Why cybersecurity risk assessment can pad the bottom line, per ConnectWise

16 June 2022 | 4756 Shares

Source: Shutterstock

The past two years put a sizeable strain on IT operations managed in-house in more ways than one. When IT departments are reining in spending, the cyber vulnerabilities peak – the past couple of years have seen an upsurge in ransomware attacks, email phishing campaigns, and malware targeting supply chain systems.

Businesses should be planning to build cyber resilience – not merely securing the enterprise but ensuring all the company’s operational processes that involve third-party operators are secured, and that extends to managed service providers (MSPs) as well.

The Kaseya VSA ransomware attack last year is an example of how badly a cyberattack on an MSP can severely disrupt its customers’ supply chain, and they’re not the only ones. Colonial Pipeline was the victim of a massive cyberattack that saw its fuel distribution network shut down, sparking fears of fuel shortages.

The same month, the world’s largest beef processor JBS had its network hacked, temporarily shutting down some operations in several countries, not only affecting thousands of workers but also having a big impact on global meat supply. To top it off, JBS paid US$11 million in ransom to the attackers, in order to regain access to its data.


A successful attack on an MSP can cripple hundreds or thousands of small and medium businesses that are their clients – SMBs are especially vulnerable to cyberattackers, as they have smaller budgets and often have to defend more threat areas with fewer resources.

What’s more concerning is that attackers gain access to both their business and clients, as seen in the massive SolarWinds breach that directly attacked over a hundred companies in late-2020 and indirectly affected thousands more who were linked by their security services provider.

Are SMBs prepared enough for the 2022 cyber threat landscape?

And this is where the rubber truly meets the road for IT solutions providers. The high-risk security climate means managed security providers need more of the right sort of targeted protection than before – but having that sensitive conversation with clients, probing their potential weaknesses while telling them they need to spend more can be a tricky proposition.

In the ConnectWise MSP Threat Report 2022, a comprehensive timeline of 2021 cyberthreats showed just how pervasive the danger is – to the extent that the US government had to declare cyberattacks targeting critical infrastructure as acts of terrorism. Large enterprises partnered up with federal agencies to form the Joint Cyber Defense Collaborative to track the encroaching ransomware menaces of 2021.


The ConnectWise Cyber Research Unit forecasted that over 700 million ransomware attacks would occur by the end of 2021, with at least two sizable companies stating threat actors had identified vulnerabilities and were now actively targeting MSPs and other 3rd-party IT service providers. Another ConnectWise study states the danger is just as critical in the minds of owners of SMBs as for large enterprises. The research points out that 92% of SMBs would switch service providers for the “right” mix of security offerings.

Assess before you commit

But to direct SMBs towards the right security posture, questions first must be asked. A simple assessment can help both identify what a client is already doing right and areas for collaborative improvement.

A holistic cybersecurity risk assessment should evaluate the business’s existing IT infrastructure and security policies. This should be compiled while adhering to regulatory standards defined in a particular country or region.

Along with examining the varying security and network risks, a good assessment can use automated tools to study vulnerabilities in finer detail: identifying and logging issues associated with the operating system or with individual applications, including coding, processes, and design flaws in the hardware and software.

Understanding the client is crucial to constructing an assessment plan that can make sense of what the business might need, regardless of scale. For instance, the small business owner would probably want a broad overview of a cybersecurity plan but most especially how much it will cost.


On the other hand, the enterprise might want to know the bigger picture of how vulnerabilities are causing specific problems for systems or the network – so that it can be ascertained if short-term or longer-term patches might be necessitated and how much that is going to cost.

Boiling down security threats and exposures with the aid of actionable data will help the client understand better what’s needed. Contrasting the assessment findings against established best practices like the US Department of Defense’s CMMC or the HIPAA statute, the UK’s new Cyber Security Standards, the Essential Eight Maturity Model in Australia or the popular NIST cybersecurity framework can illustrate how a tailored cyber protection plan can yield the best outcomes from a controlled spend.

Clients often need the cybersecurity readiness talk – they just don’t know it yet. Be it the small business or the enterprise scaling up for the next phase of growth, the security solutions provider that provides a detailed cybersecurity risk assessment and action plan roadmap will go a long way towards building client confidence.

Specially designed security assessment tools like ConnectWise Identify Assessment and ConnectWise Risk Assessment can set clientele on the tailored security journey they need. Start your FREE trial today to uncover the whole picture of what’s going on underneath your clients’ critical business processes & systems.