Yes, MSPs and resellers are facing one of the most diverse and rapidly-shifting array of threats of the internet age (so far). But it’s not all bad news. Luckily, your customers will need help training for the cybersecurity hurdles ahead – a role you’re capable of filling. In fact, 451 Research’s Hosting, Cloud & Managed Services Market Monitor service forecasts “managed security services revenue to expand at a compound annual growth rate (CAGR) of 16.9% over the next five years to reach more than $24 billion annually by 2022.” You can download the report here.
Now’s the time for MSPs to step into the managed security service provider (MSSP) market and add managed security services to their technology stacks.
A Crowded Threat Landscape
In today’s cybersecurity landscape, you must understand what’s ahead. Here are a few eye-opening trends that are key for both you and your potential SMB clients:
The dark web is out there for anyone to use.
The dark web isn’t usually talked about as a major source of cybercrime, though it’s used for nefarious purposes every day. Ransomware tools are widely available on the dark web, for instance. So while hackers once needed advanced skills to launch such attacks, nowadays anyone with a little technical know-how can launch ransomware, test it against antivirus solutions, and with a little luck pull off a successful attack. Not too high a barrier to entry for an attack infecting more than 100,000 computers daily and extorting close to $1 billion, according to the FBI.1
Internet of Things (IoT) devices are more popular than secure.
Though 97% of businesses believe unsecured IoT devices could be used as attack vehicles against their business,2 IoT cybersecurity remains the Wild West. The sector remains largely unregulated, though Europe seems poised to lead the way on advancing the rule of law.
Despite this sluggish security response to surging IoT use, only 29% of businesses actively monitor for third-party related risks. 3 Many MSPs simply still aren’t equipped to handle IoT security. Network-level protections and the close monitoring of network traffic are critical to keeping clients safe from threats. AI and machine learning will also play their part in overcoming IoT obstacles.
Social engineering remains a top threat.
Phishing attacks remain one of the most popular methods for breaching organizations. Nearly a quarter of SMBs consider them the most significant threat, the highest for any single method of attack, outpacing ransomware’s 19%.
According to Verizon, social engineering attacks are responsible for 93% of organizational breaches.4 Gartner research found phishing emails from outside accounts were responsible for 10,000 malware infections within a single year for a loss of 15,000 hours of productivity per year, or $1,275,000 on average.5 But that doesn’t even account for reputational damage, remediation, or compliance fines levied for breaches. User education, then, is clearly essential to preventing social engineering attacks.
The numbers tell an even stronger story about the effectiveness of security awareness training. After only a year of training, average user click rates sank to below 5%. And because phishing tactics change quickly, click rates are reduced even further with sustained campaigns. Here’s an example from Webroot research:
- 1 to 5 campaigns (months 1-2): 37% click rate
- 6 to 10 campaigns (months 3-4): 28% click rate
- 11+ campaigns (months 4+): 13% click rate
MSPs aren’t immune to cybercrime.
While SMBs are often considered prime targets, many cybercriminals will target MSPs through their own tools, like RMM or PSA platforms. If they manage to compromise an MSP, they’ve likely gained access thousands of SMB customers along the way. Layers of security are essential for turning away today’s threats.
You Can Offer Security Services. Webroot Can Help.
Cybersecurity should be a team sport. MSPs wear many hats, which is why it's vital to work with a security partner. Webroot MSP-ready solutions built with their needs in mind. Our layered solutions cover account for device, network, and users with solutions for endpoint protection, DNS security, and security awareness training. And we simplify security management in one console.
And it’s all informed by decades of experience with AI and machine learning. Together, they make up the Webroot Platform, the same threat intelligence trusted by more than 90 of the world’s leading IT security vendors.
What’s Next?
Want to get started offering layered security to your customers? Webroot® Business Endpoint Protection is a great place to start. It’s free to trial and runs alongside other endpoint agents, so there’s no lapse in coverage.
Guest blog courtesy of Webroot. Read more Webroot blogs here.
