MSP CYBERSECURITY MAGAZINE A Special Edition Of MSP Success
Blackpoint Cyber On Augmenting Data Logging With True MDR
How ThreatLocker Is Using ‘Zero Trust’ To Change The Cybersecurity Game
Jon Murchison, CEO – Blackpoint Cyber
As Phishing Evolves, So Does The Need For Prevention Strategies
5 Ways Top MSPs Are Utilizing Malwarebytes
Partner Program To Capitalize On The Growth Of Investment In Managed Security Services
MSPSuccessMagazine.com/cyber2022
MSPSuccessMagazine.com/cyber2022
1
Special Edition Of MSP Success Magazine CONTENTS
The paper used in the production of MSP Success Magazine includes post- consumer waste and is produced using sound environmental practices and operations. Our paper has FSC certification and passes the SFI Chain- of-Custody Standard. Read more at WFPaperCo.com/sustainability.html.
4 How To Prepare For The Security Threats Of Tomorrow 6 How ThreatLocker Is Using ‘Zero Trust’ To Change The Cybersecurity Game 8 8 Ego-Drive Myths That Make Your Customers Vulnerable To Cybercrime 14 Why Your Customers Need To Adopt A HIPAA Mindset 16 Is Reliable IT At The Top Of Your Customers’ Risk Management? It Should Be!
18 How IT Services
28 9 Critical Questions Your Customers Need To Answer To Survive 30 The People, Process, And Technology To Ensure Their Customers Are Protected 32 For Over 30 Years, Jeff Dann Has Had As Phishing Evolves, So Does The Need For Prevention Strategies
Providers Throughout Northern California, Sacramento, And The Bay Area Can Now Receive Greater Cybersecurity And Compliance 22 5 Ways Top MSPs Are Utilizing Malwarebytes Partner Program To Capitalize On The Growth Of Investment In Managed Security Services 24 Making BYOD Safe 26 What’s The Secret To Bringing The Best Value To Your Clients?
10
Augmenting Data Logging With True MDR
MSPSuccessMagazine.com/cyber2022 2
This year’s event promises to be the biggest and best one yet. We’re back in Vegas and looking forward to a fantastic 3 days of learning, networking, and lots of fun, including: • New Certifications in Cybersecurity and MSP Sales & Marketing • Dedicated Tracks in Business Growth and Industry Technology • The return of our M&A Summit Pre-Day event • Over $15,000 in cash & a car giveaway! • Plus, the best party in the Channel! 2022 CELEBRATE 15 YEARS!
JUNE 20 – 23 MGM Grand Resort Las Vegas
GET THIS AMAZING DEAL BEFORE IT'S GONE!
$999 FOR 1 TICKET + TRAINING + 3 NIGHTS AT THE MGM!
WWW.CONNECTIT.COM
MSPSuccessMagazine.com/cyber2022
3
How To Prepare For The Security
Threats Of Tomorrow M ake no mistake about it: Cybercrime is becoming more complex and more frequent, and SMBs are looking outside their organizations for help dealing with evolving threats. This is a gigantic opportunity for MSPs as long as they understand two things: the current state and emerging trends of the cybersecurity landscape and what tools they can use to combat it. To start, let’s take a look at the cybersecurity landscape, and analyze the threats, trends, and opportunities.
victims. This includes the use of detection or antivirus tools or enabling automated patch management to fix potential vulnerabilities as soon as they are discovered. Detection — Despite the MSPs best efforts, ransom - ware can still get through the protection layer. That’s why there should be measures in place to identify when ransom- ware is present, rather than assuming an attack will never be successful. The earlier it is detected, the earlier actions can take place to eliminate it. Response — When ransomware is detected, respond- ing to the attack and eliminating it must be done with the utmost efficiency. MSPs must be prepared to act by taking the following steps: Scan networks for confirmation of an attack unfolding.
