I know you take your clients’ security seriously. People rely on you, and you make sure to have the right tools in your arsenal.
But sometimes, it’s not about the tools.
I got off the phone last week with an MSP who was doing all the right things.
They were investing in the right tools—they had a reputable XDR, application whitelisting and a SOC, just for starters. This wasn’t a basic antivirus environment, which makes this particular case study more concerning.
They had made sure all of their tools were consistently installed across the environment. The team had diligently made sure each security tool they invested in was on every single device and that each instance of the tool was updated. They had records validating all of this.
Sounds like they did enough to prevent a cyberattack, right?
WRONG.
They invested in tools, and they made sure they were implanted, but their client’s network was hit hard by a ransomware attack. The ransom note even listed each of the security tools and explained that they easily bypassed them.
That’s pretty worrisome. If we can’t depend on our tools, what do we have?
In my humble opinion, this didn’t happen because they had implemented too many tools and simply lost visibility on any of them. This was about strategy and the right tool selection.
I feel like this story could happen to many MSPs and I want to walk through three big reasons why.
Reason #1: You buy tools because they’re new
I’m not saying there’s anything wrong with new tools. I certainly love to have our team test new tools and I encourage our partners to do so as well. But I want you to shift your mindset on tools.
We all assume that just because something is new, it’s better. This is especially true when we think about cybersecurity. I always get excited thinking about new products and their potential to solve big problems. But new isn’t always going to solve your problem. It might help, but often, problems in your environments are too complex to simply rely on a new tool to completely fix it. I’m sure you can come up with several stories about excitedly adding a brand-new tool and ending up shelving the project or half implementing it because that new tool isn’t as simple as you had hoped.
Reason #2: Your security tools aren’t doing what you expect
Security companies are notorious for really shiny marketing. Their marketing pieces boil down their solution to a few irresistible sentences making it seem like their tool will completely solve your biggest problem.
The reality is most tools can only do so much to help. Without your team investing time in understanding how your tools address issues on your client networks and knowing how each of those tools fit a bigger strategy, you risk having overinvestments in security tools and false senses of security.
Reason #3: You don’t have a cyber strategy
As you stack security tool after security tool, are you reassessing your client’s business needs? Do you take the time to consider questions like this:
- What are the most important parts of their business?
- What data is critical and is it the focus of the tools you’ve selected to implement?
- Do their core processes work with or against your security program?
If you layer tools within their environment, you may end up assuming everything is okay, when you still have gaping holes.
Investing time in planning and creating a strategy will help alleviate much of your spending AND reduce your security risks. If you don’t do this, your team is likely overinvesting time, energy and money in certain areas and ignoring other more important risks.
We recommend starting a conversation about risk with your clients. Start with your biggest or most valuable clients. Get a meeting set up to walk through their data assets. Plan out how each critical asset will be addressed with your security program.
Want a great way to start the conversation around risk? Consider a free cyber stack analysis of your network and then apply the process to that of your clients.
