What if the business’ security systems go down – and there isn’t the right internal knowledge or staff member to get things back up and running?
This could become a worrying reality or concern for organisations across the board, as the threat landscape continues to evolve on a daily basis, writes Riaan Badenhorst, GM of Kaspersky Lab Africa.
With increasingly high-profile breaches, ransomware strains and advanced threats hitting the news almost daily, companies need to ensure that they don’t become the latest victim of a cyberattack.
So, what’s the solution? One is to turn to a Managed Security Service Provider with security services (MSP) – an external provider that can give the business assistance, and thus peace of mind, in ensuring that their IT security is as strong as possible. In fact, the number of companies believing in the efficacy of managed security services is growing year on year – this figure is now up to 60%, compared to 56% last year.
Moreover, 42% of SMBs managed security services in the last year, as did 51% of enterprises. These companies have already woken up to the fact that using a managed service provider is in many instances an obvious solution to a company’s security requirements. But the stats also show us that not every company feels the same way. Yet.
Worryingly for the managed security services market, figures from Kaspersky Lab’s latest annual IT Security Risks survey[1] show that only 25% of businesses are planning to use MSPs in 2018 to tackle their IT security challenges, indicating that some companies still need to be convinced of the benefits of working with Managed Security Service Providers (MSSP).
Naturally, businesses need to weigh up the pros and cons of using a MSP to establish whether this solution is effective – and appropriate – for their organisation. The onus is therefore on the MSPs themselves to convince businesses that they can offer them the right solutions to their looming security challenges. And to do that, they need to understand the challenges businesses are up against.
So, let’s take a look at the situation from a business’s point of view. What do they perceive to be the pros and cons of working with MSPs?
What’s making businesses wary of MSPs?
When looking at what is turning businesses off from using MSPs, four main factors come into play. The first is the pricing of MSP services, which 29% of enterprises feel is too high.
For the 39% of SMBs who also agreed – the companies that likely require these services the most as they typically need to focus more on the business growth, and only on fostering internal cybersecurity expertise to some extent – they may struggle to find or justify the cost in securing this support.
The cost factor comes into play when also considering that, of the respondents not choosing to use an MSP, some don’t feel that they will become a target.
Globally, 19% of enterprises and 25% of SMBs feel confident that they won’t be the victim of a cyberattack. They say ignorance is bliss – but a hacked customer database, costly downtime and customer losses are all far from blissful. This situation is more likely for smaller, or newer, businesses that feel they’ll be overlooked in favour of bigger targets. But for these organisations – from family-run businesses to small but successful companies raised from the ground up – the risk of loss would be felt most. For owners and managers emotionally tied to their company, and those without the deep pockets that their bigger competitors own, they may be risking their business outright.
For companies who are only too aware of what a cyberattack could mean for their business – and customers – the cost becomes easier to swallow, but there’s a lack of trust when it comes to giving these external providers access their systems in order to safeguard them properly. 32% of SMBs and 35% of enterprises don’t want their security to rely on a third party – perhaps unsurprising, given the access that these external companies have to be given in order to do their jobs. Personal data, trade secrets and payment information are all at stake, so a business needs to be able to explicitly trust the provider in order to hand over the keys to its kingdom.
This mistrust can be further compounded by the notion that an MSP may be themselves exposed to breach or safety vulnerabilities – which may unsettle businesses particularly uncertain about their own IT security safety.
Some organisations are not feeling the industry-wide skills shortage as keenly as others, and already have adequate in-house resources to bridge the IT security gaps in their business – 31% of SMBs and 37% of enterprises feel that they already have sufficient resources to cover this need. However, this isn’t a permanent solution; as IT security professionals become more highly-sought, they could be tempted away to higher-profile firms by lucrative offers – whereas an ongoing MSP contract with strict SLAs ensures that a business’s security needs are covered at all times.
What MSPs can bring to the table
Despite all of this, there are plenty of reasons why businesses should be using MSPs to fulfil their IT security requirements.
The first – and perhaps biggest – benefit to companies is the cost-cutting solutions that a partnership can offer; 54% of enterprises view MSPs as a way of cutting their security-related costs, and 51% of SMBs feel the same.
For companies already spending extensively on full-time staff, rigorous protection measures and staff training/awareness (a figure that grows with each new employee), using an MSP could result in a reduction on up-front IT security spend. Thus, working with MSPs in this way brings with it the benefits synonymous with OpEx, and rather than businesses having to add to their capital expenditure, security can instead become an operational venture.
This, of course, makes it easier for businesses to invest in security services – a vital consideration when the costs associated with suffering a breach can severely hamper a company’s bottom line and affect its forecasts.
For companies worried about their IT security strength, an MSP Service Level Agreement (SLA) can provide a safety net, or comfort blanket, to guarantee a minimum level of safety. 42% of SMBs and 43% of enterprises want someone that can account for their security; knowing that this vital component of their business is being handled by an external provider can offer business owners and decision-makers peace of mind.
Outsourcing can also lead to a wider mindset change when it comes to farming out other aspects of the business’s IT requirements – given that the various in-house resources and skills required to oversee these can add up. Relying on external components for other aspects of a company can help an organisation pare back its resources so that it is running in a cost-effective manner – safeguarded by the professional expertise offered by MSPs. Indeed, 35% of SMBs and 41% of the enterprises in our study are looking to outsource all of their IT to a third-party provider, including security.
The most obvious advantage of using an MSP, however, is the fact that it can bridge a company’s IT security gap. 25% of enterprises and 28% of SMBs admitted that they don’t have the internal resources and expertise to provide a sufficient level of security. Not having the right knowledge or staff leaves businesses vulnerable and sourcing this expertise from a third-party supplier can ensure that an organisation’s needs are adequately covered.
Weighing it all up…
Weighing up these pros and cons is a difficult process for businesses, especially when it comes to keeping critical systems and highly sensitive information secure. The job of an MSP is to help them with this process, understand that prospective customers may feel concerns, and demonstrate ways to overcome these. Only then will MSPs be able to convince more businesses of the true benefits of their services, and help more companies avoid security problems in the future.