Protecting SMBs From Ransomware Attacks
Cybercriminals are increasingly targeting SMBs. In 2021, 43% of all cyberattacks were against small businesses. This is problematic because roughly 60% of SMBs go out of business in six months following an attack. Because so many SMBs don’t have the resources to support an internal IT and data security operation, many look to MSPs to prove the level of protection they need. The most common threat is ransomware, which was reported by 70% of MSPs in Datto’s most recent Global State of the Channel Ransomware Report. So, how do MSPs combat ransomware threats? They have to be proficient in three areas. Prevention — Obviously, succeeding in this phase is what every MSP hopes to do: eliminate the threat of an attack in the first place. Although there is no airtight approach to do this, there are measures MSPs can take to help keep their SMB clients from becoming ransomware
Identify the infected computers and isolate them from the rest of the network. Secure all backup data or backup systems immediately. MSPs that are able to optimize ransomware prevention, while also detecting and quickly
responding to attacks that are successful, can leave a tremendous impact on their clients and the indus- try as a whole. Ransomware attacks were estimated to cost roughly $20 billion in 2021, and the MSPs that are able
MSPSuccessMagazine.com/cyber2022 4
to save their clients from suffering those financial damages can help prevent them from succumbing to closures. MSPs’ efforts in this area will go a long way toward strengthening their reputation as a security service provider and can lever- age that to win more business in 2022. Now that we have a better understanding of the threat of ransomware, what MSPs need to do to combat it, and what they can gain from successfully doing so, let’s take a look at how MSPs can help prevent, detect, and eliminate ransomware. Finding The Right Tools To Combat Ransomware SMBs entrust MSPs with access to critical systems and data. The payoff is that they feel protected because the MSP will be able to act swiftly and effectively when a threat arises. MSPs need to reward that trust by arming themselves with tools that will facilitate quick and decisive action. For example, remote monitoring and management (RMM) tools provide MSPs with access to their clients’ endpoints so they can keep them secure, patched, and operational. Datto RMM does this on an incredible scale in a secure, cloud-based environment. With automated patching, MSPs can leverage Datto RMM to proactively fix any vulnerabilities before they are attacked, helping optimize all ransomware prevention efforts. But, again, the idea is to always be prepared in case ransom- ware attacks are successful. Datto RMM also takes the next step on ransomware defense by including native ransomware detection, which monitors for crypto-ransomware and attempts to kill the virus to help reduce the impact of an attack. Users get alerts at the first detection of crypto-ransomware and automat - ically isolate impacted devices. The ability to detect ransomware immediately enables the MSP to execute an action plan sooner rather than later. As ransomware infects systems it can cause extensive damage, which as we have established, may prove too costly for many SMBs to overcome. Ransomware detection is a surefire way to maintain damage control, keep clients operating, and continue revenue streams for MSPs. Of course, no ransomware response plan is complete without systems in place to protect the most vital com- pany resource — its data. Backing up data regularly
Leveraging Security Services To Grow Your Business In Datto’s Global State of the MSP Report, MSPs shared what challenges they will be focused on in the new year. Unsurpris- ingly, most focused on security on some level, whether that be securing endpoints, protecting data, or understanding just how to be better against the threat of ransomware. They also told us that they are focused on sales and marketing, particularly as it relates to tools that will help them hit their growth goals in 2022. As we have previously mentioned, all SMBs share a growing concern over security, and it is a business opportunity for MSPs. Those who understand the state of the security land- scape and are able to quickly adapt as that landscape changes will end up winning in the end. But to be effective in doing that, MSPs must arm themselves with the tools that allow them to be agile so they can continuously meet their clients’ ever-changing needs. Security threats will never go away — they can only be kept at bay. With the right partner, MSPs can do this effectively, protect their clients, and discover new levels of success. Visit Datto.com to learn more. n
can mitigate the risk of downtime when a ransomware attack is successful, but the
system must be secure and reliable. Datto SIRIS is designed to protect physical, virtual, and cloud infra- structures and data. With Datto
SIRIS, data is well protected and easily accessible so it can be recovered rapidly when needed. SIRIS also detects ransomware within backups, saving time when locating the last clean system restore point.
MSPSuccessMagazine.com/cyber2022
5
How ThreatLo ‘Zero T To Change The Cyb
Certainly, the maturity of zero trust is a lot further along than it was just two or three years ago, but cyberthreats are also a lot more frequent and aggressive today. “Back then, MSPs took a stance of allowing by default instead of denying by default.
MSPs today are losing the battle. The size of the endpoint security market is about $9 billion a year. In 2021, cybercrime and ransomware cost the world $6 trillion . In essence, it’s like cybercrime is the GDP of Japan and all measures of cybersecurity combined is the GDP of Somalia or Burundi. When you have an entire industry that is outmatched while ransomware attacks are up 800% and cybercriminals continue utilizing cryptocurrency that’s virtually undetectable, how do you flip the script and take back control of cybersecurity? According to Danny Jenkins, CEO and co-founder of Threat - Locker, it starts with “zero trust,” a network security model based on a strict identity verification process. Danny says, “In simple terms, zero trust means least privilege. Don’t give access where access isn’t required. Zero trust applies to different levels. At the application and file levels, you are only giving access to those who need access. At the network level, you’re thinking about what ports are open.” Dispelling The Myths Of Zero Trust MSPs and end-users who are hesitant to adopt a zero-trust model of cybersecurity often have a false perception of what it entails. They may think that the C-level executive who has always accessed an application will now be shut out entirely. That’s not the case. If someone in the organization routinely accesses an application or file, it makes perfect sense for them to still be able to access it. “When you roll out a cybersecurity solution like ThreatLocker, it learns what’s in your environment. It will learn which applica- tions and files are accessed and by whom. Then the MSP can either allow or deny access based on the findings,” Danny says. Some also believe that the zero-trust philosophy is brand-new and a far more aggressive approach to cybersecurity. That’s not entirely true. Danny says, “Zero trust is simply a framework. A target. Every - one already has some level of zero trust in their business. Do they have administration permissions? Do they have a firewall that blocks inbound traffic? Those are levels of zero trust.”
