1. Lack of cybersecurity expertise

Over the next four years, CyberCX, projects that there may be up to 30,000 open cybersecurity jobs across Australia and New Zealand. These numbers highlight the challenges that businesses still have when trying to scale their security teams in the face of a skills shortage and rising demand.

2. Expensive digital solutions

According to a new study commissioned by Microsoft, growing manufacturer pricing is one of the biggest issues facing technology partners today.  With 64% of SMBs preferring to buy cybersecurity solutions as part of a package that satisfies all their needs, they see no need to spend additional budget duplicating tools.

Source: ConnectWise

With this in mind, and the rise in cyber threats, there is an increasing need for managed service providers (MSPs) who can support their customers’ cybersecurity with specialised knowledge and affordable solutions.

A curcial collaboration

Leading cybersecurity software vendor and MSP expert ConnectWise announced a new collaboration with Microsoft in September 2023. Together, they provide MSPs with a solution to meet the expanding cybersecurity needs of SMBs, to help overcome the two major obstacles mentioned above.

Microsoft Defender for Business’s SMB endpoint detection and response (EDR) software is integrated with ConnectWise’s co-managed Security Operations Centre (SOC) services to form ConnectWise MDR with Microsoft Defender for Business. Together, they create a Managed Detection and Response (MDR) solution with an emphasis on SMBs.

“The integration with ConnectWise represents our shared commitment to empowering managed service providers. This collaboration aims to enhance security for SMB customers, boost partner profitability, and reduce costs through integrated solutions.” Stated Rob Lefferts, Corporate Vice President at Microsoft Defender and Microsoft Sentinel Engineering.

MSP-focused security team: add to your existing team

MSPs have access to the more than 200 certified security experts of the ConnectWise SOC when they use ConnectWise MDR with Microsoft Defender for Business. The ConnectWise staff manages all security alerts and responds in real-time, around-the-clock, serving as an extension of the MSP business. By leveraging the SOC’s capabilities, MSPs supercharge detection and response offerings to secure their clients’ systems while streamlining operations, maximising profitability, and freeing up the business to scale and grow.

The ConnectWise Research Unit (CRU), a group of seasoned security experts with experience in incident investigation and response, engineering, IT administration, and security operations, collaborates closely with the ConnectWise SOC. CRU analysts are entirely focused on MSPs; they constantly search for unusual activity, researching emerging threats and collating new information. The proactive approach ensures MSPs and their clients remain shielded in the evolving threat landscape.

Harnessing Existing Software – reducing your costs

As SMBs often work with tighter budgets, leveraging existing technology where possible is critical. With ConnectWise MDR with Microsoft Defender for Business, MSPs can utilise the cybersecurity software that their clients likely already own. Microsoft Defender for Business (MDB) is also available as a standalone solution, so it can easily be installed if the client is not a Microsoft 365 Business Premium user. Microsoft 365 Business Premium, one of the most popular software suites on the market, ships with MDB, so there is no need to buy extraneous solutions.

“To offer all we do now [with ConnectWise] along with the relationship, is phenomenal,” stated the CEO of an Australian MSP for SMBs and a ConnectWise MDR with Microsoft Defender for Business user. It puts us on the same playing field as larger MSPs. We can do it as well as them.”

With bad actors no longer exclusively targeting large corporations, smaller Australian businesses simply cannot afford to wait to bolster their security posture. Now is the time to expand your MSP services to these customers by taking advantage of cost-effective, impactful solutions. To learn more about the unique offerings for MSPs that ConnectWise offers, click through to connect with a representative near you.

The post Microsoft and ConnectWise tackle SMB cybersecurity demands for MSPs appeared first on Tech Wire Asia.

Cybersecurity is certainly at the forefront of clients’ minds; 94% of small and medium businesses would consider switching to a new MSP if offered a more comprehensive security solution. It is becoming increasingly clear that traditional antivirus software no longer provides strong enough protection on its own. Businesses are actively searching for more comprehensive solutions to arm themselves against the rapid evolution of malware and other cyberthreats.

MSPs have an opportunity to meet this growing demand by offering an endpoint detection and response (EDR) solution. These are designed to provide real-time monitoring and threat detection right at the endpoint, helping to quickly identify and respond to malicious activities and security breaches. However, implementing and managing a comprehensive solution can be challenging without the right expertise. Misconfigurations or improper management of EDR tools can result in false positives, operational disruptions, and potential gaps in security coverage.

Poor EDR solutions also impact users’ experiences with their devices, making the threat of shadow IT a real concern.

Source: ConnectWise

EDR solutions can be expensive, with providers charging up to US$170 per year, per endpoint. Depending on the size of the business, costs can add up quickly, eating into an MSP’s profit margins. Configuring EDR solutions to suit each client’s unique infrastructure and ensuring they work effectively can be time-consuming and require specialised skills. What’s more, many MSPs do not have the necessary expertise or personnel to handle these complexities, leading to potential gaps in security or increased operational overhead.

Smooth-running and secure EDR solutions must be carefully managed. The effectiveness of EDR solutions heavily relies on continuous monitoring and timely response to security incidents. This demands round-the-clock vigilance and skilled cybersecurity professionals who can interpret alerts, investigate attacks-in-motion, and execute appropriate remediation measures. These alerts will only grow in number as client businesses expand.

Many MSPs may not have the capacity to provide extensive 24/7 support, particularly when each solution is tailored to a different client, and increasing staff headcount is incredibly challenging for this specialism without very deep pockets.

