Ian Thornton-Trump, chief information security officer at Cyjax Ltd, stressed one of the biggest obstacles MSPs are facing is not even security related, but is in fact balancing the books.
“MSP risk is so much bigger than cyber this and cyber that. Your business operation is part of the risk—not having enough money to pay your people for example. Cashflow is the one thing you are going to have to manage in your business,” he said to a packed session at the CompTIA EMEA Member and Partner Conference. “The climate is rapidly becoming more unforgiving,” he warned, outlining some key challenges every MSP business is facing right now.
Related: Get more information on MSP best practices in the 2024 State of the Channel report.
Toxic Employees
Take care when hiring—you are always one toxic employee away from problems. Make sure you have employee contracts that make employee behaviour specific and have an employee handbook. And have HR on speed dial, he said.
Toxic Customers
“You are one bad customer away from losing that vibe,” Thornton-Trump said. “Sometimes it is easier to let that customer go to the competition if they are that difficult.” He added that if a customer is impacting the work/life balance of your staff, or even impacting the service provided to other customers, then it is time for them to go.
MSP Plus ‘S’ (Security)
It has almost been a case of adopt security or die for many MSPs over the past few years, Thornton-Trump explained. The threat landscape is getting more complicated, and customers now just expect security. But many want it for free, and don’t realise it comes at a cost.
Physical and Mental Toll
People working in IT, particularly business owners, are probably not looking after themselves well enough, especially when they reach a certain age. But it is time to start looking after themselves—slow down, get an apprentice, think about passing the torch. Get your house in order. Without MSP profit, there is no MSP security. “We have to start thinking about what is our exit strategy? Do we want to become part of a global organisation, or to run a lifestyle business?” Thornton-Trump said.
Legacy Tech
Legacy technology in the SMB space is like it from Mars, Thornton-Trump said. It becomes harder to support, and the consequences are worse if it fails. Beige has to go! Often customers don’t even know some technology is still there. You have to battle to bring that customer up to standard. “Nobody wants to deal with legacy stuff anymore,” he added.
Thornton-Trump used the final part of his session to outline the importance for MSPs to construct a proper cybersecurity threat model.
“We have gotten a lot better at dealing with malware, causing the cybercriminals to pivot to social engineering scams,” he warned. “You have to figure out the right threat model [for you and your customers].”
Deter Cybercriminals
Know what you are doing and be able to prove it through certification and experience. This is where specialisation and training are critical, he said.
Disrupt the Cybercriminals
Make stolen credentials worthless to the threat actors. For example, is multi-factor authentication (MFA) ubiquitous in an organisation—both yours and your customers? he asked. “Is their leavers and joiners process automated? Do you have a ‘least privilege’ policy? Is privileged access monitored and controlled? Is MFA mandatory for third party vendors in master service agreements?”
Degrade Cybercriminals
Hacking is more than just a crime. Reduce the attack surface. Is the system/service still needed? Is the system/service venerable or critical? Should the system/service be public? What is the business justification for exposure? Did anything change?
Destroy Cybercriminals
“Let’s make the cost of cybercrime go up for cybercriminals as much as we can. Let’s find them and destroy them,” Thornton-Trump said.
How do we do that? He stressed the importance of collaborating with MSP peers and sharing information. “Get help from the community, don’t pay ransoms and report cybercrime,” he said.
Start sharing information.
Add CompTIA to your favorite RSS reader