They focused on only blocking the bad stuff. Then, once a year, they would do a full restore for ransomware. That’s now changed. A good portion of MSPs have now implemented zero trust. In fact, ThreatLocker has thousands of partners who have implemented zero trust for all of their customers where it’s needed most — at the application and endpoint levels.” Zero Trust vs. Castle And Moat Security While a zero-trust approach is about denying access to those who don’t need access, the castle and moat approach toward security is far more lenient. It assumes all applications and files inside the network (the castle) are safe while everything outside the firewall (the moat) is not safe. Both are fallacies. Danny says, “Castle and moat security is focused on keeping out external factors. Well, that’s essentially the whole world. So, when anyone on your team downloads an email, a program, or a game, you’re talking about the whole world.” He continued, “Also, think back to the Dark Ages when there were real castles and moats. Well, the knights didn’t leave their castle without full armor. Today, people are inside the perim- eter, go outside their network to work from home or at Star- bucks, then come back in. That’s where incredible risk occurs.” The Game Has Changed Think about where we were just 10 years ago. Cybersecurity was more focused on curbing spam, ridding your computer of adware, and avoiding nuisance viruses that sent risqué pictures. That was the definition of bad back then. Today, a cyberattack could cripple a business and cost their life’s savings.
MSPSuccessMagazine.com/cyber2022 6
ocker Is Using Trust’ bersecurity Game
The Future Of Cybercrime And Our Response Does the cybercrime industry show any signs of slowing down? Not according to Danny.
Because the threat of cyberattacks have changed, cybersecurity has to change to keep up with those threats. Much of cyber-
“We’re going to see a lot more cybercrime, and it will continue to get more sophisticated. All these hackers do every single day is search for every vulnerability imaginable. So, we’re going to see more vulnerabilities and more attacks at the entry points. It’s going to lead to more ransomware, more costs, and more businesses being hurt. That’s why our team at ThreatLocker invests so much time in our cybersecurity solu- tions. To keep MSPs and their clients safe.” Ground Zero For Zero Trust Is In Orlando! Want to learn more about how to adopt a zero-trust framework
security today revolves around monitoring and detection. With that approach, you are
essentially deciphering between the good and the bad. The goal obviously is to get alerts or even shut down all possible threats. Danny says, “I try to avoid the word detection. ThreatLocker isn’t really about detection. It’s more blocking what is not allowed. Rather than trying to determine if it’s good or bad, it doesn’t matter. None of it is allowed in. We’re less about alerts and more about what’s required in your environment, then blocking everything else.” The Real Question: Does Zero Trust Work? While you can certainly question if adopting a zero-trust environment is the right approach to cybersecurity, it’s hard to question the results. “Cybercriminals prefer to attack on weekends, especial- ly holiday weekends. On the Fourth of July weekend, we had 46 MSPs get an attempted hit to all of their devices. Ransomware was attempted to be pushed out to their clients. Thanks to ThreatLocker, all but one of those 46 MSPs had everything blocked. The only reason the one attack went through was because that MSP was still in a learning mode. One week later, and they would have been fine,” Danny says. As for where the trend of zero-trust security is headed ... • This year, 80% of new digital business applications opened up to ecosystem part- ners will be accessed through zero-trust network access. • By 2023, 60% of enterprises will phase out most of their remote access VPNs in favor of zero-trust network access.
for your MSP and clients? You’ll find it all in Orlando, Florida, Feb. 21–23 at Zero Trust World ’22. That’s where some of the brightest cybersecurity professionals, MSPs, and special guests come together. Danny says, “We’re really
Danny Jenkins, Founder & CEO, ThreatLocker
excited about this event. It centers around security and how zero trust
fits in. We will have hands-on exercises, live hacking demon - strations, and even business insights into becoming a more successful MSP.” The Zero Trust World ‘22 keynote speaker is U.S. Olympian bobsledder Johnny Quinn. In addition, presenters include John Sileo, CEO of The Sileo Group; Timothy Rohrbaugh, CISO of JetBlue Airways; and a few standout MSP owners, including Bruce McCully, Neal Juern, Brandis Kelly, and more. Register now at ZeroTrustWorld.threatlocker.com . n
MSPSuccessMagazine.com/cyber2022
7
Humble Leadership Is A Powerful Weapon The moment an executive or business owner decides to hire an MSP, they declare a commitment to the organization and employees to protect networks and data from cybercriminals. What they need to understand is this is not a responsibility hand-off but, instead, the beginning of their involvement. Winning the battle against cybercrime requires all hands on deck. Hackers are oblivious to job titles and prey on fragile egos, and while this is a touchy topic to broach with clients, MSPs are negligent if we omit any potential roadblocks to safety. An awkward conversation with leadership early on beats explaining later that had they followed the rules expected of everyone else, they could have prevented a devastating hack. We advocate to involve everyone in the organization in the training process from the start — and to smash the hierarchy. 8 Ego-Driven Myths That Make SMBs Vulnerable To Cybercrime As MSPs, we are all technology experts, but we cannot forget that computers and software are only as effective as their human operators. It may not strike the nerdy skills that drew you to this work, but attention to behavior management will keep your business sustainable. Here are eight common falsehoods we have seen SMB leaders espouse that can pose cybersecurity risks. We also suggest ways your MSP can respond to promote the kind of humble leadership that can make or break the company’s security. Our Revenue Is Too Small To Appeal To Hackers, So We Don’t Need Any Security Measures. You’ll encounter this person when scrambling to salvage their company after getting hit. It makes no difference to cybercriminals if a company reports $4 billion or $40,000 in annual revenue. Both a sandwich shop that only sells pastrami on rye and a big-box department store hold personal identifiable information (PII) on the network. PII is a hacker’s capital. Think of apple picking. If you go to an orchard, do you climb to the top of the tree? Not if your goal is to fill the basket quick - ly. You grab the low-hanging fruit. Cybercriminals do the same thing. They have the ability to climb the tree — as evidenced by the Colonial Pipeline and Bank of America takedowns — but more often, they’ll pick easier targets. When a huge corporation gets hacked, they can finance the recovery. Joe’s Car Wash, with its 15 employees, can’t afford it. If the cost doesn’t take them down, the bad publicity alone will drive clients to competitors. 1
Konrad Martin, CEO Of Tech Advisors
8 Ego-Drive Myths That Make Your Customers Vulnerable To Cybercrime
MSPSuccessMagazine.com/cyber2022 8
We Created A Written Information Security Plan (Wisp) A Couple Years Ago. We’re Fine.
