MSPs expand their security practices to meet demand: Kaspersky
Most Managed Service Providers (MSPs) plan to expand their cybersecurity practices to meet demand from businesses worried about the massive increase in threats that have occurred at the same time as they faced drastic change. towards hybrid work environments caused by COVID-. 19 pandemic.
In a report Released last week, cybersecurity provider Kaspersky found that 93% of MSPs in North America intended to expand their portfolio of IT security services, with threat intelligence being the top choice at 49%.
Threat Intelligence Services MSPs plan to offer include Advanced Persistent Threat (APT) 30% Reporting, Threat Data Feeds and Searches, Malware Analysis, Evaluating security and the discovery of targeted attacks.
The demand for security services can also be seen in the growth of MSPs and Managed Security Service Providers (MSSPs), according to the Kaspersky report. The pandemic has forced both categories of service providers to adapt to changes in the IT environment and to demonstrate agility and resilience, particularly in the face of changing customer needs.
See Also: Top 12 Managed Security Service Providers (MSSPs) of 2021
Security, a booming business
More than nine in 10 MSSPs (91%) have seen their clientele increase since 2019, while almost the same could be said for MSPs (81%). Additionally, 94% of PSMs expect the trend to continue, saying revenues will increase over the next two years.
“It is clear that the dependence of businesses on IT is increasing and will continue to grow, so it is very important that MSPs pay special attention to security,” wrote the authors of the report. “This means strengthening both the security posture and their own protection, which requires the installation of new products and the provision of layered security on the customer side. “
According to Mikhail Kolchin, head of MSP activities at Kaspersky, MSPs understand that in an increasingly complex business environment, the need to protect against security risks will only increase. Services like threat intelligence are part of the solution to being proactive in an IT world where it’s not enough to be reactive.
“High quality [threat intelligence] involves a range of characteristics, such as having a rich context that creates intelligence from data and provides additional value, ”Kolchin said in a statement. “It also involves the support of a team of recognized experts with a proven track record of detecting complex threats and smoothly integrating services into a company’s existing security operations. “
For its MSP 2021 study, Kaspersky earlier this year surveyed 606 people in 21 countries, including managers or others in higher positions, MSPs and MSSPs.
Organizations are increasingly turning to MSPs for additional expertise in a rapidly changing IT space. Around 52% cited this expertise as their main reason for using PSM, while 50% cited financial efficiency. Additionally, 45% said efficiency in delivering cybersecurity services was a key motivator, while 49% indicated the need to meet compliance requirements.
Additionally, 24% said they approached MSPs or MSSPs in direct response to a data breach.
“This again demonstrates the need for businesses to have dedicated and specific resources to prevent a breach from occurring and to guard against what could potentially lead to huge financial and reputational consequences if not handled properly. “, wrote the authors.
Also read: How to Start a Managed Detection and Response (MDR) Business
Remote work, ransomware drives demand
The dramatic shift to remote working is forcing companies to embrace new technologies and solutions, and MSPs are essential in supporting this transition by removing technology worries from customers’ minds, especially at a time when there are always a skills shortage and concern among organizations about being able to keep themselves safe, according to the report.
“Greater reliance on technology has also given companies a better understanding of the need for tight cybersecurity to protect their data,” according to the authors. “With the technology underlying critical processes, it is essential that the link between IT security and digital addiction is not underestimated. “
They wrote that “the reliance on digital continuity and complex distributed infrastructure, coupled with a lack of resources and skills, has increased business concerns about their ability to deliver cybersecurity. Attacks causing downtime, particularly ransomware and cryptolocker attacks, were frequently mentioned by respondents as a top concern affecting their business.
The findings of Kaspersky’s report reflect what market research firm Channelnomics has seen in its own research, according to Chris Gonsalves, senior vice president of research for the company. More than 60% of MSPs tell Channelnomics that their number one priority is to launch managed security services due to the increased interest in the market, Gonsalves said. Channel insider.
This interest among businesses is real, he said. Research on companies undergoing digital or cloud transformation efforts has revealed that a key feature these organizations want is increased security.
“On both sides of the equation, there is absolutely this imperative for Managed Service Providers to become Managed Security Service Providers and start those kinds of practices, ”said Gonsalves.
Also Read: Best Backup Solutions For MSPs To Protect Against Ransomware
Becoming an MSSP is not easy
However, he added, “Just because you can do something doesn’t mean you have to do it and safety is the ultimate example of that. Most MSPs are unprepared to become managed security service providers, not good ones. There is a huge responsibility when you present yourself to customers now as a security service provider.
MSPs take responsibility for protecting customer systems in the best possible way. At the same time, MSPs themselves are increasingly becoming a target, as bad actors want to take advantage of tools like remote monitoring and management (RMM) software used by managed service providers to monitor. their customers’ IT environments. By compromising the MSP, hackers break into these client systems.
In view of this, MSPs should first consider whether they are capable of fulfilling the role of MSSP. They should ensure that their own systems and networks are secure by complying with frameworks like the NIST CSF, that they use any protections on their own systems that they would recommend to their customers, and that they are sufficiently familiar with the their clients’ businesses to assess the risks inherent in their particular industries.
In addition, MSPs should ensure that they have the necessary skills and expertise for tasks such as risk assessment and vulnerability management. The yawning cybersecurity skills gap has been well documented and this is one of the reasons the demand for MSPs and MSSPs is so high, Gonsalves said.
Yes, there is a high demand for MSP and MSSP to provide security services and this opportunity for service providers is great. However, with that comes a caveat, he said.
“Safety is serious business,” Gonsalves said. “Many MSPs aren’t ready to do the right thing, and you have to do some soul searching if you want to create a managed security services practice, because you’re going to be responsible for protecting your client and that’s different. than saying “I’ll make your networks work” or “I’ll keep your laptops working. This is an area in itself and serious business.
Further Reading: The Data Protection Business Model Requires A Nuanced Approach For PSMs