To say that today’s cybersecurity threat environment is risky for companies and individuals, would be a profound understatement. Cyber Crime as a Service (CCaaS), automated and continuous breaches, ransomware paid in untraceable digital currency, and a serious lack of available cyber talent for hire are only a few examples of the threats.
Thankfully, managed security services providers (MSSPs) are attempting to bring relief to overworked and understaffed IT departments by providing cybersecurity expertise and education for executives, boards, and ownership to help grasp the profound impact digital risk has placed on their business operations.
This relatively new field of managed detection and response (MDR) vendors highlights remediation as a business deliverable and encourages businesses to adopt the mantra, “assume the breach.”
The challenges for the MSSP are many, but the benefits are timely. Integrators and service providers must counter digital risk for the simple reason that their own customers are in danger. The SMB and mid-enterprise customer segments are the priority targets of organized cyber criminals, as they are assumed weaker and less vigilant. MSSPs must educate these customers to understand the threats and invest in solutions.
Solutions to Offer
MSSPs can offer a variety of solutions, from simple anti-virus and firewalls to 24/7 monitoring and threat hunting – but it all starts with a risk assessment to determine potential threats. MSSPs must determine the intent of a customer’s adversary and prioritize its security accordingly. In many cases, this involves outsourcing cyber talent that firms cannot always afford to have on staff. MSSPs can assist with on-site resources, remote threat monitoring, and even outsourced Chief Information Security Officer (CISO) services.
Educating business leaders and justifying the need for a cybersecurity program aren’t where the challenges stop for integrators. Declining software and hardware prices and low-margin break/fix service models are being replaced with cloud-based deliverables and subscription fees. These adjustments can be cumbersome, but the RMR generated by this model is worth it.
Business Adjustments
Business valuation and equity clearly benefit from RMR, but it requires new sales compensation models and training to help staff adjust. Marketing departments are challenged as well, as messaging cyber threats can be a delicate balance – not too alarmist, but with seriousness and urgency.
How does an integrator begin to form a managed services model? Here are three keys:
1. Focus on the “why” – Integrators must constantly educate their customers on the threats of cybersecurity and the risks of ignoring it. Their understanding that it is not a matter of if but when they will have a breach or cyber threat is of the utmost importance.
2. Start slowly – It is impossible to convert all business to a managed services model right away. An integrator should aim to see 10% of the business’ value under the MSSP model within the first year and can continue to ramp up from there.
3. Pick the right partner – There is so much education involved in making the switch to this model, and it impacts everything from product to sales and marketing. PSA is offering guidance for integrators who join its MSSP program in the way of vetted vendor partners, financing assistance, education and more.
Dan Dunkel is Managing Director of the Managed Security Service Provider (MSSP) program for PSA Security Network. Request more info about PSA at www.securityinfowatch.com/10214742.
