Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

August 8, 2024 | Todd Thorsen

5 New Findings Every MSP Needs to Know About the Endpoint Security Gap

Get valuable insights on managing cybersecurity for SMBs and learn how to build data protection policies that work.

Managing cybersecurity for small and midsize businesses (SMBs) often feels like you’re playing whack-a-mole. Many SMBs don’t have tightly defined procedures, so MSPs must build cybersecurity programs from scratch and respond to real-time threats. This lack of definition can have high stakes — about 40% of SMBs report losing critical data after a cyberattack.

Security requires careful thought, perhaps even more than what’s modeled in the wider industry. A recent study conducted by independent research firm TAG showed that even among CISOs and dedicated security teams, there’s a brewing crisis of confidence in their workday procedures for managing cybersecurity. About 93% are not sure their data protection policies are working.

The study unearthed several insights that MSPs should take to heart as cautionary tales when building cybersecurity programs for their SMB clients. By learning from these five gaps and pitfalls, MSPs can help keep their clients’ data safer — and protect their own reputations.

No. 1 There’s an Endpoint Data Protection Gap

Despite 93% of teams surveyed noting that they have policies or controls to protect their endpoint data, 71% of CISOs said they wouldn’t be surprised if they had a serious data breach on their company’s endpoints. This shows an alarming lack of confidence in the preventive controls in place for managing cybersecurity at these organizations. This means IT professionals aren’t even sure themselves that the steps they’re implementing to protect their data are even effective.

No. 2 More Tools Does Not Equal Less Risk

MSPs often showcase cybersecurity tools focused on detection and prevention to demonstrate their capabilities. That’s great, but cyber defense shouldn’t stop there.

Todd Thorsen of CrashPlan

Todd Thorsen

Most of the security teams surveyed have deployed tools designed to detect and prevent malware to help protect their data. Nevertheless, a key finding of the study was that most of the teams had not deployed effective endpoint data backup and recovery tools for data resilience — putting their data at risk of loss when terrible things happen. Processes and tools designed to detect and prevent don’t always work, and simply having more tools doesn’t always translate to risk reduction.

No. 3 Manual Policies Are Not Effective

How much does your client’s cybersecurity posture depend on individual employees complying with policies? TAG’s study shows that cybersecurity controls that are dependent on employees adhering to administrative or technical policies are not effective and can put critical organizational data at risk.

Most security professionals surveyed noted that policies play a significant role in their strategy to backup endpoint data. However, they also expressed serious doubt that these policies were effective for managing cybersecurity. Having known ineffective controls in place is a bad place to be for a security practitioner. That said, it represents an opportunity for MSPs to provide tools that support defense-in-depth and data resilience.

No. 4 Cloud Collaboration Tools Are Not Backup

Are you letting your SMB clients use cloud collaboration platforms (CCPs) for backup and recovery? While CCPs are great for sharing documents and editing in real time, the study found that many company teams are misusing these tools and relying on them for data backup and recovery. Unfortunately, they’re not designed to do that nor are they effective.

Instead, MSPs should educate their clients and ensure that the right tools are used for the right purposes and aligned with client risk tolerance. CCPs are great for collaboration, but they’re neither effective for data resilience nor recovery at scale across the organization.

No. 5 Businesses Are Overconfident in Their Data Recovery Abilities

MSPs should regularly test the tools and processes they have in place to protect their client’s data. TAG’s study found that while most security teams had protocols and tools to protect their data, almost none had been tested for effectiveness. Therefore, whatever confidence existed in these tools and procedures was based more on assumptions than reality.

The Answer Is Simple

Don’t put your clients’ data at risk. Advocate for strong data resilience and offer peace of mind with purpose-built endpoint data back-up and recovery tools.

MSPs have a responsibility to ensure that their clients’ cybersecurity postures are holistic and effective. It’s important to have defense-in-depth capabilities, and remember that tool misuse and policy-centric data resilience will not support holistic recovery in the event of an incident or breach.

Essentially, return to the fundamentals.


Todd Thorsen is chief information security officer of CrashPlan. With more than 15 years of information security experience across various disciplines, Thorsen has built and led security programs focused on global security operations, risk and compliance, incident response, resilience, and data protection.

Image: iStock

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience