Sophos MSP Survey Shows Impact of Cyber Skills Shortage

Sophos’ inaugural MSP survey highlights MSPs’ biggest challenges, including coping with the ongoing talent shortage and keeping up with the latest cybersecurity solutions/technologies.

MSPs indicated hiring new cybersecurity analysts to keep up with customer growth and keeping pace with the latest cyber threats were among top challenges.

The MSP survey was commissioned by Sophos and conducted by research house Vanson Bourne in March. Vanson Bourne polled 350 MSPs across the United States, the United Kingdom, Germany and Australia.

Scott Barlow, Sophos’ vice president of global MSP and cloud alliances, said the most surprising aspect of the MSP survey was that both MSPs and their customers are still suffering from a lack of cybersecurity skills, “meaning that outsourcing to security vendors that can handle the extra needed workload is now more critical than ever.”

“Attackers are very aggressive and persistent, so this finding is not something to ignore,” he said.

MSP Survey Highlights Biggest Risks to Customers

MSPs also consider stolen access data and credentials, and unpatched vulnerabilities to be among the biggest security risks to their customers. Sophos’ latest State of Ransomware 2024 report found that nearly one in three ransomware attacks started with compromised credentials, showing the prevalence of this entry vector.

Related:Joe Levy Gets Official Appointment as Sophos CEO

The survey indicates cyberattacks are happening too quickly and can be intricate to handle without the help of a security provider that has specific training and awareness to defeat them, Barlow said.

“We often get asked, 'What’s after ransomware?' And the answer is more ransomware,” he said. “Hackers are not breaking in anymore; they’re logging in. It’s increasingly critical for MSPs to implement multifactor authentication (MFA), rapidly patch vulnerabilities and engage their trusted security provider when something suspicious happens.”

Growing Demand for MDR Services

In response to this complex threat landscape, there is growing demand for managed detection and response (MDR) services to provide always-on coverage, according to Sophos’ MSP survey. Currently, 81% of MSPs offer an MDR service, and 97% of MSPs that don't plan to add it to their portfolio in the coming years.

Reflecting the shortage of in-house cybersecurity skills, 66% of MSPs use a third-party vendor to deliver the MDR service and a further 15% deliver jointly through their own security operations center (SOC) and a third-party vendor.

Topping the list of essential capabilities in a third-party MDR provider is the ability to provide a 24/7 incident response service.

Sophos' Scott Barlow

“One encouraging point is that MSPs have an opportunity to partner with a MDR provider to add 24/7 threat hunting and remediation to their stable of services,” Barlow said. “This is a key security component, and one MSPs should offer to all of their customers. But not all vendors are alike, and MDR and incident response (IR) mean very different things to different vendors. The encouraging sign is many MSPs are already using an MDR provider, but MSPs need to ensure the MDR provider is compatible with their business, meaning do they provide hands-on keyboard response actions? Do they integrate and ingest third-party telemetry from vendors in your stack? And do they provide full IR and breach warranty if a problem arises?”

MSPs Streamlining Partnerships

MSPs are also streamlining their cybersecurity partnerships, working with a small number of vendors. More than one-half of MSPs work with just one or two cybersecurity vendors, increasing to 83% that use between one and five. Reflecting the effort and overhead of running multiple platforms, MSPs estimate they could cut their day-to-day management time by 48% if they could manage all their cybersecurity tools from a single platform.

Other findings from the MSP survey include: