Paul Ponzeka, CISO and CTO, Abacus Group
Are you looking for more vendors to partner with to prevent these types of attacks on your organization and customers?
“This is forcing us to take a deeper look at some of the practices we have in place, what the drivers of those decisions were (i.e. cost vs. useability vs. security) and re-evaluating how we need to shift our priorities. That dovetails into where we have gaps that we need to fill with new partners to complement our footing.”
Are you worried about your PRM providers such as Kaseya and ConnectWise in terms of the security of their network and vulnerabilities?
“Vendor management is always one of the biggest challenges that any company, particularly MSPs, face. Not only do you have to build a robust vendor management process to track all of your vendors and their security exposure against your own, but you’re limited by the information provided to you via your partners. On top of that, a lot of organizations have these massive technical debts, attributed to years of focusing on company growth and bottom line, but at the cost at times of cybersecurity best practices. These vendors are going to face increased scrutiny, especially when the situation like Kaseya comes to light, that they had several months advanced notice of the vulnerability.”
Are you looking to hire more infosec professionals to meet demand from customers?
“We are looking to hire not just specific infosec professionals, but ensure that all teams, engineering/support/development are hiring talent with complements of infosec. We can’t program a web app out of the development team if the lead developers do not embrace/enforce good clean coding principles. It really has to be a top-down approach to security, not just targeted to the infosec teams.”