The Gately Report: Huntress to Double Down on MSP Partner Investment
A massive health care industry data breach remained under wraps for nearly a year.
![Doubling down Doubling down](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5a9d88b8b60df80a/65240340725d3b5a24bd9cd7/3-Double-Down.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: What is Huntress’ channel strategy for 2023? Does it differ from last year’s strategy?
Andrew Kaiser: Our 2023 strategy remains focused on the growth and evolution of the value we bring to our partners. Our platform has grown significantly over the past few years, and 2023 is the year a lot of the work we’ve done behind the scenes will come together. While you’re going to see our product portfolio go from a single product (Managed EDR) to multiple products (Managed EDR, Managed Security Awareness Training and Microsoft 365 Detection and Response), we’re also going to continue making huge investments into the existing product that protects over 1.8 million endpoints today.
CF: Has economic uncertainty created new challenges for Huntress? If so, what are those?
AK: One of the things I’ve always appreciated about Huntress is that we run a really healthy business and manage our financial key performance indicators (KPIs) to incredibly high standards. We built Huntress to go long, and have ensured that we’re in a position where we can continue to write our own story rather than being forced to take on investment that could limit our options over time.
CF: Also, how can Huntress help partners that are being impacted by economic uncertainty?
AK: We spend a ton of time, money and effort helping our partners have more thoughtful conversations about security with their customers. While we’d all like to think that economic pressures won’t impact SMB security budgets, we know that the value our partners provide needs to be clear. There is no one-size-fits-all approach to having cybersecurity conversations with SMBs, but we’ve got a ton of experience on the team and love helping partners improve those conversations.
CF: What differentiates Huntress EDR from competitors?
AK: EDR tools are inherently noisy. Many in our industry put the cart before the horse and deployed EDR products without having a plan for how they would manage the alerts those products produce. We’re laser-focused on taking that burden off of our partners by having our 24/7 security operations center (SOC) triage those alerts and let our partners focus exclusively on things they need to take action on.
Lastly, we built our EDR platform from the ground up. It’s our technology, which means we can focus on delivering value at scale. This may have put us behind some of our competitors in time to market, but it gives us an unbeatable competitive edge when it comes to delivering value at a price point that makes sense for the average SMB.
CF: Ransomware is everywhere. How can Huntress help partners protect themselves and their customers from it?
AK: Ransomware is still top of mind for many, but the hype around ransomware often puts too much focus on the symptom rather than the problem. Ransomware is often the last step in a complicated attack chain, and we can often help disrupt that chain before it escalates. Most importantly, there are a lot of security basics that MSPs tend to ignore.
As an industry, we tend to hyper-focus on buying products to solve our problems, but often skip the basic hygiene that should be put in place before you go and look for that next product to buy. Helping the community get better at these basics is an area you’ll see us double down on in 2023.
CF: What do you find most disturbing and threatening about the threat landscape in 2023?
AK: Every business, regardless of size or industry, is a target. The economics of ransomware have made it feasible for bad actors to target a 20-employee company just as they would a 20,000-employee company. Attacker tool sets have also been commoditized to the point where the barrier to entry into cyber crime is lower than it’s ever been before.
CF: What’s the latest feedback you’re hearing from partners? What are their most pressing needs?
AK: We’re here to help our partners cut through the noise, and the feedback we get motivates us to keep doing so. Noise can come in all different flavors, and whether it’s reducing the amount of false positives a partner is dealing with or helping them understand the buzzwords other security vendors throw around, we’re here to help.
CF: What can partners expect from Huntress in the months ahead in 2023?
AK: This year is going to be an exciting year for Huntress and our partners. We’ll have gone from offering one product (Managed EDR) to three products (Managed EDR, Managed Security Awareness Training, and M365 Detection and Response). Our team is continuing to expand internationally with support, threat operations and sales in North America, Australia and the United Kingdom. We’re going to continue pumping resources into the community and have a ton of fun while we do it.
In other cybersecurity news …
Independent Living Systems (ILS), a Miami-based health care administration and managed care solutions provider, last summer suffered a data breach that exposed the personal information of more than 4.2 million individuals.
The number of impacted individuals makes this the largest data breach in the health care sector disclosed this year. According to the notification submitted to the Office of the Maine Attorney General, the company discovered that its network was hacked on July 5, 2022. In that period, the threat actors might have accessed patients’ personal information of patients. That includes full name, Social Security number, taxpayer identification number, medical information and health insurance information.
“ILS responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists,” it said. “Through its response efforts, ILS learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed.”
ILS said it has no no evidence or other indication that identity theft or fraud occurred as a result of this incident.
Brian Higgins is security specialist at Comparitech.
