Is your Managed Service Provider (MSP) selling you a cyber security “tool” or a “service”?

Is your Managed Service Provider (MSP) selling you a cyber security “tool” or a “service”?

December 10, 2022 Off By dodgersgurlmD

Today I wanted to talk to you about the potential confusion being created by Managed Service Providers (MSPs) who sell “cyber security” and how this may give some business owners and managers an unrealistic expectation.

Quite often MSP’s, IT Consultants and Value Added Resellers (VARs) sell tools like anti virus (av), endpoint detection & response (edr), multi factor authentication (mfa) and and say it’s “managed security services” or sold “as a service”, but they are literally just selling a “hammer”, not the “service” behind the tool to properly configure, manage, maintain and monitor it.

As a result, many businesses end up having cyber security incidents, even after they believe they’ve been “sold” cyber security services, only to find out after the incident that they got sold on the bare minimum.

The problem is that IT providers have struggled to get some business owners to invest in technology and in “Managed [IT] Services” for many years, but now there is a drive to be protected from “cyber attacks” and it’s a complex subject that the general person doesn’t really understand the difference in.

If you’re in the market to pick a new MSP and they are telling you what a great job they do to protect you from cyber security issues, perhaps ask them “When was the last time one of your clients had a cyber incident that resulted in downtime to their business, the need to put in a claim on their cyber insurance policy, or the need to notify under the Australian Notifiable Data Breach legislation?”

Being “good” at responding to cyber incidents is not something an MSP should claim to, unless they have a dedicated trained and certified cyber incident response team. Just say’en 😉