If there is one phrase that encompasses 2020, it is, “expect the unexpected.” Or maybe it’s “prepare for the worst.” Or possibly, “Oy vey.” OK, there are actually quite a few phrases that encompass 2020, and many of them aren’t fit to be printed. The point is, 2020 keeps throwing new things at us, and the best any of us can do is prepare for the worst and hope for … something less than the worst.
One area in which this is particularly true is cybersecurity, which was already an area of peak concern for pretty much anyone who ever used the internet. But of course, 2020 kicked things up a notch with the COVID-19 pandemic and the ways that created an even more dangerous cybersecurity landscape. Because if there is one universal truth, it’s that if there is a crisis, there will be someone willing and able to take advantage of it. That certainly held true for hackers and other cybercriminals, who immediately jumped on the poorly secured connections used by remote workers, the distracted and overwhelmed healthcare industry, and a general population that was suddenly ultra-reliant on technology for communication, entertainment, medical care – almost everything.
If there is a bright side to all of this, it is that cybersecurity products and services became even more in demand than they were previously. For imaging channel dealers and service providers, it created additional opportunity in a market in which the need for office print suddenly took a nosedive. In a BPO Media survey of dealers in April 2020, network security was the top product category respondents wanted to add, up from the fourth-place spot in a survey fielded just a few months prior – pre-COVID.
Here’s the really good news for dealers – the desire for cybersecurity has also increased among SMBs. ConnectWise commissioned a survey by independent technology market research firm Vanson Bourne, carried out between June and July 2020. They interviewed 700 IT and business decision-makers with involvement in cybersecurity in their organizations, the bulk of whom were in the U.S. with the rest divided between the UK, Canada, Australia and New Zealand. The organizations had between 10 and 1,000 employees and represented a wide range of sectors. The data was bumped up against the 2019 survey and while there was increased interest in cybersecurity, the difference was not large, proving that the desire for security solutions has been around for a while. The need, however, has become more urgent.
Let’s look at some of the most important news for dealers. In the ConnectWise survey, 86% of SMBs said cybersecurity was one of the top five priorities for their organization, with 38% saying it was the top priority. They are worried about cyberattacks – 77% of SMBs were worried they would be the target of an attack in the next six months, and 73% were planning to invest either “more” or “much more” in cybersecurity in the next 12 months. And yet, more than half – 52% – said they lack the in-house skills necessary to deal with cybersecurity issues, 57% do not have specific cybersecurity experts in their organization, and 59% believe either all or a majority of their cybersecurity needs would be outsourced in five years, although only 43% currently outsource. Do you smell opportunity? Most of the respondents said they would consider using an IT service or moving to a new one if it was the “right” solution. What is “right”? 68% said it meant they had confidence in the provider’s ability to respond to security incidents. And finally, they would be willing to pay up to 30% more for that “right” solution.
Why did COVID-19 increase cybersecurity threats and the need for solutions? The sudden move to remote work was a big driver, particularly among SMBs. When “safer-at-home” orders were enacted in the spring, it was SMBs that were really caught unprepared. While larger enterprises were more likely to have workers in multiple locations and in many cases had enterprise-grade, properly configured VPNs already in place (although this was certainly not true for all of them), SMBs didn’t always have the tools needed to securely equip employees to work remotely.
“With the SMBs, 79% of them said they were worried about their remote devices and remote employees being breached,” said Jay Ryerse, who is vice president of cybersecurity initiatives for ConnectWise. “When your workforce was primarily behind your firewall, the challenges were very different than they are today when your workforce is all over town.”
The need to secure remote employees is going to continue, even as some offices begin re-opening and employees slowly return. Many offices are working on staggered models, meaning only some employees are in the office on certain days while others work from home. Others are embracing a fully remote workforce – some notable big-tech players like Facebook and Google led the way, and many others are following their lead. In the ConnectWise survey, 42% of SMBs said that the reason they were investing more in cybersecurity was that they had more employees working remotely, and, on average, 33% of their workforces would be fully remote in 12 months’ time.
Dealers can offer cybersecurity, but should they?
