Managed service providers (MSPs) are facing a serious challenge: Clients just don’t trust them to protect critical systems and data from attacks. Research indicates that 53% of organizations do not completely trust the vendors in their organization to provide the cybersecurity services they need, and 49% of MSPs admit their clients do not completely trust the security of the service their organization provides.
On the surface, it’s not hard to see the reason for this unease. Ransomware and other cyberthreats have made significant headlines in the last couple of years, and supply-chain attacks have often been to blame. In mid-2020, the United States Secret Service issued an alert indicating they were seeing an increase in cyberattacks involving compromised service providers. Since MSPs manage many customers, they’re a juicy target for cybercriminals who hope to compromise dozens or hundreds of organizations in one fell swoop.
Unfortunately, this trend has not diminished — in fact, it increased 37% from October 2020 through October 2021. One of the largest attacks during this period targeted a popular remote monitoring and management (RMM) platform used by over 1,000 companies, with the attackers initially demanding a record $70 million in ransom payments.
Experts agree that attacks on MSPs and their supply chains will continue to increase throughout 2022. According to original research published by Acronis, 97% of MSPs are concerned that their organization could suffer a cybersecurity breach through which clients’ systems are compromised in the next 12 months.
It’s more important than ever for MSPs to find ways to improve their services and regain their clients’ confidence. This article explores the risks to SMBs resulting from these attacks and what MSPs can do to better position themselves for success.
No business is too small to target
It’s easy for SMBs to shrug off managed IT services if they don’t believe they’ll ever be the target of a cyberattack. But advances in automation and artificial intelligence (AI) have made it trivial for criminals to generate a flood of new threats and spray them across the internet. No one is immune to attacks, not a global enterprise, not an SMB, not even home users.
Automated threats are ceaseless. Over 28% of companies report being attacked at least once per month in the past year, and over 20% were attacked at least once per day. Almost 10% reported attacks at least once per hour.
Many SMBs are woefully under-protected for such a threat environment. They lack IT resources and cybersecurity expertise, and as their infrastructures become more complex, they lack the holistic visibility needed to adequately protect systems and data. For example, a BullGuard survey discovered that 23% of small businesses in the U.K. and U.S. do not use endpoint security mechanisms; 32% of those who do say they rely solely on free consumer-grade cybersecurity solutions.
The need for a trusted resource
SMBs need a trusted resource to help address these challenges, and engaging to provide the protection they need is typically a smart move. Unfortunately, research shows there is a trust issue between SMBs and MSPs.
To address these vulnerability concerns, many service providers have responded by adding additional tools to their technology stack. Today’s MSPs use an average number of four vendors to provide cybersecurity, backup and/or DR services, and 30% report using five or more.
Unfortunately, the answer isn’t as simple as throwing more solutions on the pile. Tool sprawl creates a new set of challenges, like placing managerial strain on your technicians or creating gaps in protection that are hard to spot before disaster strikes.
More tools also mean higher costs. Over the past two years, the average cost for an MSP to provide cybersecurity, backup, and/or disaster recovery (DR) services increased 19%. As many as 71% of MSPs report struggling to pass on these costs to their clients, because they cannot demonstrate the value of the increases — further deteriorating trust and putting pressure on profit margins.
Consolidating vendors improves security and cuts costs
When MSPs use fewer vendors, they have a greater chance of protecting their clients against cybersecurity breaches, data loss, and downtime. For example, Acronis’ MSPs Speak survey revealed that MSPs using one or two vendors had significantly lower concerns about experiencing an attack in the next 12 months compared to those using five or more vendors.
MSPs can also realize huge cost savings — up to $229,159 — by consolidating their cybersecurity, backup and DR services. These savings are attributed to lower licensing, training, and documentation costs as well as improved employee productivity. By integrating cybersecurity, backup and disaster recovery, an MSP can save an average of five hours of time when recovering a client’s IT network after a cybersecurity breach or data loss incident occurs.
MSPs must understand that throwing more tools at their challenges will not improve the security and protection of clients’ systems and data, nor will it resolve the trust dilemma. Instead, the focus must be on consolidating vendors, better integrating existing workflows, and educating clients on how these actions can better protect the entire supply chain. Only then can you recapture your clients’ trust and maintain a competitive advantage.