once they get through this first layer of defense, says Bosnian.
To make matters worse, as workloads move to the cloud it’s not at all clear who inside the organization is responsible for securing them. Very few organizations have any means of remotely monitoring who is accessing what resources when for what purpose, adds Bosnian.
The fact that inertia is one of the major reasons cybersecurity defenses are so lacking won’t come as much of a surprise to the average managed service provider (MSP). But now that nearly half the respondents are at least aware of the fact that they have inflexible cybersecurity defenses can be viewed as heartening. Most IT professionals have been loath to admit they might need help. The first step to getting help is, of course, admitting there’s a problem. Until a patient admits they need help most therapists will tell you that most of the time spent treating that patient is wasted.
In terms of cybersecurity the respondents to the CyberArk survey identified targeted phishing attacks (56 percent), insider threats (51 percent), ransomware or malware (48 percent), unsecured privileged accounts (42 percent), and unsecured data stored in the cloud (41 percent) as areas where they might need the most help.
The CyberArk survey suggests that the pool of organizations that might be willing to rely more on external service providers for cybersecurity is steadily increasing. In fact, admitting help is needed is no longer the sign of weakness it once was for many IT and cybersecurity professionals. The challenge and opportunity for MSPs is finding a way to approach IT and cybersecurity professionals in a way that affirms the fact that when it comes to cybersecurity everybody needs help. In fact, it could easily be said that those that don’t want to admit they need help are bordering on recklessness, perhaps even insanity.
The impact on MSPs
Not every customer is worth having, especially when it comes to cybersecurity. MSPs can easily find themselves losing money when a customer refuses to either properly fund cybersecurity or implement any best practices. But as the number of customers worth having increases there’s cause for more optimism. It may take a while for many organizations to adjust to the cybersecurity processes put in place by an MSP. But like most patients that need to change their lifestyle to continue living, most of them eventually discover that it’s for their own good.
Photo: Wright Studio / Shutterstock.