Adding cybersecurity services: 5 things MSPs need to know
Security is the bane of businesses large and small. Their main goal, typically, is developing, marketing and selling products. They initiate IT programs to build systems and applications to digitally transform and boost efficiency to support this. Yet, such benefits are often submerged under an avalanche of security threats. They find themselves jumping from firestorm to cybersecurity firestorm.
That’s why there is so much interest in handing off security duties to MSPs. Those already in the MSP business for areas such as backup, data protection and help desk are increasingly being asked to augment those services with various security safeguards. In many cases, this may lie outside the MSP’s comfort zone. However, failure to offer such services could result in losing customers to another provider more willing to address cyber threats.
Phishing simulations & training
The tips below will help you add services such as ransomware protection, encryption, threat detection/hunting, managed detected and response (MDR), security information and event monitoring (SIEM), access controls, patch management and security awareness training in a smooth, efficient and cost-effective manner.
1. Partner for success
How can an MSP without a strong security background hope to compete with the big names in security, many of which have launched their own managed security services? By partnering with security specialists that offer plug-and-play security services, the MSP can fold into their own offerings.
Some IT and security vendors provide these services at a big enough discount to MSPs to make it profitable to deliver them to others. Instead of building the service, the MSP rebrands a security service from an established IT security firm. Thus, an MSP in the telecommunication sector, for instance, can add security training or ransomware protection to supplement its existing VoIP, networking and desktop-as-a-service offerings.
Take the case of H2Cyber, a cybersecurity executive management firm offering virtual Chief Information Security Officer (vCISO) services and cybersecurity and risk management. The company also offers white-labeled services for cybersecurity compliance, antivirus and cyber security services that come from a collection of other MSPs. Syxsense, for example, provides patch management and vulnerability scanning to remediate software and OS vulnerabilities.
“We partnered with a vendor that can automatically patch Windows, Linux and Apple systems, as well as vulnerability scanning of our systems,” said Paul Horn, founder and CEO of H2Cyber.
2. Focus on your strengths
The MSP market has grown up so fast because traditional IT and security vendors are better at selling hardware and software, not in servicing customers. Some may have recently entered the MSP space, but they rarely excel there.
The entire MSP business model, on the other hand, is based on being good at dealing with customer service, IT support and looking after the diverse needs of organizations. Increasingly, this skill is called upon by customers who want the MSP to be the intermediary between a large vendor ecosystem and the services they need.
“Our customers want to know what works; they don’t have time to research and evaluate the different solutions out there, so they expect us to find the best MSP services that they need,” said Horn.
Phishing simulations & training
3. Stick to your niche
MSPs often spring up to service certain types of business, geographies or verticals such as financial services or education. Fast service, responsive support and a caring attitude toward the needs of a specific market niche distinguish the MSP from tech vendors and the mega-service providers that attempt to serve everyone.
Equity Methods, for example, operate in a niche within financial services known as equity compensation. It has assembled a collection of tools from MSPs and security vendors that it can profitably offer to its own clients.
“Making sure phishing and spearphishing attempts are stopped before they make it into our inboxes is very important, especially as attackers are becoming increasingly sophisticated,” said Paul Leisey, CIO of Equity Methods. “We leverage the expertise of our partners to pick the right products with the right features for the right price so that we can offer them effectively and add value to our primary services.”
4. Avoid overselling
MSPs moving into managed security services should be realistic about their capabilities. It is best to choose a provider whereby MSPs can deal directly with simple, everyday issues and escalate real challenges to the actual software or service provider.
“The majority of our clients are in regulated industries and have unique business requirements,” said Adam Rusak, managing director of data center services MSP adryTech. “We often become an extension of their technology team.”
Phishing simulations & training
5. Turn inquiries into opportunities
Customers will inevitably ask MSPs what they are doing to protect their systems, defeat ransomware and make their users more aware of the dangers of malicious phishing links and attachments.
These customers already have a relationship with you as an MSP. In all likelihood, they would prefer to have you provide additional security services rather than dealing with another provider. Instead of fumbling such inquiries, turn them into upsell opportunities by having to hand a series of security offerings as part of your portfolio.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Adding cybersecurity services: 5 things MSPs need to know
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization