N-able Research: How Are MSPs Adapting to a Rapidly Changing Environment?
Since the start of the pandemic, MSPs have faced extraordinary challenges—in many cases, carrying the burden of responsibility for ensuring their customers are able to continue operating in the face of an uncertain and constantly changing business environment. At the same time, they have also had to adapt their own ways of working in order to continue to operate and survive.
In response to this dramatically changing environment, N-able has launched a benchmarked annual report (in association with Coleman Parkes Research) looking at the role of MSPs and the critical part they play in protecting their customers’ businesses.
This year’s report uncovers some important key points, including:
- MSPs are fast becoming primary targets for cyberattacks—almost all MSPs have suffered a successful cyberattack in the past 18 months and 90% have seen an increase in attacks since the pandemic started
- 82% of MSPs’ customers have seen an increase in attempted cyberattacks
- MSPs are raising security budgets by an average of just 5%
- Automating key functions is critical to making headway against cybercriminals
- While backup is a core offering, only 40% of MSPs are backing up workstations every 48 hours or less—this needs to improve
- With just 40% implementing two-factor authentication (2FA) on their own systems, MSPs still need to focus more on implementing the basics
- Small and medium-sized enterprise (SME) security budgets are increasing, giving MSPs an opportunity to sell more and better services
The reality is that MSPs are doing what they can in an almost untenable landscape. While many are increasing their spending, there are questions as to whether they are increasing it enough to combat the near doubling of direct attacks on MSPs.
One thing that is abundantly clear is that implementing the basics is more important than ever. Our report identifies several key areas that need immediate attention:
1. Automation is crucial
With attacks increasing in both volume and sophistication, managing defenses manually is impossible. So, implementing greater levels of automation is essential to help keep customers’ businesses secure. Here’s what we’re seeing in the market:
- Automated backups are the most common form of automation used by MSPs to keep their customers’ businesses secure.
- Automated patching—80% of MSPs are applying patches automatically.
- Web filtering—90% of MSPs are providing automated web filtering, though mostly URL-based. Only around one in ten are using more secure DNS filtering.
- Automated redeployment security tests and configuration checks are currently used by less than a quarter of MSPs.
2. Backup is critical—but we need to get the frequency right
Backup is crucial as the last line of defence in any attack—MSPs need to be able to recover their customers’ data and systems no matter what. In general, backup is provided to most customers, but of major concern is the fact that only 40% of businesses are backing up workstations every 48 hours or less. The news is better for servers as they are more frequently backed up, with 74% backed up every 48 hours or less.
3. Multifactor authentication is being ignored
While almost all MSPs offer two-factor authentication (2FA) to their customers, only 40% use it themselves. And despite it being offered, only a third of customers are currently using 2FA. However, MSPs report that they have plans to migrate 95% of customers to 2FA in the next five years, with most being done in the next two years.
Time for the unsung heroes of the pandemic to maximize the security opportunity
MSPs have proven their worth many times over during the past couple of years, becoming valued extensions to internal IT teams. However, they cannot afford to let this trust they’ve accrued be eroded by a failure to protect their own systems. While many MSPs are responding by upping their security budgets and investing in new tools, the increases are small and may not be enough to combat the rise in attacks.
In this situation, focusing on the basics of cyber-hygiene is critical. While many MSPs may address this with their customers, it is important they lead from the front, implementing the same technologies used by customers for their own businesses. The most critical areas our survey highlights are the use of MFA, alongside more regular backups, and a greater emphasis on automation.
This is just a small snapshot of what the N-able report reveals. To find out more download the full report “State of the Market: The New Threat Landscape” here.