Cybersecurity Is a Partnership, Not a One-Way Street

“Companies choose an MSP partner whit the idea of long-term relations”, says Maxim Akimov, N-able’s Distribution Manager for Northern, Central and Eastern Europe.

Some years ago ERP systems were becoming common and ERP companies were telling businesses, “you must re-engineer your business processes in order to implement an ERP”. Today, with the advancement of security-managed services, organizations should once again change – they should re-engineer their security practices. According to Mr. Akimov, “If businesses want to minimize risks and stay on top of technology, they need to follow the recommendations of professionals who spend hours every day studying best practices and new tools.” N-able is a world leader in the field of integrated solutions for managed services providers.

Mr. Akimov, cybersecurity seems to be a never-ending challenge for businesses. What are the biggest security issues you see companies combatting now?

An issue that is starting to wane but that we still encounter, is some of the smaller companies still believe they’re not a target for cybercrime, largely because they feel they have little value to be stolen. This is so far from reality, company and customer data is one of the most valuable assets a business has, and no matter the size of the company can catch the eye of cybercriminals. Phishing, malware, zero-day attacks, and application vulnerabilities all represent modern-day threats to SMBs.

Many business owners today have a much better understanding of proper security posture for their business, and they are looking for guidance from MSPs for this. There has never been a more important time to keep cyber hygiene at the forefront. Addressing the basics helps prevent cyber-attacks. Many times, the stumbling block can be the investment that may be required to come up to “par” with regard to a minimum standard of security and risk mitigation. MSPs need to be able to educate and project plan the correct process to move these customers to a more secure engagement. Companies need guidance and education and then to be able to disseminate it down to their own organization and users to ensure coverage and buy-in. Security is a partnership, not a one-way street.

Let’s look at the CISOs and infosec teams. They suffered heavy burnout during the pandemic. What’s the current situation? Today, what are the main challenges that CISOs have to deal with? Is there a lack of enough skillful people in this field? Which kind of organizations suffer the most (in terms of size, in terms of industry)?

CISOs need to continue looking to the future to ensure the right security measures that mitigate against both today’s and tomorrow’s threats are in place for both their company and their customers. Attacks are more sophisticated than ever, so to stay ahead of the curve it’s great to see people put competition aside and work together to fight our common enemy. I think it’s necessary for all of us to learn from each other. The skills shortage is affecting everybody but here at N-able, we’re tackling it by creating a company culture that people find inviting. People will only stay if there’s a good career ladder that means people can grow and find success within an organization. Making sure people grow within the organization and giving them a clear career path helps us fill those roles rather than waiting for the right people who want to move roles.

Managed services are supposed to offload much of the routine tasks infosec teams deal with. In reality, many infosec experts are afraid that managed services will take away their job. What is the reality?

There are several factors businesses consider when making decisions on whether or not to outsource IT and IT security to an external provider. Most of them can be summarized in three big groups – the cost of outsourcing compared to the cost of internal IT, the ability of the MSP to do a good job of taking care of the current IT setup, and the readiness of the MSP to support planned growth and transformation.

In all three areas, MSPs are pacing much faster than internal IT teams. According to recent studies US companies are seeing a decrease in IT spending by nearly 25% after outsourcing their IT to MSPs. In Europe that saving might be not as significant yet, but a raise in salaries, growth of IT complexity, and increase of MSP efficiency drive it higher each year.

It is hard to compare the level of professional expertise of an MSP and internal IT in each particular case, but if we look at the trends, it is clear that the MSP community grows its skills and abilities much faster than internal IT security organizations due to a sharper focus and the nature of the business model.

And as for the ability to support transformation, MSPs can be good partners in supporting changes, but also trusted advisors driving those changes based on broad industry experience. If the right MSP is chosen, of course.

And therefore, even though I can’t say that tomorrow all or even the majority of customers will get rid of internal IT security people in favor of MSP services, the number of such customers in my opinion will definitely grow.