However, these challenges can largely be eradicated if a trusted third-party security operations centre (SOC) is recruited to manage the EDR offering. This is why ConnectWise, a leading cybersecurity software and support provider, has collaborated with Microsoft to offer a new holistic solution: ConnectWise MDR with Microsoft Defender for Business. By harnessing Microsoft’s advanced threat detection technology and intelligence, alongside ConnectWise’s industry-leading SOC, this solution delivers a comprehensive and cost-effective defence system that provides unmatched protection against emerging threats

The EDR on offer is Microsoft Defender for Business, an enterprise-grade solution, tailored for SMBs, with robust security features and comprehensive threat-detection capabilities. Clients can benefit from real-time monitoring, automated threat detection, and advanced analytics to safeguard their digital assets. Enhanced with advanced data enrichment and human-guided escalation, the solution delivers more accurate responses, reducing the occurrence of false positives and preventing red-flag fatigue.

Given its widespread adoption, many clients may already have Microsoft Defender for Business installed. MSPs can now offer best-in-class protection while eliminating the need to purchase additional EDR solutions or subpar preventative-only tools, thereby maximising profit margins. Guidance and solutions from ConnectWise mean goals of 55% average gross margins and operating margins of 45% can be attained within three years.

ConnectWise MDR comes with a centralised, multi-tenant platform that allows MSPs to monitor multiple clients’ EDRs simultaneously. This scales with the business, eliminating the risk of slow response times and helping to maintain positive client relations. It also seamlessly integrates with other ConnectWise products, creating a unified ecosystem that streamlines operations and simplifies the management of clients’ cybersecurity.

Source: ConnectWise

While it can be difficult for an MSP to acquire the personnel necessary for an EDR offering, ConnectWise MDR can alleviate the burden. Serving as an extension of the existing team, the ConnectWise SOC is comprised of over 200 security experts hunting for anomalous activities, and adding new detections as threats emerge.

With a team of dedicated analysts investigating and managing security alerts, the ConnectWise SOC reduces the need to hire additional staff as workloads increase. This not only enhances the security of clients but also allows executives to allocate more time and resources towards strategic and profitable activities.

One ConnectWise partner said: “You’re looking at well over a million dollars in resources to create what we get for a fraction of that cost from ConnectWise.”

Don’t wait to secure your clients’ businesses. Contact ConnectWise’s experienced sales team today and discover how ConnectWise MDR with Microsoft Defender for Business can provide a managed EDR solution to ensure cost-effective, enterprise-grade security.

The post The EDR dilemma: Meeting an MSP’s client demands while protecting profit margins appeared first on Tech Wire Asia.

Companies are constantly navigating the labyrinth of multiple vendors for different systems, each introducing unique dynamics, interfaces, and requirements to their operational matrix. Beyond the surface-level management of these diverse services, there’s an underlying need to synthesise them into a singular, streamlined entity that simplifies operations and amplifies output. This is a particular challenge for those in the Technology Solutions Provider (TSP) sector, who must coordinate multiple systems seamlessly to ensure consistent, top-tier results.

Source ConnectWise

Redefining business efficiency through unified solutions

Managing multiple vendors presents a significant obstacle for businesses, often termed ‘vendor fatigue.’ Vendor fatigue encompasses the difficulties of navigating unique systems and requirements from each vendor. Different interfaces add to the learning curve for employees, leading to potential errors and inefficiencies. Financial teams grapple with diverse and frequent billing, making invoice processing time-consuming and error-prone.

While diversifying vendor relationships might seem like a strategic move to leverage the best from each, the administrative, financial, and technical overhead can quickly escalate and negatively impact the overall operational efficiency of the organisation.

Furthermore, the technical demands are relentless. Constant updates and patches from multiple vendors require intricate coordination, often sidelining IT teams from proactive improvements. The costs and complexities can sometimes outweigh the benefits of such vendor diversity.

Harnessing true efficiency

The seamless flow of data across platforms is paramount for maintaining a competitive edge. However, disconnected systems hinder the smooth flow of data, resulting in inefficiencies that restrict business growth. Risks include misinterpreted data leading to flawed strategies, data loss causing missed opportunities, and data discrepancies affecting analytics.

Manually re-entering data wastes time, is error-prone, and can negatively impact areas like inventory and financial planning. Ensuring consistency across platforms becomes a time-consuming necessity, diverting resources. Fragmented systems can also obscure vital insights, potentially causing businesses to overlook significant opportunities or challenges.

To truly harness efficiency, businesses need integrated, coherent systems capable of delivering accurate and consistent data. Without this, they risk getting bogged down by preventable challenges, missing out on the advantages of true technological synergy.

Positioned for growth

Growth in a company is epitomised by its capacity to adapt, innovate, and strategically progress. It encompasses sustainable scaling and aligning changes with core values. Navigating this growth trajectory requires benchmarks, akin to a compass in a vast, shifting ocean. Without them, businesses risk being reactionary rather than proactive.

Such benchmarks gauge a company’s market position, inform about customer trends, and spotlight best practices and areas for enhancement. Embracing a benchmarking culture equips businesses to define clear, ambitious goals, ensuring steps towards enduring success.

The cloud advantage in the digital age

The cloud signifies a transformative approach to data management, offering superior scalability and flexibility compared to traditional on-premises systems. Whereas old server setups require constant manual upkeep, often consuming valuable resources and introducing downtime, cloud solutions automate many tasks.

