Skills shortages exposing MSPs to security risks

Managed service providers (MSPs) are in the unenviable position of being responsible for securing customer data and competing for skilled staff to deliver those services.

Sophos has shone a spotlight on the issue, revealing a security skills shortage poses major risks to both MSPs and their customers.

The vendor’s latest MSP perspectives 2024 survey of the market discovered that managed service providers were struggling on a day-to-day basis to keep on top of industry developments and bring on board talent that could provide more analysis of trends.

There are also shortages of skilled staff in-house, with MSPs concerned that they are exposing their own businesses to risk as a result.

“The speed of innovation across the cyber security battleground means it’s harder than ever for MSPs to keep up with threats and the cyber controls designed to stop them. When you couple this with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain cyber security analyst resources, its unsurprising that MSPs feel unable to keep pace with the changing threat landscape,” said Scott Barlow, vice-president of MSPs at Sophos.

The pressure to provide round the clock support meant many MSPs had reached out to third-party vendors to help them deliver managed detection and response (MDR) services. Partners were keen to work with those that could provide them with access to a 24/7 incident response service.

Barlow said that requirement for high levels of service and support added to the pressures MSPs were facing: “This is all compounded by the need for 24x7 coverage as indicated in our 2023 active adversary report for tech leaders, which finds that 91% of ransomware attacks now happen out of business hours.”

The Sophos research also shone a light on a trend across MSPs to reduce the number of vendors they worked with, revealing that more than half (53%) opted to work with just one or two. A desire to reduce complexity is behind the reductions, with MSPs indicating they could cut their day-to-day management time by 48% if they were able to manage their security tools through a single platform.

MSPs also reported a surge in demand from customers for cyber insurance related support, either through the roll-out of tools such as MDR or with the mechanics of entering into an agreement.

“While MSPs have a huge job to do in protecting their customers against fast-moving adversaries, there’s tremendous opportunity to grow their business and profitability if they can find the right security set up. The data shows that MSPs are strengthening their proposition and reducing overheads by amalgamating the platforms they use and engaging with third-party MDR vendors to expand their service offerings,” said Barlow.

He added that it was clear MSPs were considering their supplier options and they should be careful who they chose to work with.

“As they look to build their security offering of the future, they should prioritise vendors that can offer a complete portfolio of industry-best, fully managed security services and solutions,” he said.