As 2021 rolls in, and a COVID-19 world faces a business revolution, MSPs will be needed in a new role: barring the door against a $6 trillion cybercrime theft forecast. These shifts will blur the roles played by internal IT staff, managed IT service providers, and those accountable for the company’s information security, with MSPs acting as leaders in the security evolution for their customers.
It won’t be easy. A recent report from research company Gartner reveals the increasing role corporate leaders will need to play in security strategy and compliance. MSPs will be tasked with bridging this cultural shift by helping management adapt to its security partnership through implementing tools, policies, and procedures tailored to specific company outcomes. MSPs adding security as part of their strategic role will find some initial discomfort but will benefit through increased customer trust and revenue opportunities.
“The stories that we’ve seen during the COVID-19 outbreak are the latest example highlighting the failed approach to cyber security that many organizations take,” says Paul Proctor, Distinguished VP Analyst at Gartner. “While executives were focused on ensuring compliance and stopping hackers, simple opportunities like enabling secure remote access technologies — which have a much larger business impact — were ignored. Now, organizations are scrambling to catch up.”
Security Solutions for MSPs – Seven Trends in 2021
- Remote work and its risks will increase – MSPs will be in an increasing demand for building best practices around the remote workforce. Forbes Magazine notes employees permanently working from home will double in 2021 “. The productivity metric is proving that remote work is working,” said Erik Bradley, chief engagement strategist at Enterprise Technology Research (ETR). “So, we all thought that there would be some increase in permanent remote work, but we didn’t expect that to double from pre-pandemic levels.”
- Pressure from boards and financers will intensify – Company boards will increasingly pressure CIOs and CEOs to explain security plans and guarantee 100% security. Since there is no 100% guarantee, the C-Suite will need to explain the ways its team mitigates risk. As breaches and ransomware increase, executives will need to pivot and protect its community. Boards already want to see evidence of security compliance and vision, especially given the spike in incidents from the global pandemic, including increased phishing threats and hackers seeking to infiltrate vulnerable home computers. No one can guarantee 100 percent, so basing security practices on the NIST cyber security framework and implementing the Center for Internet Security’s Top 20 Critical Security Controls will be a vital part of security and reporting.
- Many Gadgets, Many Threats – People will increasingly use the cloud, apps, phones, and private computers. All of them will be more vulnerable this year. To protect those home-based employees, the customers, and company leadership against these threats will be seen as a cultural issue, with compliance and policy training, corporate governance, and regular oversite, as required practices in a comprehensive security program. Vulnerabilities will be identified, assessed, and reviewed on a regular basis across companies. Companies will often need guidance and expert advice from experienced security professionals to help integrate those measures.
- Ransomware ramps up – MSPs need to steer companies away from the balance sheet of cyber security profit/loss models, where small infractions here and there are seen as manageable. The honeypot of cyber security is ransomware, where criminals extort multi-millions or take down the entire company. The huge cases made public show only the tip of the iceberg of extortion. Small companies are increasingly more vulnerable, because hackers know security is often Multi-million-dollar payouts are already a regular part of the corporate landscape. So buckle up and clamp down.
- Tailored solutions in 2021 – Companies will have unique threats and pressures. MSPs will need to increasingly partner with a SOC, to ensure MSPs will guide solutions through tools, policies, compliance, and testing. These approaches require unique applications to fit the needs of specific business models.
- Regular engagement will be essential – Because so many devices are now vulnerable, the MSP’s role will increase as it focuses on regular testing and adaptation to changing cyber threats. Sometimes, there might be pushback from corporate leaders as they adjust to this new role. inSOC CIO Jeff Gulick said, “MSPs need to change in 2021. They need to be security conscious. They need to ensure that their customers are informed of exposure to security risks and that the customer either approves and executes security recommendations or documents that they accept the risk.”
- The SOC/MSP relationships will grow – A SOC offers MSPs the ability to provide mature SOC capability rapidly and with proven expertise, making managed cyber security attainable without draining budgets through expensive tools, resources, and talent time. Gulick said, “They also have to start to think about security in a new way. They have to think about bringing in the expertise and the tools to do this. “Most companies don’t have the bandwidth to do that, and that’s why inSOC was born, because you can outsource that function to an expert team.”
Contact inSOC for more information on our security solutions for MSPs, and how we can help your MSP stay one step ahead in 2021.