MSPs 'behind the ball' with cybersecurity and struggling with the pressure

clock • 4 min read

MSP and ConnectWise exec discuss security pressures, readiness and tackling the issue

Cybersecurity is leaving MSPs constantly catching up and feeling intense pressure, according to channel players.

Joy Beland, senior director of cybersecurity education at ConnectWise, told CPI in an interview that MSPs trying to tackle cybersecurity head-on may be finding it "terrifying".

Meanwhile, Courtney Briddes, VP of managed services operations at Royersford, PA MSP Eb Logix, said that service providers are "behind the ball" when it comes to cybersecurity and that the situation is "scary".

"The first key impact is that [MSPs are] learning a new skill set, and not just protecting their own business but learning to protect their clients," Beland explained. "And that is something that is stressful and either can be something that they embrace and take on and reinvent themselves as a cyber superhero, or it can be terrifying and make them feel like they're behind in everything that they're doing, which is…a really stressful time for the engineers and the owners."

Briddes agreed, adding that MSPs are coming to realize that they are very likely behind the curve when it comes to keeping on top of cybercriminals.

"It's scary; very scary," she said. "It's one of those things where you think that you're doing what you need to do and then you find out ‘wow, we really need to step it up'. And…we're all behind the ball - the MSP industry as a whole is behind the ball and we're in a kind of reactive mode, which is not indicative of what MSPs are supposed to be about. We're supposed to be about being proactive and monitoring and taking care of things before they break."

One of the major problems, Briddes notes, is the resources cybercriminals have access to and how MSPs can tackle that.

"These guys have so much money…and I don't know how we can stay on top of it other than putting together a tool stack that helps to prevent these attacks."

Under pressure

When it comes to the pressure MSPs are feeling, Beland notes that MSP owners and in-house engineers are the people who will be feeling the most pressure from trying to get cybersecurity right. "I think that the owner is feeling such tremendous fiscal responsibility and fear behind everything they've built, and having the knowledge that they may be held accountable for something that they haven't clarified in their contracts, while having to rely on their staff who may or may not have the level of education or confidence or expertise [needed]…"

Technicians and engineers, meanwhile, may find themselves having to incorporate security without the time and money to get the proper education, Beland said, describing this as "a tremendous amount of responsibility on their shoulders".

This is all compounded by the pressure the MSP feels more broadly knowing the potential impacts of a customer breach.

"What I hear and what I see when I talk to MSP owners is how hard it is to be in business now, knowing you could lose it any day, knowing that your entire team - every resource you have - might have to be deployed on something and how are you going to be able to effectively manage the needs of all of your other clients? If there's a major breach at one of your clients, your engineers will be expected to do so much more to secure environments without being given a lot of technical training and support in how to do that."

One way MSPs can tackle the issue is by revisiting how they incorporate cybersecurity training into their culture, Beland said. It's important to consider the benefits of increased training, along with more remote working and more self-care initiatives, she suggested.

As an example, Beland noted that during her time as an MSP owner, she involved her entire staff in incident response training, including operations staff, accounting staff, "marketing, interns, the dispatcher - everybody", she explained.

"All of us went through it together so that the whole team could see what kind of burden is on the backs of the engineers when they go through incident response. And they would learn to support the engineers in ways like ordering lunch for them and just giving them the support that they need in whatever way is the most appropriate at the time."

This, she said, gave the engineers a better level of confidence for carrying out live incident response planning.

"I think the entire team was bolstered in a new way with our internal culture to be really all in and all for one. The separation that naturally starts to happen between technicians and marketing or accounting, for example, in any type of a technology service provider needs to be brought back together to really support the mental health of everybody and make them even more of a team in this kind of an environment."

More on Managed Service Provider (MSP)

(From left to right) Guy Golan, Scott Nursten and Mark Overton

MSP Transform: 'Our job is to collaborate with each other… I know that's difficult, there's a lot of egos in the room'

CRN’s MSP-led event heard leaders get candid on predicted spending shifts and how best to utilise cybersecurity

Kelsey Rees
clock 20 October 2022 • 2 min read
Hege Støre to take over as CEO of Nordic MSP Advania

Hege Støre to take over as CEO of Nordic MSP Advania

She will take the reins in November after joining the group in 2021 following its buy of Visolit

Kelsey Rees
clock 13 October 2022 • 1 min read
Claranet snaps up three companies to build services business in France, the DACH and Southern Europe

Claranet snaps up three companies to build services business in France, the DACH and Southern Europe

The three groups operate in France, Germany, Switzerland and Italy, which will ramp up the UK MSP's capability to provide digital services across Europe

Kelsey Rees
clock 09 September 2022 • 2 min read

Spotlight on

HP to axe 6,000 jobs after tough Q4 earnings

HP to axe 6,000 jobs after tough Q4 earnings

The vendor said it would axe up to 6,000 of its workforce by 2025 after a difficult Q4

Shane Snider
clock 24 November 2022 • 1 min read
SoftwareONE soars double-digits in EMEA in solid Q3 results

SoftwareONE soars double-digits in EMEA in solid Q3 results

The software solutions giant posted healthy growth across all its business lines

Kelsey Rees
clock 24 November 2022 • 2 min read
VMware's Q3 'met expectations' despite flat revenues amid looming Broadcom deal

VMware's Q3 'met expectations' despite flat revenues amid looming Broadcom deal

The group’s net income plunged more than 40 per cent however saw a double-digit rise in subscription and SaaS revenues

Kelsey Rees
clock 24 November 2022 • 2 min read
Bechtle makes third acquisition of 2022 with MSP ACS Systems buy

Bechtle makes third acquisition of 2022 with MSP ACS Systems buy

The UK-based MSP focuses on cybersecurity, modern work concepts as well as managed IT and cloud services

Kelsey Rees
clock 24 November 2022 • 2 min read