According to PwC, companies powered by the cloud are four times more likely to report facing no barriers when achieving value in areas such as improved decision-making, increased productivity, enhanced agility, cost savings, and product and service innovation.

Service providers handle maintenance and updates, granting businesses constant access to the latest enhancements. The cloud’s cost-effective model further reduces upfront infrastructure investments. Moreover, cloud-hosted data and applications ensure anytime, anywhere access, fostering collaboration and guaranteeing business operations, even during unexpected events.

Source ConnectWise

Adopting cloud solutions isn’t just a tech upgrade, it’s a strategic move that liberates businesses from operational shackles, letting them focus on what truly matters: growth, innovation, and delivering unparalleled value to their customers.

A commitment to success in the digital age

This quest for integration, efficiency, and alignment is where ConnectWise truly shines, promising solutions and transformations. This platform is a comprehensive ecosystem, and with everything from sales automation to reporting under one umbrella, ConnectWise eradicates the need to juggle multiple vendors.

The integrated approach of tools like ConnectWise CPQ, PSA, and WisePay through their business management offering, ensures that everything remains within one cohesive system from when a quote is generated to when cash is realised. With ConnectWise, businesses can experience a smooth transition from sales to execution, eliminating redundant data entry and focusing on core business tasks.

ConnectWise’s BrightGauge tool consolidates data across operations into clear dashboards and reports, providing reliable data that informs strategic decisions in real time. Proactive notifications also ensure businesses are anticipatory in their approach.

Furthermore, ConnectWise’s industry-leading benchmarking offers insights that guide decision-making. Tools like SLIQ provide comparative metrics, allowing businesses to gauge themselves against peers, driving motivation and direction.

Customer relations remain paramount, and with ConnectWise’s tools, businesses are always attuned to their sentiments. Streamlined financial processes facilitated by ConnectWise also promise growth, making collections predictable and ensuring financial stability.

But what truly sets ConnectWise apart is its unwavering commitment to the success of its partners. Its Premium Business Management package isn’t just about providing tools, but optimising their use. With monthly virtual consultations, businesses are constantly guided, ensuring they harness the full potential of their resources.

In a world where change is the only constant, having a partner like ConnectWise can be transformative. Its holistic, integrated approach ensures businesses aren’t just functioning, but thriving. With smooth implementation, a focus on ROI, and an unparalleled suite of tools, ConnectWise promises unparalleled business potential. Dive into the ConnectWise ecosystem today, and lead the change you wish to see.

To find out how ConnectWise can support your business, visit the website, chat to the Australian team on 1800 573 165 or get in touch via via the website.

The post How can MSPs truly redefine business efficiency in the digital age? appeared first on Tech Wire Asia.

That presents challenges to MSPs, especially when we consider that cybersecurity threats are front-of-mind for many small and medium-sized businesses. We’ve featured ConnectWise as one of the few suppliers to the MSP sector of tools that are not only designed for MSPs’ use but also how the company helps its customers develop sensible, cost-efficient and secure solutions that are part preventative measure, part approach to cybersecurity and risk, and part amelioration and recovery systems.

We recently interviewed Leon Friend, the Security Sales Engineer, APAC, of ConnectWise, who explained the five most effective cybersecurity priorities that an MSP should adopt in its everyday work to ensure the safest possible working environments, both for the company itself and its customers.

1. Price and packaging

Given that the trusted service provider landscape is highly competitive for price, it’s tempting to believe that the MSP will lose business unless it can offer cybersecurity protections with the lowest possible outlay. However, with the predominance in the mainstream news of the terrible effects of cybersecurity incidents and the increasing requirement to comply with more stringent data governance, many customers are very conscious of the need for proper protection.

To achieve the balance between cost and effectiveness, Leon told us that an assessment of the MSP’s own risk profile alongside each of its customers’ is an essential first step.

He said: “The MSP has to understand and decide what their risk factors are and what risks they’re willing to take on. Sometimes, that means that they don’t accept customers because the customer is not willing to meet their benchmarks – which is hard. The MSP must ensure that the customer is not introducing risk to their business. Every business wants to grow, but the MSP needs to be sure that the growth is safe and profitable.

When an MSP is first starting to build their cybersecurity practice, they often think of tiered solutions based on a “good, better, best” model with corresponding prices. However, they will get better results by moving to a more consultative approach that focuses on the customer’s risk factors. By focusing here, they can build a security platform that is less invasive and caters for the customer’s needs, whether they are operating in sensitive areas such as medicine or finance or businesses with a lower-risk profile. It also means the customer will understand what they are signing up for”.

2. Risk assessment

Determination of customer risk is an essential first step in providing the right protective measures. Seeing what data matters to an MSP’s customers and what is of lower value can help determine the correct level of cover and requirements. Many companies make good use of cloud-based SaaS solutions in the form of applications or remote storage. While it’s not necessarily a given that cloud services are secure, determining the business’s internal workflows and data protection needs will form the basis of recommendations for the types of cover available.

With many security incidents being the result of user activity, an often overlooked element is user education. Leon said, “…if we can educate those users to try and minimise [clicking rogue links], that’s great”. However, he also stated that it’s crucial that businesses don’t use a lapse as a stick but rather as a teaching tool, e.g., by using methods such as a short two-minute video that teaches employees why the action was dangerous and what to do in future. And this can’t be done just once; it needs to be ongoing.

