ConnectWise IT Nation Secure: MSPs Getting the Message About Customer Conversations
MSPs are feeling the pressure from the constant barrage of cyberattacks.
![You Have a New Message You Have a New Message](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt52b0a31635d66e3e/65244e449e569b525c766291/You-Have-a-New-Message.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Jonathan Wright is president of WA Technologies, an MSP based in Coconut Creek, Florida. He’s been working with ConnectWise for nearly four years.
“This is one of my first conferences like that and I really was skeptical, but I think my plans for what I wanted to do for my business align with some of the things that they were offering,” he said. “So I took a chance to come down here and I’m really pleased with how they laid things out, gave different varieties of information, whether it’s sales or technology, and everything around it. So it was perfect.”
Wright also said talking to customers about cybersecurity is important.
“You look at the climate today and it is something that needs to be discussed,” he said. “Everybody sees the news and understands that. So for MSPs such as myself, we want to enter the game with all the knowledge we can get to provide that stellar support and security for our customers. And I think the more information you have about any certain topic, the better you’re going to be able to serve your customers.”
Wright said he feels the threat from all the news about ransomware attacks and seeing all the instances happening.
“And then you take a look at your customers and their standpoint of where they are, and if you’re not having any instances within your business with your customers, it’s that time where you think OK, look, I need to step in front of this and make sure my customers are not affected with that,” he said. “So I guess I do feel it internally because now it is preventive, what I need to do, what steps I need to take, and let’s not get into those situations and let’s warn my customers about what’s going on. That’s one of the reasons I’m here now. I want to know what those steps are supposed to be.”
It’s clear from attendees’ reactions that they’re unsure whether a threat actor could get into their network, Wright said.
“Nobody’s 100% sure, but we’re getting close to that point,” he said. “That’s the goal.”
Eric Ross is general manager of Computer Engineering Group, an MSP based in Napa, California. He said sometimes “you don’t think about security as much as we should.”
“And some of the speakers here have opened up our minds to all the things that can happen,” he said. “You hear about it, but actually looking at it and seeing how these guys do things, it’s been great. I’ve learned a lot. And just me, personally, I don’t get involved in our security as much, but now it’s like hey, this is something we have to do, let’s open up our minds. I’ve got three other guys here and we are really excited about some of the things we’re going to do when we get back to our office.”
Ross said talking to customers about cybersecurity is a “good thing for us to do, especially the last few months with all of this ransomware.”
“It’s going to make it even easier for us to talk to our customers and for them to listen because we have real-world examples of things that, hey, this is what happens to even large companies, so we want to make sure that you are prepared,” he said. “We can do certain things to make sure that you’re protected, and these last three days have been great for that.”
During this session, ConnectWise executives told attendees where ConnectWise security is headed in the coming months. Tanja Omeragic, manager of technical sales (right), Mitch Sherfey, senior director of product management (center), and Mike Riggs, director of product management for Automate (right), led the session.
ConnectWise’s 2021 cybersecurity projects include:
SIEM user improvements, including partner experience updates.
Unified SOC/SIEM experience. Sherfey said ConnectWise wants to take away all hurdles.
Increasing risk management.
Partner automation.
“Integrating with all of our solutions is key,” Sherfey said.
Partners can use ConnectWise Fortify as a tool to start having conversations with their customers about security, he said. It allows MSPs to show their customers that they’re a lot more exposed than they think they are.
Another IT Nation Security session focused on changes needed to protect MSPs and their customers. Bruce McCully is chief security officer at Galactic Advisors. His firm evaluated over 560 MSPs across the United States, Canada, the United Kingdom, Australia and Central Europe for network and cyber hygiene.
Examples of problems range from broken backups, unencrypted backups containing private information completely accessible to everyone on the network, to devices missing antivirus and purchased, yet unimplemented, security solutions.
McCully provided three missions for MSPs to improve their cyber hygiene:
Create a test plan for your alerting system.
