On December 9th, we teamed up with DNSFilter to talk about the weakest link in cybersecurity: humans.
That shouldn't come as much of a shock. After all, we are the ones who reuse weak passwords, unknowingly download malicious files, and submit our credit card details where we shouldn’t. Are we distracted? Are we unaware? Are we careless? Probably a little bit of each.
Then there's the fact that cybercriminals have only become more creative and more aggressive in their ongoing quest to get ahold of the sensitive information of users and companies, taking advantage of the recent pandemic-driven shift to digital. We've become so predictable in our online behavior and so reliant on a specific set of tools, that we’ve created digital playgrounds for them to run wild in.
Throwing solutions at the problem
A history of data breaches across the Channel has proven that MSPs are at a great risk of cyberattacks. After all, successfully compromising an MSP enables a hacker to reach all of its customers. Jackpot!
This has ignited a strong push within the MSP community to adopt and resell security solutions to clients, like anti-phishing, password & 2FA management, and malware protection. The portfolios of MSPs are slowly growing to become more security-centric, turning them into MSSPs over time.
But does this address the issue?
MSPs are working tirelessly to deliver these solutions to their clients, and yet, according to Datto’s 2020 Global State of the Channel Ransomware Report, 84% of MSPs are "very concerned" about ransomware, although only 30% report that their clients feel the same.
If clients don’t feel threatened, will they really change the way they've always browsed online and adopt these solutions to ensure safe online practices across their organizations and at the individual level? The answer is obvious.
A mandatory mindset and behavioral shift
Solutions can only protect MSPs and their clients to a certain extent. A determined user will still find a way to visit malicious webpages, share passwords insecurely, and partake in all sorts of risky online behavior that would make any security-conscious person cringe. Sure having the right solutions in place makes it a tad more difficult, but it will never be impossible.
This further reinforces the point that it is not enough to "throw solutions" at the problem. Security solutions should be an extension of security-conscious users, not a replacement for them.
MSPs should not have to struggle to resell security solutions to their clients. SMBs should demand security solutions from their managed service providers, and should not settle for anything less.
It is our job, as security vendors and MSPs, to help SMBs see the magnitude of the risk. It will require a comprehensive approach, targeting their intellect and emotion through case studies, thought leadership content, surveys, statistics, training sessions, webinars, and more.
A nuanced approach
One of the problems we will face in educating the SMB community may seem counterintuitive. There is a lot of news coverage at the moment around the “Sunburst” cyber attacks on the US government. MSPs may look at this and try to convince their clients that if it could happen to the US government, with their infinite resources, then it could happen to them too.
However, their response to that might be: if the US government's infinite resources couldn't prevent them from getting hacked, how could paying you $3 per user do any better?
This is where the discussion will need to be a little more nuanced. We may not be able to offer total protection to the wider SMB community, but what we can do is help educate them about the risks and deploy tools that can help them be a little bit safer.
Here at MYKI, we’re available to provide your team and clients with training sessions on poor password practices, the risks faced, and the benefits of implementing a password management solution. Book a free consultation now to see how we can help.