Why Businesses Keep Losing the War on Cyber Terror: Part 1

Are MSPs a Weak Link in Cybersecurity?

MSPs should be on top of the world. Even through a pandemic, economic downturn and stifling inflation, the majority of MSPs were able to increase revenues in 2021 and 2022 looks even stronger, as reported by Channel Futures regarding Wingman’s 2022 MSP Growth Survey.

As the industry continues to consolidate, MSP acquisitions increased from 23 transactions in 2017 to 78 in 2021, with private equity deal volume increasing 390% in that timeframe (from 10 private equity deals in 2017 to 49 in 2021, based on MSP Insights).

However, at the same time, more than 75% of MSPs say their current workload is at or over capacity. More than 50% of MSPs say their pipelines will support them for less than six months and 40% express concern that their workload impedes finding new business.

Is it any wonder, then, that CISA and cybersecurity allies across the globe released a joint advisory earlier this year warning of increases in malicious cyber activity targeting MSPs, along with very basic cybersecurity recommendations for MSPs to implement? Threat actors know MSPs are vulnerable and provide access to multiple victim networks that they can exploit on a global scale.

But threat actors aren’t the only ones taking advantage of MSPs. Traditional vendors are taking advantage of MSPs by focusing on fear and distrust to turn a quick profit instead of solving industry problems.

“Where there’s mystery, there’s margin.” 

 MDR/XDR vendor at a recent MSP tradeshow

When it comes to vendors who encourage a sales culture based on mystery, the only thing separating them from threat actors is that we know the vendor’s identity. And MSPs that are seduced into following the “(sl)easy” money are betraying the trust of their clients and deserve to be replaced. Given that recent data has identified 80% of MSP customers are looking to replace their MSP within the next year (Channel Insider), that’s probably happening sooner rather than later.

The business practices I have described here should make any service-oriented organization angry! But it’s not just blatantly predatory sales tactics that continue to erode the foundation of security for businesses using MSPs. There are deeply rooted issues that need addressing. In this blog series, I’m going to boldly ask for your help in doing so.

If you’re an MSP, take a second to think about how many companies are trying to sell you cybersecurity products with the assumption that this will help you expand your offerings for your clients. Makes sense on the surface, right? We know that cybersecurity is the number one, most important, top-of-mind pressing IT issue facing businesses of all sizes right now, period. It’s influencing the overall cost of doing business, overwhelming already understaffed and overworked IT teams, and keeping worried C-suite execs up at night.

Take A Minute to Critically Think

Industry leaders from across the nation will gather October 30 – November 2 in Miami for the MSP Summit. Let me ask you these questions as you prepare to attend (or think about a recent MSP show you’ve attended):

  • Count all the cybersecurity products you’re being sold. At a high level, what are they trying to accomplish and how?
  • Why, if we have all these wonderful individual products and technologies, do we keep losing this most important war?

In Part 2 of Why Businesses Continue Losing the War on Cyber Terror, I’ll dive further into how we got to this point. Stay tuned.

Before I get too much hate mail, I’m not a fan of bringing problems without solutions. So Part 3 of this series will bring everything together. It will discuss how we can begin to approach this challenge differently, change the narrative, and start winning the war on cyber terror from a business perspective. Spoiler alert: Ostra Cybersecurity (my employer) is not the be-all, end-all solution; it cannot be done by any one company alone.

Before signing off, I encourage you to attend the MSP Summit. It’s a great time to hear from innovative leaders and catch up with colleagues in the managed services space—and don’t forget to stop by Ostra at Booth #309 and say hello if you’re in the neighborhood.

Until next time… I’ll leave you with a few simple challenges. Be skeptical of mysteries. Think clearly. And let’s get ready to shake things up and start winning the war on cyber terror.