COMPTIA CHANNELCON — The impact of COVID-19 on managed service providers, and IT in general, is unmistakable. There’s even some PTSD within the community, said Ian Thornton-Trump, CISO of Cyjax, on Tuesday at CompTIA ChannelCon, held virtually this year. Everyone, he said, is struggling to handle “predatory behavior from cybercriminal groups.”

Thornton-Trump kicked off a 50-minute discussion among four industry experts on MSPs’ cyber IQ. And, he noted, many businesses are suffering because technologies and processes they should have retired long ago are causing problems. (Need proof? Just consider SonicWall’s recent urgent notice warning of imminent ransomware attacks against unpatched, end-of-life appliances.)

“The sins of the past are coming back to haunt us,” Thornton-Trump said.

All in all, MSPs and their clients face “a pretty difficult, pretty adversarial environment,” he added.

Datto’s Desraie Thomas

That environment, as Datto’s Desraie Thomas pointed out, got rougher in the days after the now-highly publicized Kaseya breach. Even as MSPs work to convince end users to take more proactive measures, the Kaseya hack emphasized that vendors and MSPs have been pretty reactive, too, she said.

Panelists agreed. But if there’s one bright spot, it’s that “conversations are a lot more open now,” said Corey Kirkendoll, president and CEO of MSP 5K Technical Services.

Robert Boles, founder and president of Blokworx, which only sells through MSPs, concurred.

Blokworx’s Robert Boles

“The well-being of the greater whole is kind of bubbling to the surface,” he said.

That comes as a result of “enough pain,” said Steve Rutkovitz, co-founder and CEO of Choice Cybersecurity.

Choice Cybersecurity’s Steve Rutkovitz

“When there’s enough pain in any industry, people start waking up,” he said.

In this case, MSPs need to think about the difference between helping clients with a continuity plan and cyber resilience, Thomas said. To that point, Rutkovitz said, MSPs must be able to implement protections for customers, and “have policies in place because you have to be ready to go.”

Is Your Own House in Order?

Most importantly, MSPs must act in the very ways they tell their clients to approach cybersecurity.

“Eat your own dog food,” said Boles. MSPs who ask clients to do something they themselves are not willing to do either don’t understand what they’re up against or they’re failing to help businesses as they should, he said. And ignorance, he said, is no excuse.

“If you don’t know, find a resource. Don’t try to wing it.”

In addition, said Kirkendoll, vet your customers’ cybersecurity insurance policies. MSPs need to make sure clients have the right coverage.

5K Technical Services’ Corey Kirkendoll

“You have to be doing the basics,” he said.

Of course, the onus on MSPs goes beyond the basics. Cybersecurity threats now are constant and they are not relenting.

Words of Advice

With that in mind, Boles offered some words of advice. Right now, every MSP needs to ensure customers have complete visibility into their environments, reduced attack surfaces, ends to known threats, prevention for unknown threats, and automation that features human validation.

“They have to win once,” he said of cybercriminals. “We have to win all the time.”

The discussion on cyber IQ came on the same day that Theresa Payton, former White House CIO, gave a keynote speech about the worsening dangers and impacts of cyberattacks.

“I’ve never seen cybercrime as bad as it is right now,” she said.

It’s only going to get worse. By 2025, cybercrime damages will amount to $10.5 trillion each year, according to Cybersecurity Ventures.

Payton will conduct an RSVP-only Q&A on Wednesday morning with CompTIA ChannelCon attendees. Look for an article with the highlights from that conversation.