ment to defense will never reach theirs to harming you. Don’t underestimate them. Seriously, we’re good. We don’t need simulated phishing. I assure you, there’s no question you need simulated phish- ing! Tech Advisors does it here, too. My Reputation Will Be At Stake If I Tell Anyone I’ve Clicked On A Bad Link. 6 If you click on something that doesn’t seem legit, the worst thing you can do is keep it to yourself. If your company gets hacked, tell your MSP — ASAP! Some of the worst zipped-lip offenders are managing partners. Help them understand that an ego can be the flame that burns down the company. Make sure your clients feel comfortable calling you and appreciate the urgency. Once they learn how to recognize suspicious emails, they should get in the habit of letting you know when they receive one. Cost should not be a deterrent, since this time is likely already included in most MSP packages. I Wouldn’t Dare Question The Person In Charge. If employees fear speaking up to bosses more than making a huge bank transfer outside of normal protocol, there’s a bigger cultural problem to address. Encourage your clients to be approachable and regularly communicate with their team. Building relationships can break barriers to safety. An employ - ee should never feel embarrassed to contact their supervisor. 7
2
If that WISP is not current, it’s not in compliance. It needs to outline up-to-date protocols for employees to ensure they keep PII away from thieves. Leadership should understand what the WISP entails and why it affects cyber-insurance qualifications. Then, continually educate everyone about their role in protecting the company. (Yes, CEOs, that includes you.) And for those organizations that review the WISP whenever the mood strikes? Guess what. Cybercriminals don’t just punch in every couple years. They work every single day, courting you until you click on a nefarious link in an email — which is how 87% of hacks occur. While you sit back, thinking you’re fine, they’re developing more sophisticated ways to access your system, building a fast-growing cybercrime industry. I’m Too Smart To Click On Something Like That. Only Fools Fall For Phishing Scams. Intelligence is irrelevant. It’s about awareness and attention at a given moment. If a leader feels superior to their staff and arrogantly skips simulated phishing training, they can miss key lessons and be more susceptible to falling for the scam. This can also happen to anyone who feels stressed out or preoccupied; those people don’t look closely at details in an email. Remember, hackers are pros at tricking people, and some of the brightest people have gotten hit. And in this ever-changing industry, even information technology professionals like MSPs can’t possibly know everything about cybersecurity. The bottom line is that all employees need regular training. If a higher-up’s ego needs coddling, remind them they have a powerful respon- sibility to protect others, and employees are counting on them. People Who Click On Phish Bait Should Feel Ashamed. This might be the most harmful lie of all. As mentioned above, anyone can click on a bad link. Model humble leadership; show clients how to cultivate a safe environment where shame and blame are not tolerated — and be the first to admit culpability. Never ask, “Who clicked on it?” It doesn’t matter. Someone was fooled. It might have even been you. Education tools like simulated phishing demonstrate what a mistake might look like. Note that managing partners tend to sit out of these trainings, but 90% of the time, the hacker targets the manager. Simulations allow people to learn how to identify when an email doesn’t look right, and spotting the signs is most effective with practice. Keep in mind these programs are like catch-and-release fish - ing. If you get caught with real phishing, you’re not going to live. We’re An IT Company, So We Can Handle This On Our Own, Thanks. Nope. If you work in cybersecurity, you can still get hit. We’re an IT company, and it has happened to us. You are not shrewder than the cybercriminals. Your commit- 5 4 3
I Don’t Need To Worry About Employee Social Media Habits.