Blanket use of services such as multi-factor authentication (MFA) may be challenging. Leon explains: “In some environments, BYOD [for MFA] is not achievable. For example, in a retail environment, where staff are not allowed to carry their phones, an authentication app just isn’t an option. You must think differently, for example, you might use security keys or hardware-based tokens such as Yubikeys”.

3. Cyber insurance

Covering for cyber incident costs and losses was, maybe five years ago, just a matter of ticking a box on the application for Professional Indemnity Insurance. However, all businesses now need to consider Cyber Insurance a critical part of their overall business insurance requirements. This means both MSPs and their customers should be looking to ensure they have the right level of coverage. Leon advises using a specialist insurance broker capable of helping companies choose between multiple cyber-focused insurers. That expertise will help companies see any gaps in cover or policy exceptions that could be critical.

The key here is a realisation that if no insurance is in place on the part of either MSP or its customer, the party deciding against insurance is effectively self-insuring, thus covering all its costs in the event of an incident. Boundaries between liability need careful thought: if a customer of an MSP suffers a critical incident, its MSP’s insurance policies may or may not provide cover.

Leon said that when an MSP seeks its own insurance, its marketing will be scrutinised by any underwriters. “When you go to get cyber insurance, [insurance companies or brokerages] look at your website,” he said. “If you’re saying you do everything, most cyber insurance will not want anything to do with you. So it’s important that MSPs are really clear about what they do, and just as importantly, about what they don’t do.”

4. Security frameworks

MSPs don’t need to spend time and effort creating their own security framework. Implementing a framework such as Australia’s Essential Eight or the Cert NZ critical controls will dramatically improve the customer’s security posture. As the security practice grows, MSPs can expand coverage by using other security frameworks such as NIST or CIS.

Another important consideration for the MSP is whether its customer base has specific regulatory or compliance requirements. This will vary based on industry or market vertical and is essential to understand to ensure they can respond to their customers’ risk factors or needs.

5. Shared responsibility models

In almost all aspects of the MSP-customer relationship, both organisations need to work together to produce the right outcomes.

As an example, both parties must have established and practised incident response processes, agreed on levels of responsibility, and established the security frameworks upon which both will operate and expand. Without this cohesion, a successful response will be difficult.

Leon pointed out that in today’s MSP-customer relationship, the responsibility for data lies in three places:

• The data owner (the customer, who also controls the budget).
• The security adviser.
• The implementer of technology.

In most cases, the MSP provides the second two roles; the customer always owns the data.

All elements of the cybersecurity picture can be determined by agreement between both parties, from risk audit, advice, implementation, insurance choice and cybersecurity measures’ evolution and expansion. If we accept a company’s data as its unique intellectual property, expert provision to protect it is necessary. An MSP that can step into the role with assurance and expertise will find it is significantly differentiated from its competition.

Conclusions

There are few areas of business not interwoven by technology. The power and complexity of tech now means that specialists are needed for systems oversight, protection and management. It’s incumbent on MSPs to be the go-to expert resource for all things technological, and a large part of an MSP’s activities are in cybersecurity: proactive, reactive and constant.

Getting clients safe and secure depends on the MSP’s own tools, approach and knowledge. Coordinating all the moving parts fluently is challenging, but there are specialist companies that advise and supply MSPs with what they need.

To learn more about the unique offerings for MSPs that ConnectWise offers, click through to find out more from a representative near you.

The post Five cybersecurity priorities for an MSP and its customers appeared first on Tech Wire Asia.

Help for MSPs comes in the form of high-performance business management software. The technology provides a suite of functions tailored to address the unique challenges MSPs face. From project planning and resource allocation to time tracking and financial management, software platforms offer a holistic approach to running an MSP.

As more SMEs come to rely on MSPs, such software solutions become more and more vital. This is partly due to a shortage of IT talent – research commissioned by the Tech Council of Australia projects a shortfall of 186,000 tech workers by 2030 – and the expense of hiring an in-house team. IT infrastructure in enterprises has become more complex with staff supporting remote and hybrid teams, a situation that is ‘soaking up’ a great deal of IT talent.

MSPs are faced, therefore, with the additional tasks of application maintenance and addressing connectivity issues while working with numerous public and private cloud providers. All of this must be done without the convenience of physical access to the underlying infrastructure.

While it is certainly true that business management software can assist with several of these tasks, different tech companies tend to make the same promises about their products. It is not uncommon for MSP decision-makers to find themselves relying on a whole host of software providers after a few years. At least some of these will not have been designed specifically for an MSP; rather, they are shoehorned into use to the best abilities of MSP staff.

As an MSP grows, new software may be required to address specific needs, and these additions accumulate over time. Different systems will not necessarily be compatible, creating inefficiencies and siloed information. Vendor lock-in relies on MSPs’ hesitation to migrate their systems due to contractual obligations or fear of workflow disruptions.

Accumulating business management software from different providers can also take a financial toll. It requires maintaining multiple software licenses and subscriptions that can add up quickly, putting a strain on the organisation’s budget. A report by Gartner revealed that organisations would overspend US$750 million on unused features of IT service management tools this year. Indeed, a study from 2022 found that large companies subscribed to 187 apps on average – a massive increase from the 77 of 2015.

But this kind of ‘software bloat’ is not just a financial issue. At a micro level, it can also negatively influence staff productivity. According to Bloomberg, the average worker toggles between apps 1,200 times a day, with each click acting as a small drain on their focus. Indeed, training employees on multiple software platforms is expensive and hinders productivity.

