"SMBs are definitely under attack," Datto Inc CEO Tim Weller told SC Media UK. "The media headlines tend to focus on enterprises under attack, but it's much easier to attack an SMB."
Managed service providers (MSP) provide a respite to small and medium businesses (SMB) by monitoring their IT networks and assuming the responsibility for all repairs, updates and patches, he explained. (Editor’s note, the client retains legal responsibility for the security of their data).
SMBs appreciate the benefit of moving their systems to the cloud, and MSPs come in to handle that sort of complexities, he added. This transition has resulted in a spike in the number of MSP businesses.
Since its beginning in 2007, the MSP IT solutions provider has scaled to 17,000 partners, he told the attendees of DattoCon 2019 at Paris last week. MSPs globally manage business worth US$ 100 billion (£78 billion). The total IT spend by SMEs is US$1 trillion (£0.78 trillion) globally, of which US$ 30 billion (£24 billion) is in Europe, Weller told the attendees.
"As a simple proxy, this conference is five times larger than DattoCon London just two years ago. That's a reflection of growth in the channel," he told the attendees.
"The source of this growth is actually complexity. 40 years ago you might have bought everything from one provider in a closed platform: hardware, software, networking (which then meant just wires), maybe from somebody like IBM. Today, you might have dozens or even 100-plus providers, even as a small or medium business. And that complexity is hard to keep up with," he said.
Add regulatory compliance and ransomware -- which does not discriminate between small and large businesses -- and even the savviest customer is overwhelmed with complexity, giving rise to the managed service provider, he added.
However, this exponential growth has put MSPs too under cyber-attack threats, he told SC Media UK. Getting hold of the remote monitoring and management (RMM) software of an MSP with 50 SMB customers automatically gives an attacker the ability to drop malware in all 50, he explained.
"There's a 20 year history of security and convenience being a trade-off," he told SC Media UK. "If you have the security alarm, then you have false alarms. If you have more locks on your door, you have to open more locks to get into your house. So we've started to take the view in recent years that it's going to be a little bit less convenient, but it's going to be worth it," Weller told SC Media UK.
MSPs sometimes resist the inconvenience of security steps, such as multi-factor authentication, which forces Datto to look for alternative measures, he said.
"In our continuity solutions, every time we take an image backup, we do ransomware detection, and we will alert the MSP if we see problems."
However, Datto does not explicitly sell a security service to MSPs yet, as the end users -- the SMBs -- are not quite ready to pay a lot of money, he told SC Media UK.
The MSPs should "ideally charge one monthly fee", he told DattoCon attendees during his keynote speech.
"It seems obvious to me that eventually they'll be paying £20 to £30 a month per user for security. If you cast it in the light of the value of their business, it makes a lot of sense. But right now they have a false sense of security, with their iPads and Dell hardware. When you've covering security for a long time, you know that's not true," he told SC Media UK.
"No perimeter is perfect. If you're an MSP, the first thing you need to do is take good backups and create good continuity solutions."
The biggest challenges for companies like Datto comes when the MSP gets hacked. And there are instances of bad actors presenting MSP credentials and getting their hands on the RMM tool, he noted.
"All the major RMM tools have been attacked. We have not had a major breach but we've had some near misses. And we've been saved because we have very good alerting."