Worldwide SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market. Yet many IT service providers are shying away from this services goldmine because they don’t possess the people, process, or technology to address increasingly sophisticated cyberattacks. Ironically, your customers believe you are handling ‘all things’ security related, which begs the question; is there a way to have a common language to communicate and mitigate the ambiguity of ‘who owns the risk?’
Why does your customer feel you are responsible for ‘all things’ security related? Have you ever said any of the following things to a prospect and/or customer? “We are your outsourced IT department. We reduce your risk and exposure. Our Virtual CIO (vCIO) meets with you quarterly to ensure your business and technology requirements are in alignment. You pay one monthly fee that is outcome driven. We do it all!” For more than ten years, our industry has preached managed services at every industry event and customer/prospect engagement. Our industry has prophesied managed services and therefore conditioned our customers that ‘we do it all!’
With today’s attacks becoming more sophisticated, the days of securing ourselves and our customers through a tools-based model (endpoint and firewall protection, email security/backup, and DNS) are not enough. Some managed service providers (MSPs) have started to add phishing services with security awareness training, which is an excellent step in meeting compliance for security awareness training.
Understanding Cybersecurity Risk Assessments
To recalibrate our customer’s mindset, we need to be able to speak a common language about how the threat landscape has changed, and what has worked for years, won’t work in the future. A cybersecurity risk assessment is necessary to identify the gaps in your customer’s critical security controls and to determine actions to close those gaps. Learning how to perform a risk assessment, and more importantly, the art of having the conversation about ‘who owns the risk,’ are the critical next steps an MSP should be taking with their customers if they are not today. Vulnerability scanning and continuous monitoring would be critical next steps, post risk assessment.
ConnectWise has an ever-evolving ecosystem that extends from the roots of our core platform. Our ecosystem consists of 160+ solutions you can purchase through us plus even more integrations available in our Marketplace. Learn how you can connect into the ecosystem in your own unique way.
John Ford is VP and CISO of the ConnectWise Cybersecurity Center of Excellence (CCCoE). Read more ConnectWise blogs here.