Source: Shutterstock

It is therefore wise to try and consolidate software solutions. While there are clear financial benefits, doing so also creates the opportunity for automation. When different repeating processes are tackled by programs that integrate with each other, it allows them to exchange data via APIs both internally and with the systems of third-parties and clients. Automation bridges the gap in the global IT talent shortage: research has found that 62% of IT decision-makers view the shortage as a significant threat to their businesses. Automating repetitive tasks frees up existing IT professionals’ time, and removes the possibility of mistakes made by bored (but well-paid) staff tired of copy & paste-ing.

There are cybersecurity benefits to getting all business management programs under one roof, too. It works to reduce the number of interfaces and access points that need to be secured and monitored. A single provider can also ensure consistent security standards and updates across the software ecosystem, as well as enable robust monitoring and threat detection to protect sensitive client information.

A leading provider of consolidated business management software for MSPs is ConnectWise. Its solutions, which include professional service automation (PSA) as well as quote and proposal automation, are scalable with the company’s growth. This removes the painful process of switching automation software down the road. ConnectWise does not adopt a ‘one size fits all’ approach, knowing that each MSP has different requirements and priorities, often dictated by the make-up of its client portfolio. It offers three Business Management package options, each designed to apply to companies with different goals and levels of maturity.

Gone are the days of switching between windows and logging in and out of endless accounts, as the ConnectWise solutions put all client data in one place; the BrightGauge Dashboards. All the most-used business tools can be synced to a single dashboard, allowing for decisions, changes and updates to be made more quickly. MSPs can also give their clients frequent status updates using this consolidated data, making it easier for them to submit issues or pay their bills. Client reports, regular or ad hoc can be automated, building transparency and therefore trust with clients.

To find out more about the ConnectWise suite of business management solutions, visit the ConnectWise website or connect with your local expert.

The post Challenges for MSPs? Business management software for connected, wise thinking appeared first on Tech Wire Asia.

Businesses should be planning to build cyber resilience – not merely securing the enterprise but ensuring all the company’s operational processes that involve third-party operators are secured, and that extends to managed service providers (MSPs) as well.

The Kaseya VSA ransomware attack last year is an example of how badly a cyberattack on an MSP can severely disrupt its customers’ supply chain, and they’re not the only ones. Colonial Pipeline was the victim of a massive cyberattack that saw its fuel distribution network shut down, sparking fears of fuel shortages.

The same month, the world’s largest beef processor JBS had its network hacked, temporarily shutting down some operations in several countries, not only affecting thousands of workers but also having a big impact on global meat supply. To top it off, JBS paid US$11 million in ransom to the attackers, in order to regain access to its data.

A successful attack on an MSP can cripple hundreds or thousands of small and medium businesses that are their clients – SMBs are especially vulnerable to cyberattackers, as they have smaller budgets and often have to defend more threat areas with fewer resources.

What’s more concerning is that attackers gain access to both their business and clients, as seen in the massive SolarWinds breach that directly attacked over a hundred companies in late-2020 and indirectly affected thousands more who were linked by their security services provider.

Are SMBs prepared enough for the 2022 cyber threat landscape?

And this is where the rubber truly meets the road for IT solutions providers. The high-risk security climate means managed security providers need more of the right sort of targeted protection than before – but having that sensitive conversation with clients, probing their potential weaknesses while telling them they need to spend more can be a tricky proposition.

In the ConnectWise MSP Threat Report 2022, a comprehensive timeline of 2021 cyberthreats showed just how pervasive the danger is – to the extent that the US government had to declare cyberattacks targeting critical infrastructure as acts of terrorism. Large enterprises partnered up with federal agencies to form the Joint Cyber Defense Collaborative to track the encroaching ransomware menaces of 2021.

The ConnectWise Cyber Research Unit forecasted that over 700 million ransomware attacks would occur by the end of 2021, with at least two sizable companies stating threat actors had identified vulnerabilities and were now actively targeting MSPs and other 3rd-party IT service providers. Another ConnectWise study states the danger is just as critical in the minds of owners of SMBs as for large enterprises. The research points out that 92% of SMBs would switch service providers for the “right” mix of security offerings.

Assess before you commit

But to direct SMBs towards the right security posture, questions first must be asked. A simple assessment can help both identify what a client is already doing right and areas for collaborative improvement.

A holistic cybersecurity risk assessment should evaluate the business’s existing IT infrastructure and security policies. This should be compiled while adhering to regulatory standards defined in a particular country or region.

Along with examining the varying security and network risks, a good assessment can use automated tools to study vulnerabilities in finer detail: identifying and logging issues associated with the operating system or with individual applications, including coding, processes, and design flaws in the hardware and software.

Understanding the client is crucial to constructing an assessment plan that can make sense of what the business might need, regardless of scale. For instance, the small business owner would probably want a broad overview of a cybersecurity plan but most especially how much it will cost.

On the other hand, the enterprise might want to know the bigger picture of how vulnerabilities are causing specific problems for systems or the network – so that it can be ascertained if short-term or longer-term patches might be necessitated and how much that is going to cost.