Evaluate the domain administration groups for the networks you support.
Create an RMM report to ensure there aren’t any unsupported operating systems.
McCully said the key will be a change in mindset and a change in inter-organizational culture focused on protecting your businesses and those of your clients, and reducing trust throughout their security stack.
ThreatLocker CEO Danny Jenkins (right) and Zack Kinder, Net-Tech Consulting‘s director of professional services (left), gave a live demonstration of what happens when ransomware runs in a zero trust environment.
“Zero trust, the idea of least privilege, is the way forward,” Jenkins said. “I’ve done a lot of pen testing and breaking into companies intentionally. The less privilege, the harder it is to achieve.”
The demonstration showed:
How easily ransomware evades EDR, MDR, antivirus, and other threat detection tools.
How a zero trust architecture limits the amount of damage ransomware can inflict.
The latest tactics cybercriminals are using in ransomware attacks.
What you need to consider when implementing a zero trust architecture.
Computer Engineering Group’s Eric Ross said he was most impressed by this session because it demonstrated actual ransomware attacks in real time.
Ben Nowacky, Axcient’s senior vice president of product, led a session focused on helping MSPs understand the impact of increasing regulation. Louisiana now has minimum requirements for MSPs to do business in that state. And other states are requiring MSPs notify their customers and the state if they are breached.
“And a number of insurers are saying we won’t even cover MSPs, it’s too risky,” he said. “MSPs are being specifically targeted with ransomware because you have all the tools. Once they get access, they get access to everything.”
If MSPs don’t want to be regulated and want to get insurance, they need to regulate themselves and show the value that an MSP brings to business, Nowacky said.
The Cybersecurity Maturity Model Certification (CMMC) is a good standard and is still evolving, he said. And the CompTIA Managed Services Trustmark credential shows you’ve done your due-diligence.
“Holding everyone accountable to one standard is a great way to hold the mark,” Nowacky said.
In the IT Nation Secure Solutions Theater, Jeff Laws, senior growth consultant at Marketopia, led a presentation on securing leads for IT marketing. He outlined the pros and cons of outsourced marketing, and how to determine the value of a lead. For example, a pro may be cost efficiency, while a potential con is they won’t know your business as well as you do.
MSPs and vendors were anxious to get reacquainted in person after the long break.
What’s a live conference without partying? The Solutions Pavilion hosted a pub crawl where attendees grabbed a drink and learned more from solution providers.
Attendees visit and talk business during a break between sessions.
Attendees visit and talk business during a break between sessions.
ConnectWise’s call for MSPs to talk to their customers about security resonated with a number of MSPs at this week’s ConnectWise IT Nation Secure.
IT Nation Secure attracted 2,300 participants, including 1,800 virtually. The conference was one of the first in-person channel events. And judging by the mood of in-person attendees, they’re ready to ditch virtual for more live events.
Funcshun’s Felipe Isaza
Felipe Isaza is CEO of Funcshun, a Miami-based MSP. It’s partnered with ConnectWise since 2010. He’s glad he attended the conference.
“Going into this new era of cybersecurity, there’s definitely a lot of guidance from them on how to secure our partners and internally as well,” he said. “The landscape is always changing and threats are on an aggressive path. But we’re definitely getting some insights of what we should be doing next to further protect our customers.”
Isaza said having those “tough conversations” with customers is “extremely important.” That’s so they have an idea of what’s expected and the difficulties in store for them.
“All the software that needs to be installed and all the additional tasks that need to be rolled out, it’s extremely important for them,” he said.
Isaza said he sees the threats every day and constantly from the assessments his company performs for its customers.
“We see those vulnerabilities and those bugs, so we always try to keep up with those,” he said. “It’s always a grind and it’s ever evolving. But if we continue with those paths in mind and stay on track, I think we can keep up with it.”
Scroll through our gallery above for more comments from MSPs and other highlights from ConnectWise IT Nation Secure.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like