Channel, Networking

MSPs Address Customer Security Complacency

Webroot CTO Hal Lonas
Hal Lonas

High-profile security threats are in the news almost every day, yet some individuals and organizations still believe they are immune to attacks. This misconception doesn’t come from any rigorous security measures they’ve undertaken, but rather from the false impression that only enormous corporations are targeted by criminals.

Such wishful thinking reveals a troubling disconnect between what an MSP’s customers may think is safe vs. what IT security professionals know to be real threats. From the following comments taken from a discussion between Webroot CTO Hal Lonas and analyst Ryan Morris, it’s clear that security complacency can be a significant challenge for end users and businesses.

Lonas notes, “What we’re seeing is that businesses don’t even know they’ve been targeted until it’s too late. They don’t imagine they would be the object of an attack. A good example is healthcare organizations and hospitals that have been targeted recently by ransomware. The business bad guys have found the soft underbelly of some of these concerns and they figured out how to monetize that.

“Another problem is that people tend to believe in ‘security by obscurity.’ They think, ‘Well, I certainly wouldn't be targeted here in this crowded airport,’ or, ‘With all the other high profile things going on, surely my little company wouldn’t be hit.’ They tend to bury their heads in the sand and think it won't happen to them.”

Lonas goes on to cite additional security challenges posed by today’s anytime/anywhere data accessibility: “Work, home, and private life barriers are increasingly blurred. We used to think, ‘If I've got my laptop inside the four walls of my company, then I’m pretty safe. The company’s protecting me with firewalls, and a filtering software, and all kinds of other great technology.’”

“But what happens,” he muses, “if I take that same laptop, pick it up, and walk over to the coffee shop or the airport hot spot? Am I still going to be protected? Maybe, maybe not. It’s really become an interesting environment to try to protect people in this porous IT landscape.”

This combined with the public’s growing awareness of security threats, leads Morris to ask, “Are MSP customers resisting new technologies because of the threats they see in security?” Lonas replies, “I don’t know that they resist, but there’s a little bit of a friction between convenience, being able to share data, and security concerns. Putting data in the cloud, rather than storing it locally, has certainly brought great productivity gains to all of us. That’s a wonderful thing. We love to see companies adopt that.”

He adds, “Sometimes putting the data in the cloud is actually more secure than keeping it local, depending on your local security practices and what your local IT infrastructure looks like. There are pros and cons to that approach, and I do think it causes people to worry. We see so many high profile security stories here companies have been breached or they become victims of some kind of an attack. That certainly has instilled fear in customers as they ponder their security future.”

Despite that fear, there is a tendency to downplay the risks new technologies can bring. Lonas explains, “We tend to be optimistic, especially in the business world. We add functionality, we add new capabilities, and then security is basically an afterthought. After a big attack, that's when security is added on top. It's hardly baked in from the beginning. I find this concerning. It’s human nature, but it’s highly problematic from a security standpoint.”

The bottom line? MSPs must proactively educate their customers about the very real security risks that companies of all sizes face, and why next-generation endpoint protection solutions should be included from the outset to ensure truly comprehensive protection.

Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial. You don’t even have to uninstall existing security. Want to learn more about how Webroot partners with MSPs to delight customers, lower costs, and boost profits? Learn more.

Read more Webroot blogs here.