Question: Have you locked up your personal credit data yet?
It’s a question that I have been asking industry professionals since the cybersecurity breach at Equifax made global news in September. Recapping, Equifax admitted then that it lost control of the personal information of nearly 150 million consumers. This includes their dates of birth, social security numbers and more. The hack has been called “the mother of all data breaches” by some experts, and the 911 moment of cybersecurity by others.
Since then, I’ve been polling industry experts from vendors to telecom providers to MSPs and more on how they have responded. Personally. Surprisingly, only half of the industry leaders that I have spoken with have moved to lock down their credit profiles. Why only half? The answer is a mix of distraction and incredulity.
You don’t say. This brings me to the latest news: On Wednesday, Oct. 4, former Equifax CEO Richard Smith testified before a Senate subcommittee, following an appearance in front of the house the day before. Like it went on Tuesday, things did not go smoothly on Wednesday. The Wall Street Journal summed up the grilling this way: “Senators Rip Credit-Reporting Model in Wake of Equifax Breach.”
Smith, who has made, on average, roughly $12 million annually over the last dozen years, embodies all that consumers fear and loathe about rich corporate executives. Over the past month, Smith has displayed smugness, cluelessness, incompetence and world-weariness. While he has apologized for his company’s ineptitude, he has also demonstrated colossal brazenness. When asked why his company forced consumers to accept arbitration to resolve disputes—something legal experts and consumer advocates alike loathe—Smith responded, “today arbitration is a part of the law and we’re following the law.”
Call me jaded, but I’m heartened to know that there’s at least one fallen CEO who knows how to toe a company line. Whew!
If you haven’t yet, take a moment and listen to what three industry experts say about the Equifax breach in the latest edition of The Channel Futures Podcast. In this episode, you’ll hear from Octopi Managed Services CTO Ian Trump, ID Agent CEO Kevin Lancaster and Ipswitch thought leader Greg Mooney.
How disappointed at Equifax are these three executives? I think Trump (pictured right) summed it best when he said its response to the breach “makes the folks who handled the BP oil spill look like rock stars.”
Who can argue? Recall that Equifax has done all of the following:
- Positioned itself to profit from its incompetence
- Lobbied to weaken consumer protections
- Ignored cybersecurity best practices, and
- Bungled its response to its own stupidity
To me Equifax epitomizes the worst of Corporate America. It also represents the next great battle of our lives. When you consider the sheer power that global corporations have amassed and wielded with impunity against individuals, you begin to appreciate how close we are to another global rift that threatens to tear us apart. This is the fault line that divides the rich and powerful corporate institutions that many of us have helped to develop, and the ever-more compromised everyday citizen. The divide is growing as the former have learned to exploit digital innovation to a far greater extent than the latter.
Going All In on Business Consulting
For years, industry experts have advised channel partners to move up the value chain and complement their technology services with business consulting. Some channel partners have responded and flourished as a result.
Why? They don’t compete on price; they develop stickier business relationships; and they stand out in their markets. If that’s not your business model, then consider this: CompTIA research reveals that 25 percent of channel companies already “hire new sales reps with experience in specific vertical industries.” One in five, meanwhile, offer incentives to their salespeople to “further engage with business executives.” Finally, more than a third of channel practitioners have redesigned their marketing collateral to include “more of an end-user focus.”
Amid this backdrop, I learned that one well-known MSP, Stuart Selbst of Infratactix, LLC, is taking the concept one step further. This week, he and his wife Loree have launched a new business, “Your Remote COO.” Not a mix of technology and business consulting, Your Remote COO is all about business processes and best practices, says Stuart Selbst.
“I’m basically taking the business process knowledge that I have developed and learned and now applying it to businesses of all size and focus,” he says.
As a Six Sigma expert, Selbst believes that businesses of all kind can benefit from creating and documenting best practices. His focus: business strategy, best practices, marketing and sales. Understanding that no one can be an expert in every discipline, he plans to scale Your Remote COO by partnering with other subject matter experts. This includes GrowthHax, Nextiva, ManageStaff and Sidehill Consulting, among others.
We’ve seen business consultants reinvent themselves as technology experts; it will be interesting to see how a technology consultant pivots to launch a separate business consultancy.
ATA Tries to Simplify Security for MSSPs
Burdened by the sheer number of security alerts you have to sort through each day? You’re hardly alone. As cyber attacks grow in number, so do the number of alerts, warnings and cautions that managed security services providers (MSSPs) deal with on a daily a basis. The problem is that the overwhelming majority of these notifications are non-threatening. This is where Advanced Threat Analytics (ATA) comes in. On Oct. 4, the company unveiled its Alert Classification Platform, which promises to reduce the number of false positives that partners deal with to a more manageable few.
“Rather than alerting on ‘suspicious events’ like security information and event management (SIEM) and other traditional systems do, the Alert Classification Platform leverages the power of network data, customer-specific patterns, white-list data and crowdsourced event-reduction playbooks to gain a deep understanding of normal network traffic and behavior,” the company says.
What piqued my interest was when the company said it could reduce “the alert pool” by as much as 99.9 percent. That made me wonder the following: What is worse, having to deal with hundreds if not thousands of false alerts each day, or possibly missing the one that could take out a customer’s entire infrastructure?
Clever question but not realistic, replied ATA Vice President of Engineering Vasu Nagendra. Overwhelmed with an over-abundance of alerts, MSSPs today are better off winnowing down the number of false threats they have to deal with and instead face the few that actually pose a some risk. In an interview, ATA President Alin Srivastava (pictured left) put his thinking into perspective.
Partners today have to staff up according to the total number of threats before them, not the actual number that threaten their customers, he told me. This costs time, money and energy. The problem is so bad that it actually dictates go-to-market strategy, staffing and business modeling at many channel companies.
Battling ‘Alert Tyranny’ has become the No. 1 challenge fro MSSPs nationwide, Srivastava added.
As former MSSPs themselves, the executives at ATA would know. Now they want to help fellow MSPs and MSSPs overcome this problem so they may run more efficiently and better serve customers. Today, they do business with 20 or so MSSPs around the country. Soon they hope it will be hundreds and beyond.
Editor's note: This story has been updated since it was first published to more accurately reflect Selbst's role at Infratactix. "Infratactix is now our client at Your Remote COO. While I may no longer be a full-time employee of the MSP, I haven't left there; I'm still running the day-to-day (sic)," says Selbst. For more, see below.