Companies turning to MSPs as attack vectors get more sophisticated
Research from Infrascale reveals new information security insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance.
As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust segment of leaders, across different industries, specifically turn to Managed Service Providers (MSPs) for help.
The survey of more than 1,200 business leaders has revealed that education (44%), healthcare (51%), and manufacturing (53%) executives all cited a need for increased security as their top reason for selecting an MSP.
Security is not the only top driver. Finance leaders chose reduced costs (57%) as their top reason, noting that an MSP is less expensive than hiring talent internally. For e-commerce retailers, increased security (46%) and reduced costs (46%) tied for the top spot.
“It’s never been more critical to have an encrypted backup and disaster recovery solution to ensure your business is always up and running. The increased threats to companies and MSPs have never been this severe, and it’s going to continue to get worse,” said Infrascale CEO Russell P. Reeder.
“In this ever more challenging landscape, data protection and data recovery are top priorities for MSPs serving clients, especially as attack surfaces expand and attack vectors get more sophisticated,” he continued.
The survey further revealed which MSP services are most prominent for each industry. Finance (53%), education (51%), and healthcare (53%) executives all noted that the top service they leverage most with their MSPs is data protection, while manufacturing executives specified a subset of that category, cybersecurity services (58%) — focusing on computer network environments as their top MSP service.
Executives across all these industries also named backup and recovery solutions (43%), cloud services (45%), and data analytics (48%) as key MSP services they use.
COVID-19 prompts industry-specific security actions
Ramping up remote access work environments during COVID-19 has created a deluge of security risks and expanded attack surfaces that businesses are still in the process of addressing.
It’s a common prediction that hybrid remote work trends will figure into the new-and-next normal this decade. As MSPs prepare for more flexible customer work environments, it’s helpful for them to understand what leaders in different industries have ascribed to COVID-19.
First, in broad terms, 81% of financial industry executives have implemented new information security technology due to COVID-19, with education second at 70%, and healthcare third at 67%. It’s noteworthy that 75% of financial industry respondents also have seen an increase in infosec breaches in their industry during COVID-19, the most among all industries surveyed.
Executives have named different kinds of infosec technologies they’ve leveraged during COVID-19, as well. According to survey respondents from the respective industries:
- Cloud backup wins top technology for the financial (53%) and education (54%) industries
- Encryption solutions earns the top spot for the healthcare industry (52%)
- Antivirus/malware was the top technology implemented by the manufacturing industry (64%)
With so much new adoption of infosec technology in these industries, MSPs will be able to offer competitive security improvements and reviews of security controls throughout 2021.
High demand for cloud signals the need for security and ease
The vast majority of business executives, 95%, say they’ve moved some (64%) or all (31%) of their data to the cloud; their main reason, collectively, for doing so is improved security (68%), followed by ease of management (66%).
When broken down by industry, finance leaders affirm security (71%) as their top reason for pursuing cloud-based solutions, while education (72%), healthcare (70%), and manufacturing (69%) industry leaders report ease of management as their top reason.
Reeder provided further insights: “While the survey data shows that more small and mid-market businesses have moved workloads to the cloud than one might think, there are still many workloads that are maintained on-premises and in private colocation data centers. Our conversations with our partners and their customers show that on-premises workloads will be here for a while.
“MSPs need to bolster their cloud migration and cloud security capabilities — especially for finance, education, healthcare, and manufacturing — so as to be prepared for the ultimate need of digital transformation and successful cutovers to the cloud.”
The survey showed executives are ready to embrace MSPs that are up to speed in the cloud — with 91% either extremely (61%) or very likely (30%) to work with an MSP that provides cloud-based solutions. By industry, the combined “extremely” or “very likely” enthusiasm for MSPs with cloud-based solutions was equally compelling:
- Finance (94%)
- Education (89%)
- Manufacturing (87%)
- Healthcare (83%)
MSPs: Security strategy must target compliance
Executive concern with regulatory compliance and industry standards is top of mind, according to the survey. While that’s to be expected, growing pressure on the new U.S. administration and Congress to pass comprehensive federal data protection legislation will keep compliance front and center in 2021 and beyond.
Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed GDPR’s framework. It’s vital for MSPs to be prepared for seismic shifts in the regulatory landscape in order to help their customers adapt quickly to any new industry requirements.
Right now, 88% of business executives surveyed said their company requires compliance with industry standards. The most common, applicable compliance regime overall is ISO 27001, noted by 37% of respondents.
By industry, ISO 27001 is the number one standard of concern cited by executives in finance (38%) and manufacturing (49%). That international standard requires businesses to establish, implement, maintain, and continually improve upon controls that keep data secure.
HIPAA, the U.S. law which protects sensitive patient health data, is the top concern for education (32%) and healthcare (52%) executives. HIPAA is the number two concern for manufacturers and the number three concern for finance leaders.
FERPA, which protects the privacy of student education records, was deemed number two for educators and number three for manufacturers. The latter regularly work with universities and state and local governments to offer educational programs for their workforces.