Continuum CEO: End Is Near For MSPs Who Can’t Pass Security

Continuum CEO Michael George told CRN that the MSP world is on the verge of an extinction level event because of their failure to bridge the skills gap that clients will demand when it comes to cybersecurity.

“Security is the catalyst to cause a massive disruptive transformation in this business, and in the next two to three years, it’s going to shake out that 80 percent of the revenue generated from IT managed service is going to be garnered by 20 percent of the providers,” he said. “Over the next two years, more small businesses are going to fire their existing MSP and hire a new one than they have in the last 20 years. And it’s all over security incidents. They’re getting churned from customers today they used to never lose before.”

Of the roughly 40,000 MSPs in the United States, most are small businesses who lack the money and ability to build and staff a security operations center, and keep it running 24 hours a day, seven days a week, George told CRN during Continuum’s Navigate 2018 event in Boston. Yet, as attackers increasingly target small and medium businesses customers will demand just such a service.

“The attack vectors have changed,” he said. “They’re targeting the small business because the small business has spent the last 20 years getting hyper connected, but giving very little consideration to the security aspects of that. If you look at the budgets for security spend it has all been going to the enterprise which has been under attack, but if you look at small businesses they don’t spend money on security.”

Adding into the mix, ransomware and bitcoin payments, that can quickly monetize an attack and George said it’s a recipe for disaster for an unprepared MSP.

“If you’re a small business, you’re not going to go hire a managed service provider and then separately go hire a managed security service provider,” he said. “You’re going to get it from one service provider. So you’re going to see more small businesses fire their existing MSP and hire another one over security incidents in the next two years than you have over the last 20. It is highly predictable with great clarity that is going to happen.”

He said while an MSP may have some security capabilities, most are ill-prepared to preemptively and proactively defend, identify, and remediate malicious attacks on companies, owing in large part to a supply shortage of security professionals.

“Unlike other aspects of IT, cyber criminals don’t go home at 5 at night, and show up at 9 o’clock in the morning. These attacks are persistent, around the clock,” he said. “What’s going to happen is, for companies that have been trying to do it yourself, you know ‘I’m gonna go license some tools. I’m going to go build a team. Put together a network operations center, build my own help desk, and all that stuff.’ They’re choking already because the labor force is unavailable and unaffordable.”

To demonstrate how Continuum handles an attack, the company set up a demonstration area on the show floor. One part was an office where a newly hired HR employee had opened a resume attached to an email. The other part was a SOC, similar to one of the three Continuum said it hosts around the world.

The company walked MSPs through an attack, step by step, from the opening of the email, to the seized files, to the demand message that the company pay in bitcoin to free the hostage files, and then to the happy resolution with Continuum services.

“The ability to see that in the cyber-attack simulator was awesome,” said Tim Weber, security services director with ADNET, an MSP based in Hartford, Conn. “I was blown away by it. Just the capabilities they had. The ability to fully diagnose something. See all of the things something did. The software tools. They really, for lack of a better term, automated the hell of some stuff that would otherwise be a manual processes. When we’re in security, anything we can do to shorten those cycles is phenomenal.”

George said Continuum has SOCs around the world, one in the U.S. and two in India.

“It’s staffed 24/7 by 365 with certified, trained security experts,” he said. “We are empowering our MSPs to not be flat-footed, but to be on their toes and on the front lines of this, and go steal customers from their competitors who are ill equipped. This is going to create a massive separation in the market.”

George said Continuum is not transactional, but reather integrated with their MSP partners, with account managers that help onboard, and go to market, with white label materials to communicate with the customer. He said Sercice Leadership Inc. evaluated Continuum partners and found they are 7-percentage points more profitable than others in the industry. He said expanding Continuum’s capabilities to include security is organic growth.

“Partners depend on us for their NOC and their help desk,” he said. “So a SOC is a natural extension of that. So they’re going to get NOC [Network Operations Center], SOC, and help desk services from us. We’re the only company in the world that does this.”