MSPs Selling Security Services: Bright Future Ahead

Credit: Getty Images
Chris Crellin, TK
Author: Chris Crellin

According to recent research from The 2112 Group, the majority of MSPs (85 percent) currently are not offering any form of security services. It’s understandable why an MSP might be reluctant to delve into selling IT security services. After all, it puts an extra level of responsibility and pressure on the service provider to protect customers from what seems to be a losing proposition based on the latest cyberattack and data breach headlines we’re confronted by on a regular basis.

If you look beneath the surface of many of the biggest cyberattacks and breaches, however, you’ll see that the solution isn’t nearly as daunting as it seems. Plus, the companies most in need of security services — SMBs — are in dire need of your help. And they’re willing to pay for it.

Don’t Assume Companies Are Deploying Security Best Practices

Let’s take a look at two major cyberattacks that occurred earlier this year: WannaCry, which occurred in May, and the Equifax breach, which was announced in September. WannaCry was dubbed as “one of the largest cyberattacks ever,” taking down more than 200,000 computer systems from Russia and China to the UK and the US. Victims included hospitals, banks, telecommunications companies, and warehouses.

What do you think these victimized companies had in common? Many of them were still running Windows XP, which has been out of support since April 2014, and the other companies that were running newer Windows systems were behind on their software patches. Microsoft released a security patch back in March — two months prior to the attack — that would have thwarted the WannaCry attack.

More recently, Equifax, one of the three major consumer credit reporting agencies, announced that hackers had gained access to company data that potentially compromised sensitive information for nearly 146 million American consumers, including names, addresses, Social Security numbers, and driver’s license numbers. Although there have been larger breaches than this one in the past, analysts believe this is one of the worst in terms of severity.

A closer look into the Equifax breach revealed some disturbing findings. Last year, identity thieves stole critical W-2 tax and salary data from an Equifax website, and earlier this year thieves again stole W-2 tax data from an Equifax subsidiary. Despite the smaller breaches that preceded the big one, the company made no improvements to its security practices, and cybersecurity investigators reported that all of the breaches were the result of a “simple website vulnerability.”

Although security breaches are growing in size and severity, they always target low-hanging fruit such as unpatched systems, weak passwords (59 percent of SMBs have no visibility into employees’ password practices, the Ponemon Institute revealed in its 2017 State of SMB Cybersecurity), and employees clicking links or opening attachments from unknown sources. In fact, even if an MSP only focused on patching endpoints such as PCs and mobile devices, it could protect its customers from 85 percent of ransomware attacks, studies show. By adding multilayered security products and services such as a next-generation firewall and email security, it could reduce its customers’ odds of a breach even more.

SMBs’ Attitudes Are Changing Toward Managed Services

A report created earlier this year by The 2112 Group and Barracuda MSP, “State of North America Managed Services,” uncovered some interesting insights regarding MSPs and security. First, over the past year, there’s been a shift in SMBs’ attitudes toward managed services in general.

Nearly three out of five (59 percent) of the surveyed channel companies believe managed services pricing will increase relative to 2016 prices. And nearly one-quarter of those surveyed believe managed services prices will increase significantly. Experts attribute the growing demand for managed services to the ongoing IT talent shortage. The fact that nearly every office application is migrating to a services model (e.g., Office 365) appears to be helping, too.

Among providers of managed services, network security was found to be the number one fastest-growing service among top sellers.

Perhaps your company is doing just fine right now offering traditional managed services, such as network management, on-premises servers, on-premises storage, and maybe even cloud applications. The fact is that if all these services aren’t protected and secured, your customers are in big trouble. Ponemon research found that the average cost due to damage or theft of IT assets and infrastructure exceeds $1 million, and the average cost due to disruption of normal operations adds an additional $1.2 million.

The thing is, SMBs are reading the headlines, and they realize they need better security. Very soon, they’re either going to buy security services from your company, or they’re going to find another MSP that can protect them — in addition to providing the services you’re currently offering.

Chris Crellin is senior director of product management for Barracuda MSP. Read more Barracuda MSP blogs here.