Boiling down security threats and exposures with the aid of actionable data will help the client understand better what’s needed. Contrasting the assessment findings against established best practices like the US Department of Defense’s CMMC or the HIPAA statute, the UK’s new Cyber Security Standards, the Essential Eight Maturity Model in Australia or the popular NIST cybersecurity framework can illustrate how a tailored cyber protection plan can yield the best outcomes from a controlled spend.

Clients often need the cybersecurity readiness talk – they just don’t know it yet. Be it the small business or the enterprise scaling up for the next phase of growth, the security solutions provider that provides a detailed cybersecurity risk assessment and action plan roadmap will go a long way towards building client confidence.

Specially designed security assessment tools like ConnectWise Identify Assessment and ConnectWise Risk Assessment can set clientele on the tailored security journey they need. Start your FREE trial today to uncover the whole picture of what’s going on underneath your clients’ critical business processes & systems.

The post Why cybersecurity risk assessment can pad the bottom line, per ConnectWise appeared first on Tech Wire Asia.

Just as cybersecurity technology continuously improves virtual defence mechanisms, criminal IT developers and service providers are also hard at work. Just as you have much to lose, they have much to gain. And that is not even the only thing to worry about in the ever-changing online security landscape.

Cybersecurity remains one of the fastest-growing sectors, with global spending on products and services increasing 30% from 2017 to 2020. This year alone, Australians spent approximately AUS$5.6 billion on cybersecurity from local and international providers – a number that is projected to climb to AUS$7.6 billion by 2024.

However, almost half of small-medium businesses (SMBs) rated their cybersecurity understanding as “average” or “below average” and had poor cybersecurity practices. A report has also shown that two out of five SMBs have direct experience with a cyber incident worthy of reporting.

It is not surprising that business owners know they are struggling but do not know where to begin, with only 21% learning about cyber risk from their MSP (managed service provider) and 19% spending nothing on cybersecurity in the last 12 months.

At times like this, there ought to be more good guys to help defend. Not quite. The cybersecurity skills shortage trend continues the slide from bad to worse, as detailed in the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Security Association (ESG). The study surveyed 489 cybersecurity professionals and found that 91% agreed that those in this line of work must keep up with their skills, or the organisations they work for are at a significant disadvantage. Yet, 82% said that job requirements often get in the way of developing their skills.

However, this bleak outlook can be a silver lining for managed service providers. A recent report projected the global managed services market to reach US$552.35 billion in revenue by 2028, with a 12.7% CAGR from 2021. There is a growing preference for organisations to outsource critical IT functions and management to MSPs to help improve operational efficiency while reducing costs. The scalability and flexibility of MSP models also allow businesses to keep pace with the latest technological advances.

Small and medium-sized businesses could be contributing to the rise as well. The ‘State of SMB Cybersecurity in 2021’ survey commissioned by ConnectWise found that 77% of respondents said they planned to increase their level of investment in cybersecurity throughout the year and beyond.

ConnectWise started 40 years ago as an MSP and has since evolved to be a leading provider of business automation software for technology service providers (TSP). Raffael Marty, senior vice president of product management for cybersecurity, recently spoke with Tech Wire Asia on MSPs, SMBs and cybersecurity.

Marty said MSPs come in different levels – from those providing essential services like reselling products and tending to everyday computer issues to their bread-and-butter of managing IT systems remotely and, more recently, engaging in cybersecurity as well. “Security conversations are more and more at the top of mind for most of the MSPs that we’re dealing with,” he said.

“Some of the MSPs [told us] ‘Look, we don’t have the expertise, or we would love to have the service, but we don’t have the right people, we don’t know how to do it’. So that’s when they can outsource it to our services, where we have a managed services security operations centre that will take care of a lot of those things. And it’s really anything from doing it for them, doing it with them, or they do it themselves,” Marty said, noting the MSPs are becoming more proactive when it comes to online security since they are aware everyone is a target nowadays. Cybersecurity affects other aspects of running a business too. “Even cyber insurance is now requiring all kinds of security tools to be there, so the MSP needs to be able to provide those tools.”

SMBs make up most of MSPs’ clientele. While out-of-the-box security solutions are available, they are mainly designed with large enterprises in mind, so SMBs could find many features irrelevant to their situation. SMBs can be better off working with MSPs that can configure custom solutions for them, so they can cut costs by only paying for and getting just what they need.

“I’ve been doing security for over 20 years and a lot of [the products are for] enterprise, which is very different, like the features and capabilities in there, you build them much more for experts,” Marty explained. He was chief research and intelligence officer at Forcepoint and has had senior leadership and ownership roles at Sophos, PWC, Splunk, and PixlCloud, before accepting the appointment at ConnectWise.

“Whereas here in the MSP space, it needs to be easy, from pricing to ticket generation, everything just needs to be super nicely tied in. Often when I hear some of the MSPs going and trying to buy the large best-of-breed enterprise product, I’m like, just make sure you write down your requirements. Yes, you would like to say that you’re using CrowdStrike, but is that really the right tool for you?” he said.

“You might want to go with something else that is more tailored to your industry. Maybe it’s not the absolute best enterprise product, but guess what, even with a step down, you will still get great coverage for security, and it’s going to be much easier for you to manage and handle. I think that that’s really important for the MSPs out there to understand as well.”

Aside from getting the most suitable tool for the job and business size, ConnectWise allows a business to be smart in overseeing its expenses, a factor in operations that is increasingly vital due to the changes in the market.

Cybersecurity is seeing new compliance and regulations affecting policy and platforms, including data protection acts across the world, advancing technologies, and an evolving threat landscape. It can be overwhelming for both customers and MSPs to keep up to date with emerging issues. Thankfully, no-one must deal with them independently.

