You can’t ignore it – cybercrime’s a multibillion-dollar growth industry and it’s only getting worse.
That’s why one of the hottest tickets at Kaseya Connect this week was the CyberSecurity Panel: Preparing for Tomorrow, Today, sponsored by CyberQP. Panel members included:
- Jim Jessup – Co-Founder & COO, CyberQP
- Chris McKie– VP Product Marketing, Datto
- Mike Puglia – GM, Security, Kaseya
- Steve Lewis – CEO, Dataprise
- Daniel Garcia – Chief Customer Officer, PIA
- Ken Pyle – Partner/Graduate Professor of Cyber Security, CYBIR
The packed session flew by as these experts offered their practical insights into the best ways to approach the challenges we all face given the threats to businesses today. Because criminals are getting increasingly sophisticated:
- A hacker can use AI to sample a voice recording and use that to mimic your CFO’s voice in a call.
- Phishing scams can now produce e-mails and texts that look amazingly real.
- These scams almost always result in wire transfers – which have cost companies hundreds of thousands of dollars.
Chaired by Daniel Garcia, the panel made a number of observations on what MSPs and IT professionals need to do, given these concerns.
Hackers Are Getting Bolder And Cagier
One key point made during the back-and-forth was that hacking used to involve serious expertise and hard science. But now, with the proliferation of easy-to-use hacker toolkits, it’s basically pop science with a far lower barrier to entry and less sophisticated skill sets required to create these attacks.
They’re basically using the same tricks but getting better and better at it. Plus, they’re rapidly embracing the use of AI and taking full advantage of its capabilities. For example, using AI, machines can now crack passwords far faster than ever before.
From the hacker’s perspective, it boils down to a simple balancing act:
Likelihood of Getting Caught + Actual Risk of Punishment
Rate of Success + Expected Payoff
Panelists noted that because most attacks come from countries that essentially turn a blind eye to this sort of thing, it’s a sure bet we’re only going to see these kinds of crimes increasing.
Based on all this, if a customer questions the need for increased training and investment in cyber security, the panelists’ recommendation was to simply respond: “Then figure out what you’re willing to lose.”
The Costs Of Cyber Insurance Will Increase
Insurance company risks have gone through the roof, which is why the panel sees cyber insurance only getting more expensive – possibly by as much as 200% to 500%! As underwriting gets far more dialed in on understanding what’s going on, and risks become more apparent, you’re going to see companies either raising rates or dropping coverage entirely.
One of the best approaches to keeping your rates as low as possible is to identify what underwriters think is important relative to a secure infrastructure and start attacking those things. One example given was that if you have an on-site Exchange server, you’re probably going to get a bad score relative to your underwriting score.
Several of the panelists reinforced the importance of contacting your insurance company IMMEDIATELY if something happens. It’s critical that you do so to protect yourself legally. Plus, a lot of policies state that you have to contact them within 24 hours of an incident occurring or they will cancel your insurance.
Another important consideration brought up was that you must be very clear about WHO has the policies. You as an MSP must have a policy, but your vendors and your customers also must have policies as well. Make sure you know whether your policy coverages are big enough to handle a customer who CAN’T get a policy.
Both the panelists and attendees in the room welcomed Kaseya’s Cyber Insurance Fast Track Program (read the announcement), which immediately qualifies Kaseya partners and customers using their security suite cyber coverage of $1.5 million at below-market rates.
As one panelist noted about the importance of staying on top of this trend: “Remember, the insurance company is looking to NOT pay you. And if they’re paying you, they’re suing someone else to get that money back.”
Keep Focused And Vigilant
Even with the best practices, procedures and protocols in place, you can still get hacked. Everyone said that it’s almost certainly not a matter of if, but of when.
But the good news is that BOOM! doesn’t usually just happen. First they establish a foothold and then they move on from there, which means you typically have a number of opportunities in that attack chain to catch them – in fact, the average attack goes 260 days before it’s detected.
All agreed the key is to stay focused and vigilant. Go big on the prevention side by having as many preventive controls in place as possible. Make sure to educate your customers about the dangers – the more educated they are, the smaller the threat vector. Education is extremely important today.
Panel members also noted that while you should absolutely stay current with evolving threats and technology, make sure in doing so you don’t overlook the fundamentals:
- Have great cyber insurance.
- Plan for how you’d respond when an attack happens.
- Have excellent people and management in place – find people who really love the job.
These are the things you want to make sure you fix if you’re not yet where you need to be.
Yes, the threats are real, but you can prepare and be ready. One panelist summed it up like this:
“Really good detection. Really good logging. Make them work hard.”