“ Cybersecurity is a never-ending battle . Because of this , it ’ s important to have conversations that help nontechnical business leaders and stakeholders understand that cybersecurity is a goal and journey , not a destination .” — Chris McKie
help your customer better understand — the immediate need for improving their IT defenses , all while fostering a more proactive stance toward cybersecurity within their business .
Q : Why has investing in cybersecurity been a challenge for SMBs ?
McKie : The journey toward cybersecurity maturity ranges from those still questioning the basic need for antivirus software to businesses with sophisticated , proactive security operations centers ( SOCs ). The path will be unique for each organization .
It ’ s scary to think , but also sad to realize , that securing additional funding for IT security has been , and continues to be , a common challenge . For years , many businesses have viewed security as a cost center . This makes it a daunting task for MSPs to convince customers that they need to increase their cybersecurity budgets . The ever-expanding attack surface and the sophistication of cyberthreats mean that cybersecurity is an ongoing endeavor , however , necessitating continuous investment .
You can improve your messaging around cybersecurity by helping your customers view it through the lens of business benefits . Shifting the conversation to emphasize risk management and the inherent uncertainties in security can help make the case for additional investments . This can then lead to the acquisition of necessary tools and technologies , even when their function may not be immediately apparent to non-experts .
Q : How does the need for cyber insurance help MSPs “ sell ” security ?
McKie : The required solutions needed to comply with insurance company security mandates can be a great sales conversation starter . Looking at it from [ a ] cyber insurance requirements perspective , endpoint detection and response — EDR — is often mandated . In addition , managed SOC or managed detection and response — MDR — is increasingly required . Security awareness training is also one of those check-box items that is a powerful and relatively affordable tool to offer customers .
Another way you can help direct the spending is by conducting tabletop exercises that simulate cyberattacks with your clients . It is a way that you can go in , meet with business owners , and conduct a make-believe scenario around ransomware . Having these exercises regularly further installs you as a cybersecurity expert and shows where the client ’ s gaps are .
Q : What should MSPs be recommending that their SMB customers do NOW to bolster cyber resilience and counter digital threats effectively ?
McKie : It ’ s all important — from prevention to detection to remediation . But a new area in the security world I ’ m excited about is called SASE —“ sassy ”— secure access service edge . It ’ s geared to protect remote and hybrid workers just like [ they ] are behind the corporate firewall . VPNs can ’ t do that .
The real question is , how long is it going to take you to recover from a cyberattack ? MSPs have an opportunity to expand revenue and help their customers reduce downtime with solutions like BCDR , managed SOC , and incident response planning . Your customers need to understand that backup is a huge part of their security posture . It ’ s not enough to say you are doing backup . Be sure to test your customers ’ backups regularly ... and don ’ t forget to back up their SaaS applications like Microsoft 365 , Google Workforce , and Salesforce .
Q : At the end of the day , breaches happen . What does good communication around cybersecurity incidents look like ?
McKie : If you are doing tabletop exercises in advance with your customers and have an incident response plan , everyone will know who to contact internally and externally , and when . Know who your local FBI contact is ... they have a cybersecurity task force set up to help . Mistakes happen when people are nervous and rushed — so prepare beforehand and know the game plan , because sooner or later , it ’ s probably going to happen . In terms of communications with your customers , the key thing is to be clear and transparent . Communicate early and often — sharing what you can . Many companies will take months to report a breach , and it negatively impacts their customers ’ confidence in doing business with them .
Q : Any closing words of wisdom ?
McKie : Cybersecurity is a never-ending battle . Because of this , it ’ s important to have conversations that help nontechnical business leaders and stakeholders understand that cybersecurity is a goal and journey , not a destination . Compliance is not security . Having a firewall is not security . Even if you use the latest and greatest tool stack out there , there ’ s no such thing as 100 % security . Strong security revolves around people , processes , and technology . Help your customers recognize that all three — not just technology — need constant nurturing , development , and attention to build a cybersecure culture and resilient workplace .
MSPSUCCESS . COM | 33