Managed Service Providers key to customer data protection
Managed Service Providers in the ASEAN region play an increasingly crucial role in protecting their small and medium enterprise customers from cyberattacks, according to new research.
Security and cloud-based software solutions provider Datto Holding Corp has announced the findings of its ASEAN MSPs are Key to Customers Data Protection report, conducted by global technology analyst firm Canalys.
"ASEAN provides growth opportunities for MSPs that can differentiate themselves through their services and solutions offerings," says Mark Clayton, vice president, APAC at Datto.
"As cyberattacks become more sophisticated, MSPs who build cyber resilience and equip their customers with the best security solutions to protect their data and minimise the cost of downtime will become essential, trusted partners for their customers."
ASEAN is a hot spot for both cyberattacks and MSPs
According to the report, nearly 400 million personal data records were compromised in 63 publicly known breaches in the ASEAN region between 2018 and 2020. Indonesia and Singapore experienced their largest data breaches in 2021, with 279 million and 5.9 million records leaked due to hackers respectively.
With the rise in cloud adoption and digital transformation of SMBs, demand for MSPs continues to accelerate. The number of IT providers with managed services revenue is growing, with approximately 14,400 partners across Indonesia, Singapore, Malaysia, and the Philippines. Revenue growth for MSPs rose 9% in 2021, reported at US$4.21 billion.
The report identified five key trends MSPs must understand to continue this growth, all of which demand continuous improvement in cybersecurity standards and resilience, both by MSPs and their customers.
- A growing number of cyberattacks are targeting MSPs due to their often disparate platforms and tools, as well as a broad range of customers. An increasing cause of concern, when asked what internal measures they are taking in response to recent supply chain attacks, 55% of ASEAN MSPs are implementing and investing more in cybersecurity.
- Legal and financial consequences of non-compliance in cybersecurity, privacy, and data sovereignty are intensifying. The report found that SMEs expect their MSPs to be compliant, and investing in backup and disaster recovery solutions can help in that regard. MSPs should actively educate customers around these developments while adopting the right cybersecurity solutions and ensuring legal needs are met and standards are improved.
- Amidst supply chain attacks, customers are driving suppliers and partners to be more cybersecurity compliant. With growing cybersecurity threats in the ASEAN region, customers are increasingly relying on trusted vendors, and some of their requirements are automatically satisfied when suppliers or business partners hold industry-recognised certifications, such as the ISO/IEC 27001 for information security management.
- Cybersecurity insurance better protects companies that are cybersecurity prepared. Underwriters typically require customers to demonstrate a high standard in their cybersecurity posture, ensuring minimal losses are incurred for both the MSPs and their customers.
- Lack of internal cybersecurity skills. Not only is there a lack of personnel with appropriate cybersecurity skills, but human error continues to be a leading cause of cybersecurity breaches and incidents. Organisations must reinforce the importance of cybersecurity hygiene and educate employees on tell-tale signs of suspicious scams. Governments are doing their part to boost awareness and build good cyber-hygiene habits across their population. With the Singapore governments strong cybersecurity initiatives, the county was ranked 4th in global security by the United Nations ITU Global Cybersecurity Index 2020.
The way forward for MSPs
The report suggests that ASEAN MSPs can continue to showcase their value and relevance to customers by further developing cybersecurity and data management skills. These include proactively conducting cybersecurity training for employees and customers, investing in cybersecurity partner competencies to showcase an MSPs cybersecurity practice commitment, emphasising communication between clients and ensuring clients know the lines of communication they have access to, auditing remote admin tools to discover potential flaws or weaknesses, and developing end-to-end solutions and services within the customer's region, if not country.