CyberSmart arming MSPs in security fight

SMEs are increasingly looking to their managed service providers (MSPs) to cover their security needs as well as expecting the channel to demonstrate a personal commitment to data protection.

Due to their position in the supply chain, MSPs have increasingly become a target for cyber criminals, yet the channel has to simultaneously hold the hands of customers that are far from expert in this area.

Jamie Akhtar, CEO and co-founder of CyberSmart, works with hundreds of MSPs that sell into a base of thousands of SMEs, and has seen the challenges that partners face, particularly with helping customers that are unaware of data protection best practices..

“The majority of companies don’t have policies when it comes to cyber security, and have not undertaken a risk assessment or have cyber insurance, nor have they done security awareness training – and the list goes on. So, for the most part, SMEs have got that consumer-level awareness, which is, ‘Don’t click links and try not to use the same password’,” he said.

“Most businesses lack good cyber hygiene around people process and technology, so they don’t do the training or have the policies and they don’t have visibility of technology. They don’t even know what laptops people have or what operating systems they’re running or what software is on there. Therefore, they’re sitting ducks when it comes to criminal activities and hacking," he added.

CyberSmart has found that more small customers are starting to use MSPs to handle their security needs, but their expectations are also changing.

"More people are opting in to an MSP. But where this gets really interesting is that what people expect from what MSPs [changed]. It started up being about delivering managed IT services, and over the past five years the perception of SMBs and customers shifted towards, ‘If you supply my IT, then you should secure my IT, and if it gets hacked or if it breaks, that’s down to you’,” he said.

In an attempt to encourage a greater focus on security, the firm has been running a MSP Resilience campaign after finding that very high numbers had suffered an attack in the past 18 months.

Akhtar said that because the companies serves hundreds of customers, MSPs make for an attractive target to attack as one successful hit would produced decent results.

“MSPs are a really interesting attack vector for hackers. To add to that, this isn’t like user-level access, it’s usually privileged access, like administrator rights to the fullest state of the organisation, including all their backups. So, you can imagine what kind of damage you can do if you’re inside an MSP,” he said.

“We launched a campaign early on this year to help MSPs improve on security...we’ll provide you all of our software and tools and certifications [of] government standards insurance for free.”

As a result, the firm has added 22 partners this year through the campaign, and is keen to do its bit to encourage greater security awareness across the channel.

“I would advise [an MSP] to look at their own security first. If you come back to the free three basic pillars – people, process and technology – does everyone in your MSP understand the basics on security? They can do some online training courses to give them that kind of awareness and to understand what the attack landscape looks like and why people might be targeting them or their customers,” he said.

“It’s basically two steps, which is to get yourself fit for purpose first and then get your customers to the same level,” he added.