If you’ve been in the tech space long enough, you know that when something tech leaps across the chasm and becomes big, you’d better strap yourself in because it’s gonna be a hell of a ride. MSPs have ridden—indeed, are still riding—many adoption waves over these past decades. Some are foundational transformations like analog-to-digital or the embrace of all things cloud. Others are tied to more nuanced services like unified communications, SD-WAN or today, cyber resilience.
That last bit—cyber resilience—is the one that’s not like the others, though, isn’t it? Unlike technologies that drive improvements in cost or productivity or simply offer a better mousetrap, demand for cyber resilience services is a direct response to threats against your customers. It is a growing—no, booming—threat on the other side of the good guy/bad guy divide that’s an enormous growth industry unto itself. Cybercrime is a massive and massively growing industry. (And to think that some people peg behavior on Twitter as the worst part of online anonymity…)
And like all things tech, it’s evolving fast, too. Note the following:
- Ransomware is getting worse. We’ve covered why in depth here[CF3], but the long and the short of it is that Ransomware as a Service has brought low-end players into the game, and businesses can’t trust that, even if they do pay up, they’ll regain access to their systems and data.
- Phishing is getting worse. We touched on it here, noting that the Anti-Phishing Working Group recorded a record million+ attacks in the first quarter of this year, including more than 380,000 in March alone. For perspective, phishing was already the most dominant digital crime by 2020, when there were less than a quarter-million attacks over the entire year.
- Global threats are getting worse. Threats from Russia and the Commonwealth of Independent States are well known, but two of the biggest breaches so far this year came from China and North Korea.
It’s About Resilience, Not Just Security
All of this adds up to a hodgepodge of threats from bad actors all over the world with varied motivations. And while it’s true on the one hand that these threats create an opportunity for you to grow your MSP in the security realm, it’s also true that few clients are doing enough to protect themselves—particularly when it comes to backup-and-restore routines. Here are three simple talking points to help you nudge your clients toward more layers in the back half of this year.
- Threats are worse than ever. Remember when phishing became the dominant form of cybercrime in 2020? There were more attacks in March of this year than in all of 2020. Ransomware is also omnipresent, but it’s now a flip of the coin whether you’ll get your systems and data back if you pay up.
- They’re also unpredictable. You never know where the next big threat will emerge. Geographically speaking, major cyber incidents this year have come from China, North Korea and the United States. Cybersecurity and Infrastructure Security Agency (CISA) has warned businesses about increased risks from Russia. Operationally speaking, breaches so far this year have come from old-fashioned tactics like credentials stuffing and insider threats like disgruntled former employees.
- You need resilience, not just security. Security is essential but given all the attack vectors coming at your company—externally and internally—we need to plan for a successful attack. With the right planning, you can not only survive an attack but weather one without hurting your production.
- You can’t wait until 2023 to do more. Threats are evolving fast. Adding new layers of resistance as part of an annual software review is better than doing nothing, but the bad guys aren’t waiting until Jan. 1 to attack. We should add more protection now, even if it means we need to get creative about finding room from other places in your budget.
And don’t forget to turn to your provider partner for help. If they’ve got their act together, they’ll have resources you can leverage—from sales materials to cyber resilience planning and sales engineering—as you encourage your clients to take some mid-year resilience steps.