“This is where vendors like us can help and say, ‘Look, you don’t have to worry about it as we’re here to extract all of that for you. We will keep on top of all these different things and here’s what you need, and we will help you configure and sell it’,” Marty said, adding ConnectWise is always listening and learning to fine-tune its solutions for the end-users. “We continually work with the MSPs and our customers to understand where they’re at.”

“Here at ConnectWise we are serious about Cyber Security, we have a unit called the CRU, the cyber research unit, which is specialised in the MSP space. In 2019, we founded the TSP-ISAO which is now a CompTIA organisation,” he said. The TSP-ISAO is short for Technology Solution Provider Information Sharing and Analysis Organization. ConnectWise handed over its management and operation to CompTIA, the leading vendor-neutral trade association for the global IT industry, last year.

“We are the only MSP Platform in the Microsoft Active Protections Program, and we partner with MITRE to provide an intelligence feed. We are constantly looking at that space and augmenting all our threat intelligence to what is relevant for MSPs, and that’s what differentiates us from others.” MITRE is a non-profit organisation committed to the public interest which created the MITRE ATT&CK, a free and globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

ConnectWise offers a comprehensive range of cybersecurity management solutions from EDR (endpoint detection and response) and SIEM (security information and event management), to risk assessment and dark web monitoring. It also provides hosting for a welcoming global community which supports education and nurtures best practices through its IT Nation Secure and MSP+ Cybersecurity Framework and Playbooks.

Whether you are an MSP, MSP+, VAR, or OED, ConnectWise provides scalability, intelligent automation, customisation, and community support. Learn how you can take the first step, or go to the next level in cybersecurity, by partnering with ConnectWise.

The post MSPs need to keep pace with a changing cyber threat landscape appeared first on Tech Wire Asia.

“Clients think, ‘I have an MSP that manages my technology. And cybersecurity = technology. Therefore, my MSP is managing cybersecurity,'” ConnectWise noted in its Art of the Cybersecurity Assessment ebook.

“I thought you were already doing this for me!” is just one of the misconceptions clients have that needs to be addressed to ensure the establishment of the most suitable defence system for the organisation. Companies forget that the responsibility of protecting their data is on them. They own the data, they control the budget, and they are the final decision-makers. Because they outsource IT functions to a contractor doesn’t mean they can wash their hands of the risks and responsibilities of securing data.

Then, there’s the “My business is so small, no one would bother to attack me!” logic. How humble and naïve. Small fry is a favourite of opportunistic criminals. For them, it isn’t about the organisation size; it is always about the data. Those who are complacent with their security measures are making it easier for attackers. Some may not even know their data has been breached until months after an initial attack. According to the Cost of a Data Breach Report, the average time to identify and contain a data breach is 280 days (approximately nine months). The 2020 report gave an average 296 days for Australia. When (or even if) organisations finally realise they have been attacked, they would say it was a sophisticated and well-coordinated operation rather than admitting that the criminal probably just waltzed right in.

“My security has been fine for ages now. If it ain’t broke, don’t fix it!” is another mistaken belief held by some. Just because a company hasn’t experienced a data breach, it’s thought that its legacy system is sufficient. However, threats and vulnerabilities are changing all the time. Unfortunately, legacy security tools and techniques are not keeping up with the threat landscape.

So, hate to burst the bubble, but the criminals are upping their game while you’re sitting on your laurels.  The hackers may not even undertake attacks themselves — they just develop the technology and sell it to others. Think of them as the IT service providers for bad actors. The perpetrators could be anyone who has enough motivation and money to cause harm. These bad actors could be business rivals, a jealous friend, a teenager experimenting with the tech, or some random person with time on their hands fooling around out of curiosity. More often than not, however, monetary gain is the primary motivation — and hacking indubitably pays and pays very well.

“TSPs and MSPs realise that the stakes have never been higher in cybersecurity as ransomware, cyberattacks, and other emerging threats are increasingly causing major business catastrophes,” said Jason Magee, CEO of ConnectWise. However, market research firm Vanson Bourne found that only 13% of MSPs talk to their clients about cybersecurity as a regular part of their business practice. ConnectWise also reported that 83% of MSPs believe their clients would take legal action following a cyberattack, and 80% have difficulty selling cybersecurity services. So, it’s not surprising that some of the clients’ misconceptions could have been dismantled by starting a conversation.

ConnectWise shares a three-step framework on initiating a cybersecurity talk with clients in a bid to educate them and build up long-term success together:

1. Overcome objections and misconceptions.
2. Understanding the client is on the same page regarding security’s scope, intention, and expectation.
3. Create an assessment of the situation with tools visualising the current system, and identifying its vulnerabilities.

ConnectWise knows — it’s the leading provider of intelligent software and expert services for TSPs.

“What’s unique about us is we’re focused specifically on the channel, including MSPs, ISPs, and TSPs,” Drew Sanford, senior director of ConnectWise’s global SOC operations, told CRN last June when its new Cyber Research Unit (CRU) was announced. “And we’re focused on the SMB (small-medium business) space. Others are focused on the enterprise. The problem is, SMBs have different requirements from enterprises. So, we provide information to help partners in SMB.”

