A recent survey revealed that 97% of MSPs are worried they could suffer a security breach that would compromise a client’s infrastructure (*Vanson Bourne, ‘MSPs speak: cyber security and the future role of the MSP’, 2021) and the same survey showed that only 2% of MSPs said they were not struggling with any cybersecurity backup and/or disaster recovery challenges as a result of the rise of remote work.
As demonstrated by the Solarwinds attack, and more recently Log4J vulnerability, products which MSPs install into their client’s infrastructure, which are then exploited, can cause all the
clients to be vulnerable to attack. It is crucial therefore that MSPs thoroughly assess the protections that their vendors have in place. The National Cyber Security Centre have a 12-step approach to assess your supply chain to help understand the risks, establish control and continuously improve cyber security.
49% of MSPs admit that their clients do not completely trust the security of the services their organisation provide, with 53% of MSPs not trusting their vendors the currently use*. Lack of trust has massive implications for a customer-based business. If your clients don’t trust you then why would they stay with you? But how can you build trust?
Only 1% of MSPs didn’t have to raise costs due to the increased remote working, but 71% struggled to demonstrate the value of the cost increase. Businesses don’t want to pay more for services they don’t understand and let’s face it some of them can’t afford it. There is a wide range of free tools and services that you could offer to clients to add value, without cost. For example, Police CyberAlarm is a free tool which monitors incoming threats to a network, and the NCSC’s Logging Made Easy monitors internal network traffic. For those companies with tight budget this might be a way of offering increased security without the associated price tag. You can find some more free tools on the ECRC website.
Average number of Saas tools in a company = 14, number managed by the MSPs = 58%*. That would suggest there could be substantial blind spots on your clients’ networks, which you are unable to protect. Conversations about how MSPs can be a benefit in terms of managing licences, onboarding, security and performance of SaaS might be required. At the very least, you need to have a clear understanding with your client about liability and risk.
The National Cyber Security Service (NCSC) have created a Cyber Assessment Framework (CAF) which the DCMS are considering asking MSPs to adhere to. Under this new policy, MSPs would need to demonstrate wide security knowledge across identity and access management, through to more advanced measures such as proactive security monitoring and discovery. Although this is unlikely to be made in legislation this year, thinking about how your company can implement these now means that you won’t be panicking in the future.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Click to Open Code Editor