8
Unless you’ve slept through the entire pandemic thus far, you’ll know this is not true. The surge of people working outside of the office’s protective firewall has caused cybercrime to go through the roof since early 2020. The blurring of work and personal activities online has made it more evident that people share too much information on social media. Cybercriminals scoop up per- sonal data, which become clues to crack passwords. When accessing the company’s network from home, every action can affect the organization. Remind clients that the networks they originally configured to accommodate a handful of employees occasionally working from home (WFH) were not designed for use by everyone all the time. This capacity overload makes WFH security even more precarious. You’ll hear all kinds of excuses from companies that resist putting proper security systems and programs in place. We at Tech Advisors cannot emphasize enough the importance of showing up for yourselves and your staff with transparency and humility. Hold yourself accountable, support your own growth, and encourage clients to take on a team-oriented mindset in the fight against a hacker’s tricks. Cybercriminals know that the easiest way into any organiza- tion, no matter how secure, is through its employees — human beings who can be tricked and manipulated. Lead by example,
commit to continued learning, and stay suspicious! For more information on Tech Advisors, visit Tech-adv.com. n
MSPSuccessMagazine.com/cyber2022 9
Augmenting Data Logging With True MDR
MSPSuccessMagazine.com/cyber2022 10
Advanced Attacks On The Rise When the pandemic made its impact around the globe early 2020, it simultaneously ushered in an exponential surge in cybersecurity attacks. In the scramble to mass-migrate busi- nesses to virtual work environments, many did not have the time or resources to implement strong cybersecurity policies and processes. This climate has allowed cyberattacks to boom in nearly all industry verticals, impacting critical infrastructure, utilities, transport, food supplies, health care, education, and the U.S. economy at federal, state, and municipal levels. Advanced cyberattacks are now considered a risk to nation - al security following the sweeping uptick in cyberattacks. Once targeting small companies or individuals, threat actors are now making headlines by growing their attack radius to include major infrastructure companies and even leading security firms. What’s more is that threat actors are quickly evolving their tactics and targets when it comes to deploying their assaults. Increased Focus On Data Logging To combat these cyberattacks, more and more MSPs are turn- ing to security logs to understand developing security incidents, achieve compliance, conduct post-incident investigation, and ensure the day-to-day health of their IT environment. Regular security logging is often instrumental when it comes to knowing the ins and outs of your network security and operations. What Are Security Logs Used For? Security logging is a process that collects a full record of events occurring within an MSP’s networks and systems. Security logs contain log entries — data related to each of those specific events. The log entries are then regularly audited and used for the following: Identifying indications of unauthorized activities attempted or performed on a system, application, or device Satisfying security compliance framework requirements Establishing normal operational baselines and trends and building organizational standards, policies, and/or controls Providing evidence during investigations, audits, and forensic analysis
(log management systems). No doubt, these types of tools can aggregate incredible amounts of data from multiple sources in an infrastructure to provide visibility. However, with so many MSP products available on the market, which ones truly enhance your security stack? Traditional logging tools collect raw data in a centralized platform and apply behavioral logic to trigger notifications on incidents or security events. In a combination of data collection, rules, notifications, and data consolidation and correlation, they work to provide real-time visibility across an organization through event log management. After consolidating the data across all sources of network security information, they then correlate the events gathered based on pre-established rules and profiles, and finally notify on security events. While these tools are designed to dig through copious amounts of logs and identify anomalous behavior or opportu- nities vulnerable to threat actors, they are slow to derive imme- diate context, especially in the event of a security breach where response times are critical. When building a trusted end-to-end security offering, it is vital to understand how logging tools work, their benefits, and their limitations so you can make an informed decision on how to better secure your IT environment. Cannot Provide Real-Time Response During a security event, cutting down on response times is crucial to safeguarding sensitive data. To do so, MSPs need a proactive and agile approach to real-time response. While many logging platforms are good for defending against known threats within fixed parameters, their rule-based approach may not translate well to advanced threat response. Since they are built to alert on potential threats after locating evidence within aggregated data logs, their reactive models can lack the context needed to provide actionable data right away. If you are unable to pinpoint anomalies in real time, you will not be able to make timely decisions on how to tackle critical events. Real-time logging is a start to collecting valuable information and ensur-
ing visibility across an IT environment, but the true value is in real-time data interpretation allowing for immediate action.
Challenges Of Implementing Security Log Management Often, MSPs looking to bolster their logging capabilities turn to tools such as SIEMs (security information and event management) and LMSs
MSPSuccessMagazine.com/cyber2022
11
Requires Expert Configuration And Manual Upkeep Logging tools need to be configured specifically to meet an MSP’s business needs and its unique threat landscape. Many logging tools require management from a dedicated team to parse logs and reports, update rules, respond to alerts, and keep the software updated. Much of this work is manual, which can be a significant hit to efficiency levels. And consider this: The configuration will need to be reviewed often to ensure that the platform augments data analysis rather than hindering it. If it is not regularly calibrated to monitor evolving types of networks, it cannot keep up with logging dynamically changing data. Managing Data Collection, Analysis, And Search The effectiveness of logging tools is based on both the quality and amount of data that it logs. It is easy to overload your sys- tems with huge volumes of data sources, creating noise and alert fatigue. If a team is busy responding to an unfiltered stream of alerts, they may miss the ones that are critical in identifying bad actors. The team would also need to performmanual parsing, filtering, and consistent reevaluation for validity. Furthermore, many logging tools operate under the use case scenarios that you implement. There is simply no way to categorize incoming data into a simple binary of “malicious” or “safe.” In the long term, the key takeaway is to understand that traditional logging platforms and tools are designed to log thousands of events daily. As you store these ongoing logs, it can be overwhelming to keep data organized enough to ensure efficient search capability. The more information that you must interpret, the more inefficient it is to derive real meaning from the data. How To Enhance Logging With MDR Combining both data logging and advanced tradecraft detection technologies means that you can monitor your
account activity and behavior in real time — a critical factor in staying ahead of threat actors. A 24/7 active threat hunting and response service provided by experienced analysts can detect reconnaissance activities at their earliest stages. With logging, monitoring, detection, and response executed in tandem, managed detection response (MDR) analysts have unparalleled visibility into hacker tradecraft, lateral spread, and remote privileged activity. While traditional logging tools such as SIEMs and LMSs are not effective for real-time threat detection and response, they are an excellent means of discovering raw data and meeting compliance expectations. Their strength lies in housing the substantial amounts of data needed to aid in investigative efforts and audits. Also, they are valuable in helping organiza - tions build monitoring controls and improving threat profiles based on logged evidence of suspicious behavior. To create a more robust security solution and ensure full threat visibility, place the power of log aggregation with an MDR platform. MDRs are designed to provide real-time response across your IT environment, proactively threat hunt for evidence of advanced malware, and identify key indicators of compro- mise. Experienced analysts can sift through complex security logs, collecting the threat intelligence needed to actively search networks, then detect and detain threats that evade antivirus or anti-malware solutions. Implementing an MDR solution allows the data to be quickly parsed for patterns and correlations that may not have otherwise been recognized. In the hands of an experienced MDR team, real-time compre- hension, threat hunting, and response can enhance the value of security logs and telemetry collected from your network processes, devices, and systems. Maximize the power of log collection by pairing it with active threat hunting and immediate response provided by an MDR. MDR analysts can leverage the raw data logs to help MSPs stay ahead of cyberthreats. Rather than overwhelm your teams and systems with complex data logging platforms, extensive data logs, and alerts, an MDR team would be able to pinpoint indicators of threat in the data quickly so you can fight back threats within minutes and hours, not days and weeks.