In June, New Zealand government agency CERT NZ reported that the country saw a 25% increase in cyber security incidents over the same time compared to the previous year. It identified almost 500 vulnerable Microsoft Exchange servers and a further 100+ other compromised email servers between the start of January and the end of March this year alone. Small businesses owned the majority of the compromised email servers.

In April, the US Department of Justice took an unprecedented step to remove web shells from compromised on-premise Exchange servers using a court order. If the web shells were left alone, they could allow attackers to administer the hacked system remotely.

Meanwhile, the Australian government cybersecurity agency, ASCS, reported a 60% increase in ransomware attacks against Australian entities in the past year. The ASCS received approximately 144 reports of cybercrime relating to small businesses per day in 2019, costing small businesses an estimated $300 million per year.

ConnectWise’s independent research conducted with small businesses worldwide suggested that about 92% of SMBs change service providers to get the right cybersecurity protection. On average, they’d pay over 34% more to do so. If there is ever a time to begin a cybersec talk with clients, it is now. Unfortunately, the risk of losses is getting higher, not just for clients but also for service providers. Not just in stolen data but also missed opportunities. That is certainly not in anyone’s vision of success.

Choose ConnectWise for access to dedicated teams delivering best practices, fighting threats, securing your clients, and accelerating your business growth.

The post Cybersecurity talk is necessary to fortify businesses from attacks appeared first on Tech Wire Asia.

That’s where managed services are headed – orchestrated service delivery and support, with automation taking care of routine technical decisions. More sophisticated customer service bots, predictive maintenance, and self-service to make services happen as if by magic.

That’s good news for customers and colleagues at time-poor MSPs. But it also has serious implications for MSP owners, says Gregg Lalle, Senior Vice President of International Sales and Strategy at ConnectWise, which connects technology teams with the platform and solutions that deliver technology as-a-service.

A framework that outlines the best practices being implemented to deliver a superior customer experience can be downloaded here.

“The technical maintenance is not only becoming automated, it’s now table stakes just to join the game,” Lalle says. “It’s incredibly easy to replicate and spin up servers. You simply won’t need people to look after the routine stuff in the future”.

The traditional bread and butter work of many MSPs is losing value, according to Lalle. He doesn’t see delivery and support being as big draw-cards in an era of AI and automation. For example, basic 24×7 monitoring and endpoint security is being commoditised. But many MSPs haven’t responded.

“At one of our recent user groups, where over 110 MSPs were present, I asked how many people in the audience had customers on month-to-month contracts and over 10 percent raised their hand. While that percentage may seem small, it was literally unheard of two years ago,” Lalle recalls.

Customers’ expectations on the increase

“It’s the SaaS mentality,” says Angus Mansfield, Sales and Marketing Director at Sydney MSP XCentral. “Everything has to happen now. Customers expect quick fixes and immediate resolutions. Their lives are also busier and they consume more than they used to.”

To be successful in these conditions, Lalle says MSPs need a new formula – one that focuses on customers’ experience when it comes to the engagement and outcome, rather than only on the technical aspects of delivery. That may seem obvious, but in Lalle’s experience, customer experience is often a misunderstood concept.

“Technicians will say, ‘Someone raised their hand, I asked for a ticket, helped them and they gave me a smiley face. We’re good.’ That’s wonderful, but it’s not customer experience,” he says.

Opportunities to do that start well before someone on a helpdesk picks up a phone. “Blog posts, e-mail responses, web sites, quotes, purchasing, delivery, etc.: each point is an opportunity to captivate, convert and delight customers,” Lalle says.

Some MSPs are starting to use this methodology and have already documented tangible results. But many haven’t and few have a blueprint which prioritises the experience throughout the customer journey and plans for continuous improvement.

That journey has six steps: awareness (when the customer is first exposed to marketing messages), evaluation, purchase, delivery, support and billing/renewals. MSPs need to move the customer smoothly and efficiently from each point to the next.

More MSPs are elevating their relationship with customers by offering ConnectWise software to streamline everything from its marketing to billing. Mansfield says this strategy has influenced how it engages with customers from start to finish.

When marketers have faster access to more accurate information about customers, they can also work more virtual CIO services, Lalle says. “This will take your relationship to a whole new level” he explains.

A framework that outlines the best practices being implemented to deliver a superior customer experience can be downloaded here.

The right tools

It’s important to measure the success of any efforts an MSP makes to improve its efforts. Customer service metrics should be tracked and foremost in all employees’ minds.

Another consideration is the cost of customer experience activities. MSPs should track marketing spending and how many leads and sales it generates. “Right now, MSPs are willingly turning money over without tracking whether it’s being used effectively MSPs need to start getting a handle on their customer acquisition cost,” Lalle says.

From break-fix to consulting

With these foundations in place, MSPs should free up staff to have a more consultative relationship with customers – which is what’s happened at XCentral.

“We had to change our lens a little bit,” Mansfield explains. “We used to think that our job finished with making sure everything was working for customers. Now, we work more strategically at adding value by working with our customers on how they can innovate and interact more effectively with their customers in turn.”

XCentral’s focus on customer service and strategic relationships and has paid off, with a consistent growth trajectory and winning several industry awards.

“Consistently the folks in our peer group, their number one priority has been customer service and customer success over profitability. They understand that this mentality drives behaviour and profitability, not the other way around,” Lalle says.

A framework that outlines the best practices being implemented to deliver a superior customer experience can be downloaded here.

The post Why Customer Experience is driving Managed Service Providers’ Success appeared first on Tech Wire Asia.