MSPs 'behind the ball' with cybersecurity and struggling with the pressure

clock • 4 min read

MSP and ConnectWise exec discuss security pressures, readiness and tackling the issue

Cybersecurity is leaving MSPs constantly catching up and feeling intense pressure, according to channel players.

Joy Beland, senior director of cybersecurity education at ConnectWise, told CPI in an interview that MSPs trying to tackle cybersecurity head-on may be finding it "terrifying".

Meanwhile, Courtney Briddes, VP of managed services operations at Royersford, PA MSP Eb Logix, said that service providers are "behind the ball" when it comes to cybersecurity and that the situation is "scary".

"The first key impact is that [MSPs are] learning a new skill set, and not just protecting their own business but learning to protect their clients," Beland explained. "And that is something that is stressful and either can be something that they embrace and take on and reinvent themselves as a cyber superhero, or it can be terrifying and make them feel like they're behind in everything that they're doing, which is…a really stressful time for the engineers and the owners."

Briddes agreed, adding that MSPs are coming to realize that they are very likely behind the curve when it comes to keeping on top of cybercriminals.

"It's scary; very scary," she said. "It's one of those things where you think that you're doing what you need to do and then you find out ‘wow, we really need to step it up'. And…we're all behind the ball - the MSP industry as a whole is behind the ball and we're in a kind of reactive mode, which is not indicative of what MSPs are supposed to be about. We're supposed to be about being proactive and monitoring and taking care of things before they break."

One of the major problems, Briddes notes, is the resources cybercriminals have access to and how MSPs can tackle that.

"These guys have so much money…and I don't know how we can stay on top of it other than putting together a tool stack that helps to prevent these attacks."

Under pressure

When it comes to the pressure MSPs are feeling, Beland notes that MSP owners and in-house engineers are the people who will be feeling the most pressure from trying to get cybersecurity right. "I think that the owner is feeling such tremendous fiscal responsibility and fear behind everything they've built, and having the knowledge that they may be held accountable for something that they haven't clarified in their contracts, while having to rely on their staff who may or may not have the level of education or confidence or expertise [needed]…"

Technicians and engineers, meanwhile, may find themselves having to incorporate security without the time and money to get the proper education, Beland said, describing this as "a tremendous amount of responsibility on their shoulders".

This is all compounded by the pressure the MSP feels more broadly knowing the potential impacts of a customer breach.

"What I hear and what I see when I talk to MSP owners is how hard it is to be in business now, knowing you could lose it any day, knowing that your entire team - every resource you have - might have to be deployed on something and how are you going to be able to effectively manage the needs of all of your other clients? If there's a major breach at one of your clients, your engineers will be expected to do so much more to secure environments without being given a lot of technical training and support in how to do that."

One way MSPs can tackle the issue is by revisiting how they incorporate cybersecurity training into their culture, Beland said. It's important to consider the benefits of increased training, along with more remote working and more self-care initiatives, she suggested.

As an example, Beland noted that during her time as an MSP owner, she involved her entire staff in incident response training, including operations staff, accounting staff, "marketing, interns, the dispatcher - everybody", she explained.

"All of us went through it together so that the whole team could see what kind of burden is on the backs of the engineers when they go through incident response. And they would learn to support the engineers in ways like ordering lunch for them and just giving them the support that they need in whatever way is the most appropriate at the time."

This, she said, gave the engineers a better level of confidence for carrying out live incident response planning.

"I think the entire team was bolstered in a new way with our internal culture to be really all in and all for one. The separation that naturally starts to happen between technicians and marketing or accounting, for example, in any type of a technology service provider needs to be brought back together to really support the mental health of everybody and make them even more of a team in this kind of an environment."

More on Managed Service Provider (MSP)

One day to go: Last chance to register for free for CPI's studio broadcast - Inside Track 2023

One day to go: Last chance to register for free for CPI's studio broadcast - Inside Track 2023

Ahead of tomorrow’s live broadcast, here’s a sneak peak at one of the panels of CPI’s flagship MSP event, Inside Track

Kelsey Rees
clock 18 April 2023 • 2 min read
Chris Armstrong (left) and Tim Simons (right)

Inside Track final speakers announced: What game-changing cybersecurity trends will be ripe for investment in 2023?

With one week until we go live, CPI announces the two speakers who will be joining the final studio panel of the MSP-focused event

Kelsey Rees
clock 12 April 2023 • 1 min read

Spotlight on

Join us on the CRN network

Join us on the CRN network

The new home of channel news, research and intelligence

clock 17 August 2023 • 1 min read
Fujitsu pulls plug on European PC business

Fujitsu pulls plug on European PC business

Manufacturer to move towards datacentres, hybrid cloud and platform services

Martin Fryba
clock 04 August 2023 • 1 min read
Germany's CANCOM shrinks FY23 guidance after 'one-time' hit to earnings

Germany's CANCOM shrinks FY23 guidance after 'one-time' hit to earnings

The reseller also demoted expectations for its FY22 results

Kelsey Rees
clock 04 August 2023 • 2 min read