About Blackpoint Cyber Eliminate cyberthreats before they
take root in your network. Visit BlackpointCyber.com to learn more. n
MSPSuccessMagazine.com/cyber2022 12
Cyberattackers have you in their sights. What’s your next move?
protect what’s most important to them. Our mission?
and Response services to organizations around the world.
24/7 INCIDENT MONITORING & RESPONSE
PATENTED REAL-TIME THREAT DETECTION
RAPID AGENT DEPLOYMENT
Rely on Blackpoint for effective, high-performance, and robust cybersecurity that protects against
SEE BLACKPOINT MDR IN ACTION https: //blackpointcyber .com/ lp/mdr_demo/
MSPSuccessMagazine.com/cyber2022
13
Why Your Customers Need To Adopt A HIPAA Mindset
Paul Tracey’s Mission To Make HIPAA The Standard Across ALL Industries
E very morning, when Paul Tracey, founder and CEO of Innovative Technologies, wakes up, he’s greeted with a new list of cybersecurity threats.
The framework Tracey uses to protect client data is based on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. “While HIPAA was designed to protect the privacy of patient records, it is actually an excellent framework for any organization’s security plan,” Tracey explains. “It not only addresses technical measures needed
The morning we spoke, one of Tracey’s clients had an employee who downloaded a document at their home, uploaded it to their Google Drive, then downloaded it again when they got
to control the physical environment, but also emphasizes the administrative processes necessary to secure data.” Tracey’s idea to use HIPAA as a standard for all clients is even more relevant now that states have passed laws that mirror many of the core principles of HIPAA. But even if your state hasn’t passed laws yet, Tracey urges compliance, saying companies can’t afford to wait. “It is crucial for organizations to implement tight safety protocols long before they are legally required to do so,” Tracey says. “We’re finding serious issues such as malwares that hijack your browser and do things in the background without being found. By the time a company calls for help, often their
to work. Loaded with malware, the document put the client’s company in danger. Fortunately, because of the procedures Tracey has in place, his team discovered the document immediately and ended that threat within 35 seconds from when it started. But for many companies that don’t have a cybersecurity plan in place, this wouldn’t have ended so well. Tracey realized early in his IT
career that companies were grossly undereducated and unprepared for cyberthreats. Therefore, for over a decade, Tracey has been on a mission to educate SMB owners whose livelihoods are at risk by what they don’t know about IT and cybersecurity threats. The author of “Delete The Hackers Playbook” and co-author of “Cyberstorm” (due to be released in 2022), he started his own company after witnessing a large hospital pay hefty fines when their lax security caused a major breach. Realizing that “cybersecurity inequity is highly problematic,” Tracey dedicated himself to fighting cybercrime for the business owners who are the most vulnerable. Today, he helps businesses establish a company culture that supports safe, secure, and efficient IT.
entire office is already filled with malware. You can’t afford to wait the 3–5 years it takes from proposal to enforcement — always follow stricter safety policies than the law dictates.” WHY HIPAA STANDARDS MATTER Every single day, 2,300 small businesses are breached. According to the FBI, 95% of all successful attacks during 2020 came through email phishing scams or links. Tracey believes that if more companies followed the HIPAA standards, this number would be greatly reduced. “Small companies end up going out of business and quietly just disappear,” he says.