To start partnering with an MSP, how should companies assess and plan for such a partnership? What aspects should they evaluate? What considerations should they make?

Companies choose MSPs for long-term relationships, that’s why it is important to do some homework before getting into a partnership to make sure that “marriage” doesn’t fall apart halfway.

Businesses should start by evaluating and documenting their internal processes and workflows to make sure future MSP partners understand key bottlenecks, pain points, and areas for improvement. In addition to drawing a picture of the current state of the company, businesses need to clearly define their business goals and vision for their company for the next several years, as the MSP needs to be prepared to support those changes and drive them from the IT side. Finally, businesses need to define how the responsibilities between MSP and internal IT are going to be split and where the borderline is. All those things will help to be prepared for cooperation with the MSP, but also to choose the right MSP, as someone not prepared to discuss the partnership in such terms and details would not be the right fit.

Some years ago ERP systems were becoming common and ERP companies were telling businesses, “you must re-engineer your business processes in order to implement an ERP”. Today, with security-managed services, should organizations re-engineer their security practices?

Adapting business practices and processes towards IT security requirements is a general trend related to the increased reliance of business on IT from one side and growth of IT threats from the other. Today it is internal IT organizations who provide the input based on IT security best practices and evolving regulations, tomorrow it can be the MSP, but the result is the same – if businesses want to minimize risks and stay on top of technology, they need to follow recommendations of professionals who spend hours every day studying best practices and new tools, no matter where these professionals work – Inside the organization or in the MSP company.

 What mistakes should organizations avoid when choosing an MSP?

The topic of choosing the right MSP for your business deserves a stand along the lengthy article. Generally, most of the best MSPs have a lot in common – they offer completely managed services, can describe their scope of work and boundaries of responsibility in detail, and talk mostly about their processes rather than underlying technologies. And they have a large pool of satisfied customers that are ready to provide references.

But the trick is to choose not just a “good” MSP, but the one who is the best fit for the customer. And the biggest mistake business can make here is not doing their homework on identifying what exact risks and pain points they want to target and thus not matching them with the MSPs’ skills and abilities.

Are you working in a regulated industry such as healthcare? Make sure the MSP understands regulatory requirements and practices and has customers with similar needs. Is your business highly dependent on the uptime of your infrastructure? Check SLA conditions and avoid MSPs offering break/fix type of contracts. Do you work with large amounts of sensitive data? Ask about backup frequency and its rollback procedure.

While more and more organizations are choosing MSP partners (in terms of IT security), MSPs themselves are increasingly becoming a target for bad actors. How do MSPs address this trend?

Unfortunately, nobody can feel completely safe in the modern world of constantly growing and evolving cyber threats. The advantage MSPs have is a level of awareness growing from constant exposure to real incidents and their consequences. Every day they have to deal with malware, phishing, DOS, and insider attacks and they know how real those threats are and what the price of being careless, uneducated, and unprepared can be. According to statistics, about 60% of SMB companies go out of business within 6 months of experiencing a cyber-attack. For MSPs that percentage is expected to be even higher.

So there is no choice for MSPs – If they want to stay in business they must grow their expertise and use it to protect themselves first. And MSPs know that.

No provider can offer good security services without having the “right” people. How do you at N-able care about your employees? How do you keep them happy with the job, motivated, and energized?

At N-able, we pride ourselves on creating a world-class culture where people are the center of everything. We know that when we take care of our N-ablites (our name for N-able employees), they will be able to bring their best energy to work every day and focus their time and attention on supporting our customers. At N-able, our People Team intentionally maps out the defining moments of our employee lifecycle and set out how our values support each step of that journey. From attracting and hiring to onboarding and integration to engagement and belonging, our core values serve as our guiding principles and help drive our decisions and actions for everything we do.

___

If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 on the basis of marketing materials provided by our partners/vendors.

Follow us to learn more

CONTACT US

Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

13 + 4 =