Suddenly there was a big demand for solutions – and a big opportunity for dealers who could provide those solutions. But what about dealers that don’t offer managed IT? There are usually a lot of mixed feelings about doing so. While more than half of dealers in the BPO survey already offer managed IT, 42% of those who don’t said they were currently exploring it, which was essentially the same as the numbers from the pre-COVID surveys. Of those who weren’t exploring it, a quarter weren’t interested, and another 13% said it was too difficult. A lot of the uncertainty is around exactly how to implement a solution, raising the old “build, buy, or partner” question. Of those who currently offer managed IT solutions, more than half built them in-house, while the rest either acquired an IT firm or partnered with a managed IT provider.
But do you have to have a managed IT offering to provide cybersecurity services? The truth is, by default, dealers are already working on networks anyway, so it’s not as much of a leap as you might think.
“What I’ve learned from working with dealers is that they’ve all got talented network engineers on staff,” says Ryerse. “They’ve got people designing the network, figuring out how they’re going to plug in the office equipment, setting up the VLANs – all the technical things necessary to a deployment. And quite often they get into an environment and find that the existing MSP that’s providing services doesn’t even have the talent to keep up with that type of technology.”
It’s an easy shift at that point, Ryerse feels – and of course, he’s an advocate of the “partner” piece of the “build, buy or partner” equation. “If the dealer partners with someone to deliver the background help desk, the NOC services, the security operations services, then they can come out of the box and be delivering managed IT and managed security without having to scale expertise.” The exception to that, he notes, is on the sales side, where there is some need for education on how it fits in. But once that happens, “we’ve seen dealers who have skyrocketed their managed services. It really probably has saved their business or put them in a position to continue to accelerate during the COVID era.”
Education is important, but it’s got to be the right education. Ryerse says ConnectWise offers solutions for its partners in the form of education for engineers, salespeople and owners. New this year is what they call “MSP plus cybersecurity framework,” which takes all the different frameworks for cybersecurity and puts them into a language dealers can understand – how to implement security, what good security looks like, and so on. It’s ideal for dealers, he says, who are used to having conversations around solutions. “Dealers are well-positioned to have that conversation because it’s the same conversation they’ve been having with their clients for 10 years or more,” he says. “In the MSP world they’re learning to speak to risk, but have been heavily focused on product – and so having to pivot that conversation is a bit of an uphill climb, whereas, with dealers, it’s already part of an ingrained motion they do with their clients.”
Let’s say you’re a dealer who has print devices on an SMB’s network, seen what else is running on the network and how it’s set up, and see an opportunity. What’s the next step? “I’d start by actually sitting down with the business owner and understanding where the key assets are in the environment,” Ryerse says. “You have to assess risk first, so if the key data is in a server in the office, or some servers and some cloud, we have to look at how those connections are currently secured, and what that third-party solution provider has in place. Then, focus on what the biggest impact to their business would be and solve for that problem.” It certainly sounds like a conversation dealers are accustomed to having.
Risk versus opportunity
Risk, however, is often, what holds providers back from engaging in security services – the idea of being held liable for any damage incurred in an attack is alarming. It’s not an unwarranted concern – the ConnectWise survey shows the average cost of an attack has increased nearly 16% from last year, to $58,902. The larger the business, the more significant it becomes. The Ponemon Institute’s “Cost of a Data Breach” report, a standard in the security industry, reports the global average cost of a data breach in 2020 is $3.86 million. Ouch.
In this year’s survey, ConnectWise reported 56% of SMBs would hold both their provider and themselves accountable in the event of a cyberattack – that’s actually an improvement over last year, when 33% said they would hold their MSP solely accountable, a number that dipped to 24% this year. It still sounds a little scary, but while no security solution is completely foolproof, the right combination of expertise, product, and awareness training for the customer can help minimize it. It’s just another equation dealers need to keep in mind.
Do the benefits outweigh the risks? Each dealer must answer that question for themselves, of course, but there is plenty of data to consider when doing a risk/benefit analysis. Let’s get back to that statistic from earlier in this article, where – 59% of SMBs predict either all or most cybersecurity activities will be outsourced in five years, but only 43% currently do so. That leaves a lot of SMBs looking for outsourcing partners. And there are plenty of conversation openers for the dealers working on the networks. SMBs that don’t currently partner with an MSP are less likely to have many essential security protections in place – advanced endpoint protection, advanced network protection, and security awareness training, to name a few.
SMBs want a partner. Dealers want more business. SMBs have security needs. Dealers have access to SMBs’ networks and the ability to assess issues. While managed IT may not be the right solution for every dealer seeking new opportunities, it’s certainly one worth exploring for many.