MSPSuccessMagazine.com/cyber2022 14
computer and data as the ‘agency’s computer or data.’ Once we change employees to think in a possessive manner regarding the technology, they are more careful with it.” 4. Outsource An IT Firm: “Organizations simply do not have enough hours per year to do HIPAA training and implementation correctly,” Tracey says. “We realized we could provide a package that freed up clients’ time. Companies only need to allocate 15–20 hours per year to HIPAA compliance. We do the rest.” 5. Educate Companies On The Benefits Of Compliance And The Consequences Of Noncompliance: Providers often don’t realize that the fines for violations may be less severe if they have taken proper measures to comply. “If a provider has properly trained an employee and received the policy attestation for the issue in question, the fine and/or associated legal actions can be greatly mitigated,” Tracey explains. “However, if the violation is deemed negligent because training and policy were not in place, the fines can be 10 times higher. But a breach doesn’t have to qualify as a HIPAA violation to be catastrophic. It may result in data loss, costly downtime, and further ramifications if the data gets sold, which can happen even when the ransom is paid.” 6. Implement Rules And Procedures Following The HIPAA Standard: Most companies don’t know what data they hold or where it’s located in their systems. They also have misconceptions about which data is protected. “Regularly, companies, especially smaller businesses, do not have procedures in place for even simple things such as what to do when you download a file and copy it or move it,” Tracey says. “A client may tell us they store all their medical data in an electronic health records (EHR) program, then invite us to perform an audit. It’s not unusual to find 6–8 months’ worth of information that never got deleted or $2 million worth of medical information saved in download folders and other unencrypted locations — all outside the EHR.” “While HIPAA was designed to protect the privacy of patient records, it is actually an excellent framework for any organization’s security plan.” With so many companies unaware of how much time it takes to make sure a company is safe and how overworked most internal IT departments are, there needs to be more conversations around the risks and what companies can do to protect themselves. “The conversation about cybersecurity inside of organizations is long overdue,” Tracey says. “While there’s a long list of things to be afraid of, fortunately, there are reasonable solutions for all those bad, scary things. HIPAA is truly the gold standard and should be applied across all industries. An effective entry point is education. And an understanding of what threats you’re dealing with at this moment in time will help you make a plan to deal with those in order of the highest priority. Regardless, immediately start getting employees cybersecurity training, even if it’s minimal. Mandate and verify they do it. It’s time to take cybersecurity seriously because there’s no time to drag your feet.” For more information on Innovative Technologies, please visit UpstateTechSupport.com. n
Paul Tracey, Founder And CEO Of Innovative Technologies
“The larger companies are still susceptible, but they don’t get hit as often because they are investing in educating their employees. Small businesses aren’t having that conversation, and that’s a real problem. Hackers are having success with small businesses because of the lack of security tools and security training these businesses have.” The new work-from-home environment has only made the situation worse. “If security measures were loosely followed before the pandemic, consider how problematic it became as masses of people were deployed to work from home using computers that aren’t set up with proper security, firewalls, or other protocols,” Tracey says. “Sadly, we’ve already seen a substantial uptick identified in digital threats targeting platforms that remote workers use. HIPAA standards could have prevented that.” HOW TO GET A COMPANY TO ADOPT A SECURITY MINDSET Tracey recommends the following actions to help transform a company’s security: 1. Execute Training: “The workforce is significantly undereducated about technology,” Tracey says. “And keeping up with the number of new threats popping up every day is tremendously difficult. That’s why we focus on employee education. It must be met with the same kind of commitment and persistence as doing the security work.” 2. Gamify Security: “We gamify the security practice,” Tracey says. “We send videos with security tips and phish and spear-phish all users by sending out a phishing email from us. If a user clicks on that link, it immediately sends them to training. We’ve found this on-the-spot training to be extremely effective at changing the behavior.” 3. Change The Culture: “The culture can completely change and be unrecognizable when you shift the employee computer behaviors and mindset,” Tracey says. “Frequently, I notice how people refer to their company
MSPSuccessMagazine.com/cyber2022
15
F our times a year on average, business executives, including but not limited to CFOs, CEOs, and department heads, sit down around a rectangular table facing a whiteboard or projector screen. At the top of the whiteboard, written in red marker, it reads “Key Business Risks.” They have a detailed report in front of them with worst-case-scenario line items like compliance failure, building risks like fire, and human risks like injury, then somewhere down on that list is “cybersecurity.” On that item, the conversation is brief. It’s not the executive’s problem; after all, that’s why they have an IT team. “Let’s make sure data is protected and our systems are secure,” they say, and everyone at the table agrees. They assign their IT tech to the task and check the box. Done and dusted, right? Not quite. WELCOME TO THE DIGITAL REVOLUTION Before the digital age, it was routine for businesses to leave tech conversations within the IT department — outside of larger dialogues around operations. IT was tucked away in a back office, taking care of abstruse coding and software installations, and the business plugged along.
Today, we’re in the mid-digital age, the dual- sided coin of digital transformation where, on the one side, nearly every business uses some level of technology, like apps, scanners, or mobile devices, to connect processes and execute business strategy across the entire enterprise. The other side of the coin is more problematic: Though businesses use digital tools prolifically, they don’t fully grasp the risk that ineffective technology practices pose to their business. Keeping discussions about technology isolated in the IT department is the root of the problem. What happens when their business tech suddenly stops working? Is confidential information or customer loyalty at stake? What separates a business that thrives from a business that flounders — or
Gary Tonniges Jr., CPA & CEO Of TriQuest Technologies
Is Reliable IT At The Top Of Your Customers’ Risk Management? It Should Be! In the past, cybersecurity and tech have stayed in the IT department. Today, CFOs must lead the conversation about cybersecurity business risks or jeopardize the business altogether.
closes entirely — is whether they are having conversations at the executive level about how reliable IT impacts business strategy and business risk.
