Nearly 90 percent of organizations have faith that the security techniques and technologies they have in place provide the protection they need. And almost 60 percent believe they are less vulnerable from a security threat than they were as recently as one year ago. These findings—from a 2017 SolarWinds MSP survey of 400 SMBs and enterprises—paint a positive picture.
But the survey also revealed that a huge 71 percent of those same organizations have been breached in the past 12 months, causing damage to their businesses. The bottom line is, companies are far too confident in their ability to avoid cybersecurity attacks, and anyone who thinks “it will never happen to us” simply needs to take a closer look at the facts.
The survey findings disclosed that businesses are overlooking fundamental security principles and identified seven basic faults:
- Inconsistency in enforcing security policies
- Negligence in the approach to user security awareness training
- Shortsighted application of cybersecurity technologies
- Complacency around vulnerability reporting
- Inflexibility in adapting processes and approach after a breach
- Stagnation in the application of key prevention techniques
- Lethargy around detection and response
In the wake of Petya, Goldeneye, WannaCry, and other recent cyberattacks, one point becomes abundantly clear: today, more than ever, managed service providers (MSPs) need to be proactive when it comes to helping their clients with cybersecurity preparedness. This task can seem overwhelming in today’s chaotic security climate, and many MSPs simply don’t know where to begin. Here are four ways to take charge when it comes to getting your business—and your clients—ready for a cybersecurity crisis:
- Perform an internal review: First and foremost, MSPs need to ensure their own security practices are rock solid. An internal review begins with examining all daily practices and your complete security technology stack—not only for current best practices—but with an eye toward future needs as well. Consider whether your offerings and approaches address the needs of the typical SMB or enterprise. Do you support on-premises, cloud, and hybrid environments? Does your technology stack make sense for clients in highly-regulated verticals?
- Examine your skillsets: Many security incidents require the skillsets of specialists, so make sure you have access to the expertise you need, when you need it. From protecting IoT at an architectural level, to fending off DDoS attacks, or unleashing a digital forensics incident response, make sure you have the appropriate expertise in-house. If not, align with a partner who can support you, and don’t hesitate to get that relationship in play immediately—before the next crisis hits. Building new skills in the middle of a firestorm is never a good idea.
- Practice makes perfect: MSPs can and should offer to perform a practice run across clients’ security measures, both in terms of technology and processes, to discover weak points and make improvements. As you do so, consider these questions: Are the lines of communication and equipment adequate, or could they be more robust? Are expectations and metrics reasonable? What worked and what didn’t work as well as it should have? Deliver a report of your findings. Aside from pointing out shortcomings, you’re likely to uncover a few upsell opportunities as well.
- Train your customers: Because human error is frequently a factor in a security breach, proper staff training can be the ultimate game changer for your clients. Create a program to arm the entire company with the knowledge they need to prevent breaches. Whether you offer it as a service to build revenue or you offer it free to help ensure your chances of retention, training can reduce the number of security incidents. That translates to fewer crisis calls and ultimately, more satisfied clients.
Overconfidence combined with a rising tide of cybersecurity threats creates a perfect storm for MSPs and their customers. With so much at stake—from your clients’ data, to their productivity, and even the viability of their business—MSPs must put in place the right approach, dialogue, relationships, and tools. When you position your clients to successfully thwart attacks, you also position your business to grow and build stronger, longer-lasting relationships with customers.
Dave Sobel is senior director of community at SolarWinds MSP. Read more SolarWinds MSP blogs here.
