“I already pay you to manage my network. Why are my costs increasing?” As an MSP, this might be a sentiment you recognize. Clients that have been using your managed services for years do not understand why you need to re-evaluate the security stack that is included in your managed offering. When your client realizes this will impact their price, it is a resounding "No."
As an MSP, it is your job to continue to understand the threat landscape and provide the most effective and cost friendly protection available. As we know, security is ever changing. It is a losing game to expect a security stack created years ago to protect organizations today from the ever evolving techniques of hackers. Increasingly, SMBs, and the MSPs servicing them, are targets. You need to ensure you are protecting yourself and your clients as best you can.
Attackers work just like a business. Their goal is to be efficient. While they often will directly attack SMBs, they also look to access hundreds of clients through an MSP’s tools, such as an RMM, making their ROI for a single attack massive. As shown in this RDP compromise video, the attacker’s actions follow the mindset of “where do I go next” until they have access to not just one, but multiple users on the network.
To help SMB clients understand the risk and the best way to protect their organization, the answer is to educate. Depending on headlines of attacks to convince your prospects of the urgency is a common mistake. They’re always going to think, “this wouldn’t happen to me.” You have to show your clients the threats. By watching the tradecraft of a hacker in action, it makes it hard to deny that preventive security is simply not enough when it comes to evading attacks. It further highlights that as an MSP, you are doing your job by continuing to look for the best threat protection and detection in the market.
We have all been there, in the room, dozing off as we listen to a powerpoint presentation. Using a powerpoint deck — assuming your clients are able to stay awake — is not the best way to educate. At Huntress, we have spent time developing some tools that will help you effectively educate your clients on cybersecurity in a way that is fresh, impactful, and innovative.
Defense in Depth
An effective security stack includes multiple layers that provide preventive and proactive protection. By discussing each layer and their associated benefits and gaps, clients can begin to understand how it all fits together. For your reference, we created a Selling Cybersecurity Guide that outlines various products you most likely currently have in your security stack.
Gaining access to a network with administrative credentials can be devastating. Understanding how attackers have a low cost barrier to entry and take advantage of low security hygiene, such as lack of 2FA, is critical to understanding risk exposure. Leverage our example attack videos, RDP Compromise and Ransomware Infection, to demonstrate this in action.
Hacker in Action
Nothing better educates your clients on attacks than a full fledged hacking demo. It might sound complicated, but it’s actually quite easy — which is part of what makes it so scary. A computer, some open source tools, and a bit of social engineering and anyone is well on their way to becoming a hacker. Our hacking video provides you all the instructions you need to conduct your own demo.
Taking the time to step back and educate your clients on cybersecurity will help you protect your clients and grow your revenue. Spend more time on education, not less.
Want to dig deeper into how to build cybersecurity credibility in your MSP? Download our MSP Security Kit!
By Lily Teplow
By Brian Downey
By Dave LeClair