It’s a conversation that CFOs need to initiate. If they don’t, they leave vulnerabilities on the table ripe for exploitation. Money isn’t the only thing it will cost them. Odds are it will cost them the entire business. Data from the National Cybersecurity Alliance reports that 60% of SMBs that suffer a cyberattack go out of business within six months. 1 TECHNOLOGY-ENABLED PROCESSES What gets businesses thinking in the right way is to see the big picture and lay out their most essential processes: the steps, tools, and people they use to get their product or service from the factory floor to their customers. How many of these processes require technology to complete? Imagine what would happen if, during those processes, technology stopped working. Here’s an example: A
1 www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html
MSPSuccessMagazine.com/cyber2022 16
Processes are unique, but what’s consistent is the fact that while technology can’t create strategy, it can help implement it, and that’s why tech decisions must move into the boardroom to be evaluated alongside other key business risks. Tech is the how , but
manufacturer ships products across the nation. To get products to customers, employees use computers and scanners that document and track packages as they are loaded on a truck. Then tracking software gets hit with ransomware, and the company is locked out. Business productivity decreases, employees are less efficient or can’t work at all, and valuable customer loyalty is lost because their package never shows up. All that comes down to losing dollars — a lot of them. Similar scenarios can be applied to all businesses. The processes businesses use to accomplish tasks and meet goals are what I call “technology-enabled processes.” Historically, we didn’t have to worry about them because they didn’t exist. In the mid-digital age, nearly every process, start to finish, involves some level of technology. The architect draws their plans for a wall on AutoCAD and sends it to the contractor. The general contractor receives it on an iPad, and they send it to the foreman in the field. The foreman has a wireless setup on-site, and they use the iPad to show the drywall contractor how to do the work. If the iPad stops working or can’t open the AutoCAD file, work halts until the tech is back up and running. This costs time, and we all know that time costs money.
business strategy is the why . ‘IF ONLY WE KNEW’
Oftentimes at TriQuest Technologies, we get new customers who come to us after an attack and say, “If I had understood how important cybersecurity was, of course, I would have spent more money to protect the business.” So, what we try to do is underline the connection between IT solutions and what is likely to happen in a business — i.e., business risk — because that’s effective cybersecurity. When executive teams discuss key business risks, they think about what’s most likely to happen, what the cost or damage will be if it does, and how to go about reducing the likelihood of that occurring. Cybersecurity issues are very likely to happen; that’s the reality. It’s most likely that through an email system, someone is going to compromise employee credentials and use them to implant viruses or impersonate employees and reroute customer payments to themselves, for example. The ultimate expression of what a business values is where they spend their money. If they thought of cybersecurity like protecting against a fire hazard — where purchasing software that blocks malicious emails is like buying an automatic fire-suppression system — they’d be putting value in the right place: protecting against the right risks with reliable solutions. As businesses strategize around how to reduce risk, funding effective cybersecurity practices must be a priority. HOW TO ALIGN BUSINESS EXPECTATIONS AND REALITY At TriQuest, we help business leaders understand the status of their technology processes by interviewing every department head. We ask what’s going well, what can be improved, and how technology impacts their short-term and long-term goals. We ask leadership the following question: If technology stopped, what’s the most damaging thing that would happen to your department? Expectations and reality must match. Then we create a glide path — a three-year budget that includes a business’s most critical data or processes and a pulse of IT performance. At the end of every year, we reevaluate and create an adjusted three-year plan, and so on. This way, we’re accounting for new growth, updated processes, and renewed goals. With a reliable IT plan in place, businesses benefit from interdepartmental cooperation, consistent decision-making, and standardized processes. It’s a digital revolution. Data abounds, everything is connected, and files live in the cloud. Businesses that consider effective cybersecurity practices along with other key business risks can lessen the impact on profit, downtime, and efficiency as well as negative effects on employees and customers. Businesses that have unreliable IT are held back when they try to push the gas pedal. Next quarter, have a conversation with your clients. Help them reduce the risk to their business and customers by demanding reliable IT and keeping up in the digital age. For more information on TriQuest Technologies, please visit TriQuestTech.com. n
Businesses must understand that for them to make a profit, protect employees, satisfy customers — and consequently grow — they need reliable IT. They need processes that work every time, updated software, backup plans, and regular assessments. Efficient IT processes must be a priority at the executive round table. IT IS THE HOW , BUSINESSES ARE THE WHY The tendency is to think that IT is recondite — CFOs don’t think through IT strategy because they “have people for that.” We need
to shift that mindset. Here’s a distinction that helps business executives understand: IT teams are the how ; the whole picture of the business, from customer needs to employee safety, is the why . This gets problematic because tech teams assume that CFOs understand how much they rely on IT. CFOs assume IT people will come to them and say, “If you don’t replace this tech next year, you’ll have a big problem.” However, IT teams aren’t always privy to the innards of business processes outside their department. Because of this misunderstanding about where IT should live, there’s a malinvestment of resources to cybersecurity, putting businesses at much greater risk. What reliable, responsive IT means to each business is as unique as a thumbprint. The general contractor needs wireless mobile devices that work in the field every time. A theater needs scanners that never miss a ticket barcode and get guests through the door and seated for a show in minutes. A manufacturer needs scanners and label printers to send packages out on time.
MSPSuccessMagazine.com/cyber2022 17
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36Made with FlippingBook Ebook Creator