to address this shortfall by partnering with universities and engineering schools to cultivate talent and incentivize new hires to grow within their organizations . All tech companies , however , can address the talent shortage by providing educational programs and individualized career paths for employees , whether they ’ re coming in as a tech , a Security Operations Center analyst , or an account manager — the only requirement is that they have the desire to diversify themselves and learn about cybersecurity . These initiatives allow workers to seek out and gain additional training and opportunities to expand their knowledge so they can be competitive for one of those positions within the organization . This is one step toward solving the hiring challenges around cybersecurity .
Importance Of Helping Customers Focus On A Security-First Culture
The key to creating a security-first culture is education — and that applies to both a company ’ s executive team and its employees . To have a long-standing impact , MSPs will need to win over their customers ’ leadership team on the importance of a security strategy and building out their security stack . It doesn ’ t have to be an uncomfortable conversation like talking to your kids about drugs and alcohol . No one will argue the devastating effects a cyberattack can have on a company , from lost revenues to reputational damage . Collaborating with customers to help find security gaps helps stakeholders make educated decisions on how to potentially prevent catastrophic losses and protect their business .
Every plan should account for security awareness education . Onboarding should incorporate training , followed by monthly phishing campaigns to confirm retention and that employees are following through on preventive measures . With more people working remotely , it ’ s essential that workers are up to date on email security . Employees may come to see the training as cumbersome or boring , so it ’ s helpful to rely on tools that deliver engaging content that is “ to the point ” and uses gamification in the form of points , badges , leaderboards , and scoreboards ; this is huge when it comes to these types of training programs . Interactive components such as selecting an avatar make it engaging and fun .
Solutions Every MSP Should Offer Clients
Choosing solutions to help secure customers ’ environments can be overwhelming . Every organization has a risk tolerance gauge , which is why a quantitative assessment simulation based on that tolerance is crucial to help understand the prospective costs associated with the value of what needs to be protected . A client is not going to spend $ 3 million to protect a $ 30K asset .
Once there is buy-in from a company ’ s C-suite , various tools help ensure customers are safe . Key technologies should offer unified tools that incorporate application scanning , managed detection and response , backup and recovery , and anti-phishing and security awareness training — preferably through a learning management platform that offers engaging content and customizable videos . The better solutions will also automate these tasks to free up time for IT professionals . This may be a lot for small- to medium-size business internal IT teams to tackle , which is why outsourcing to an MSP is ideal . They can offer integrated solutions and address various security issues depending on the organization ’ s budget .
Cybersecurity Is 24 / 7
Cybersecurity is a continuous process that never ends . Understanding that the current threat landscape is always evolving , MSPs need to implement cybersecurity programs that mirror what attackers are doing . Do not become complacent . Educate yourself on the cybersecurity ecosystem constantly , even if it ’ s just blocking out 10 minutes a day . Remember , you are the trusted advisor . n
Security Championship Program
MSPs can encourage their customers to establish a Security Champion Program within their organization . This involves designating certain employees as “ security champions ” to help identify severe threats and act as security ambassadors . Champions are responsible for :
• Organically building institutional security knowledge
• Facilitating open lines of communication between teams
• Diversifying security resources in case of incident response
• Acting as a conduit between engineering and security teams for alignment and best practices
About The Author
Jason Manar is the chief information security officer ( CISO ) of Kaseya , a premier provider of unified IT management and security software for MSPs and SMBs . He plays a pivotal role in further solidifying the company ’ s security stance . Jason oversees information security and compliance , leading the cybersecurity division to identify the industry ’ s latest threats and vulnerabilities and intercept them . As CISO , he also ensures compliance with security requirements associated with government regulations , which vary by global region . Prior to joining Kaseya , Jason was a supervisory special agent ( SSA ) with the FBI ’ s Cyber Division where he worked in the Major Cyber Crimes Unit combating cybercriminal threats targeting U . S . entities .