Many people hope that, by the end of 2021, we will look back on this year with fonder memories than the previous one. However, we shouldn’t overlook potential peril for MSPs and other cybersecurity stakeholders.
Last year, we witnessed an enormous amount of stress and disruption to the IT community. For the most part, MSPs, as guardians of data and networks, rose to the occasion and performed very well in uncharted waters. Hackers and malware, though, don’t adhere to the calendar, which means some of the same challenges experienced in 2020 will be battled in 2021. This time, however, everyone has the benefit of preparation and perspective.
Matt Klein, owner of Charleston, South Carolina-based Big Fly Consulting, spoke with Smarter MSP about some of the cybersecurity challenges already looming on the horizon in 2021.
Client attitudes border on apathy towards cybersecurity
One of the biggest dangers, interestingly enough, has nothing to do with patching or sandboxing. Instead, Klein says among the gravest cybersecurity threats in 2021 will be apathy. Oddly, Klein points to the constant drumbeat of headlines about companies being breached is leading to virtual apathy, as opposed to greater vigilance.
“Why do we need to hire people or spend money when we will eventually just get hacked anyway?” he often hears.
Klein advises that while this is the prevailing attitude, the behavior must be curbed because “it is a dangerous way to think for business leaders.” Lack of investment leads to more vulnerability.
This is especially true for SMBs, which often lack top-flight cybersecurity resources but are just as vulnerable as big corporations. SMBs provide a chance for MSPs to show their value, and that top-notch cybersecurity can be had on a scalable, economically sound level. Klein says he tries to work under the assumption that every business will experience a breach in the future.
“The better you prepare for that, the better you keep your business running,” Klein adds. And this is especially important with regulated businesses, such as those in healthcare and finance. “When in a regulated industry, the better prepared you are to respond to legal challenge and litigation, the better off you will be,” Klein says, adding that most businesses need to be able to prove all measures being taken are reasonable and customary to protect the organization and data. Which all circles back to combatting apathy.
Klein points out that communication is key between security stakeholders and clients to combat apathy and keep everyone vigilant.
“The conversation with customers and clients must be centered on having reasonable protections, reasonable methods to detect when bad things happen, and reasonable processes to respond to a bad thing when it happens,” Klein advises, adding that the conversation should be all-encompassing so that it starts to take on elements of business continuity and resilience, instead of being purely a cyber conversation.
Lack of skilled security personnel
“The shortage of skilled cybersecurity experts is acute and growing,” Klein says, adding that for many young IT professionals, there continues to be no clear path to advance within the industry, and this ultimately poses a systemic risk.
“Some believe practical experience is what you need to be successful. Some believe a Ph.D. will lead you to a great career. The truth is somewhere in between, and we continue to lack the structure to guide our next generation cyber folks towards the skills needed to be successful in cyber,” Klein states. Because of the thin IT talent pool, CISOs are being drawn into more business roles when scanning for hacker intrusions.
Another challenge for MSPs and others in 2021 is simply the torrent of technology flooding the market. Wait, aren’t all the new, high-tech software programs and gadgets a good thing? Yes and no, Klein answers. If all the latest stuff causes cybersecurity professionals to skimp on the basics (patching!), then all the algorithms in the world won’t keep your client safe.
“If those basic concepts of least privilege, secure configuration management, patching, keeping technology current or appropriately securing end of life and unsupported technology, etc., are not done reasonably well, the next shiny object tech will not significantly help you secure your environment,” Klein advises.
Klein adds that even with constantly evolving and advancing software and services, skilled IT personnel are still needed to interpret data and implement the protections.
“Great, you bought the next new best cyber tech thingy. And then you implement it 25% because you do not have the talent to truly understand how to operate the capabilities,” Klein says.
As 2021 ramps up, MSPs need to be having conversations, staying on top of the basics, and not getting overly mesmerized by new technology without the staff to operate it.
Be sure to join Kevin’s upcoming webinar on the cybersecurity laws that MSPs should be aware of.
Photo: Natnan Srisuwan / Shutterstock