By: Collabrance LLC on October 12th, 2022
Ready or Not, Here Cyber Security Compliance Comes
October may be the official "cybersecurity month", but it appears some have missed the memo. According to Accenture’s State of Cybersecurity Resilience report, security attacks increased 31% from 2020 to 2021, with the number of attacks per company reaching 270 annually. A 2022 UpCity study found that only 50% of U.S. businesses have a formal cybersecurity plan, and of those, 32% haven't updated their plan since the COVID-19 pandemic introduced remote and hybrid operations.
Collabrance recently attended the 2022 Empower by N-able event, and the overarching theme of main-stage and breakout sessions was that a security-first approach to managed IT services is no longer limited to one month out of the year. In this blog we'll share best practices we took away from the Empower event, outlining actionable steps MSPs can take to protect their clients and grow their business.
Regulatory pressures are coming – provide more than cyber insurance
Andy Jones, the CEO of Fortress Security Risk Management, kicked the week off with an exclusive Q&A session for N-able Super Elite partners. He emphasized that all 50 states are currently in the process of enacting additional cybersecurity legislation; a business having a cyber-insurance policy is no longer enough. MSPs need to proactively learn about the compliance and regulatory requirements their clients face both today and in the future. Beginning the process of certification today (CMMC, SOC2, etc.) will allow you to bring additional security value to your existing clients and grow revenue through new business bound by these regulations.
Take a security-first approach
During a main-stage session on Managed Security Service Providers, Patrick Layton, Vice President of Managed IT Services at Impact Networking, talked about the importance of taking a security-first approach. There are non-negotiable aspects of every security solution and clients shouldn’t view the buying process as an opportunity to pick and choose what they'd like. Tools such as endpoint detection and response (EDR), multi-factor authentication (MFA), and managed patching of all devices are the foundational pieces of a security-first approach. MSPs should be implementing these tools within their existing managed clients and requiring them for all future managed clients to increase the security of the companies they work with as well as prepare themselves for future compliance requirements.
It's time to prescribe cyber security solutions
One of the biggest challenges MSPs face with clients and prospects is the "it won't happen to me" attitude. Executives don't understand the risks a breach poses to their business, and they don't allocate the budget necessary to mitigate those risks. Rather than trying to sell cybersecurity offerings as an elective, it's time to make these features non-negotiable. MSPs should adopt a "tell—don't sell" approach and be willing to put their foot down when clients try to remove the security "bells and whistles." While this can be a hard pill for customers to swallow (and for sales reps who may not win a deal because of it), it's the best way MSPs can ensure their clients are protected and receiving the services they need in 2022 and beyond.
Jeff Leder, CEO of DOT Security, perfectly summarized the challenges ahead during a breakout session on Managed Security Services. He highlighted that many organizations view cybersecurity as an add-on instead of a "must-have", and while executives are concerned about security, they don't understand it well or plan for it. It's time for MSPs to lead from the front on cybersecurity, educating themselves and their team as well as their clients. This will ensure MSPs are prepared for the pending changes in regulation and compliance and are able to protect their clients and their bottom lines.
Collabrance equips MSPs to provide the managed security services their customers need. To learn more about our security products and services,