“Aside from laying such a vast number of people open to identity theft, phishing emails and all the other vulnerabilities that cybercriminals will immediately exploit once an attack is made public, this incident highlights the incredibly slow progress the United States is making in consumer protection,” he said. “Most first-world jurisdictions have regulations and legislation in place which force organizations and businesses to report data breaches in a very swift timeframe, sometimes within days of discovery, thus allowing time for victim organizations to offer remedial advice and resources to their affected clients and supply chain. The fact that this critical personal information has been in the wild for so long before ILS decided they should report it to their customers makes their offer of free identity protection a bit of a waste of time.”
Ilia Sotnikov is security strategist and vice president of user experience at Netwrix. He said the fact that it took two months to start notifying the impacted customers, and well over six months to file the official breach notification is “just stunning.”
“This is putting impacted individuals at risk of phishing, social engineering attacks or in some cases even blackmailing,” he said. “Considering the unauthorized access itself took place in June-July 2022, some of the victims could have already fallen prey to the attackers.”
In the recently published National Cybersecurity Strategy, the Biden-Harris administration is calling for more proactive actions to disrupt the threat actors, Sotnikov said.
“We can expect that such attacks on health care and insurance institutions that impact vulnerable groups of citizens will be used to justify new legislation to allow the federal government to take more proactive steps to counter cyber crime groups,” he said.
The U.S. Securities and Exchange Commission (SEC) is proposing a new rule requiring broker-dealers, clearing agencies and other financial services providers to implement procedures to better address cyber risks.
The SEC proposal includes a requirement that broker-dealers and other entities notify clients within 30 days of a data breach. In addition, it would require all market entities to at least annually review and assess the design and effectiveness of their cybersecurity policies and procedures, including whether they reflect changes in cybersecurity risk over the time period covered by the review.
Also, it would improve the SEC’s ability to obtain information about significant cybersecurity incidents affecting these entities.
Steve Wilson is chief product officer at Contrast Security. He said this is a “highly positive” step by the SEC.
“It’s in line with recent actions from the Federal Trade Commission (FTC) and the Office of the U.S. President, all of which point to the fact that our nation’s cybersecurity measures, for both government agencies and private entities, can no longer be an afterthought,” he said. “Even in regulated industries like financial services, we know that large, public companies have thousands of internally-known security vulnerabilities in their software applications and computing infrastructures.”
Previous regulations haven’t been enough to drive profit-driven companies to keep up with the escalating threats, Wilson said.
“These new cybersecurity rules should help raise the bar and reduce breaches,” he said. “And, when breaches do occur, it could help limit the scope of data that is lost.”
Erich Kron is security awareness advocate at KnowBe4.
“I don’t believe that standardizing practices, especially with respect to reporting, is a bad thing given the financial impact possible through the mentioned market entities,” he said. “Most organizations that deal in high-value transactions tend to already have a cybersecurity mindset, simply because they are already targets. And if they did not have a strong culture, they likely wouldn’t last long under the constant attacks from cybercriminals. While it looks good on paper, the required annual review of policies and procedures for organizations that already don’t see value in this practice can easily become a rubber-stamp event. Standardizing notification requirements, especially if it impacts who they are reporting to and any timeframes involved, could be helpful to the industry as a whole, especially when looking at activity by specific threat actors and their tactics. Quick reporting could allow for better information sharing and threat intelligence for other entities, which these bad actors may be targeting.”
If the proposal can promote better information sharing, it may allow entities a better opportunity to defend themselves against bad actors, Kron said.
It’s been nearly three weeks since Dish Network has provided an update on the widespread outage it attributes to a ransomware attack in which personal information was likely stolen by the malicious hacker(s).
Dish hasn’t fully recovered from the attack. According to TechCrunch, Dish hasn’t provided a substantive update since Feb. 27, despite customers continuing to experience issues or not knowing if their personal data is at risk.
“We appreciate your patience at this time while our teams are working hard to update our full website and get services back up to help you,” Dish says on its website.
In a U.S. Securities and Exchange Commission (SEC) filing, Dish said the network outage affected internal servers and IT telephony. It also said the threat actor(s) extracted certain data from its IT systems.
Darren Guccione is Keeper Security‘s CEO and co-founder.
“Although it’s still unclear how much data and exactly what type of data was stolen, what is clear is that the company has demonstrated a lack of transparency that can erode customer trust,” he said. “In ransomware cases that involve any type of customer data, there is an inherent threat to their passwords and other sensitive information. Bad actors sell this valuable information on the dark web and will often compare data from the current breach to information from data breaches at other organizations.”
Cybercriminals will also use this type of sensitive information for targeted phishing attacks, Guccione said. In phishing attacks, bad actors often tailor scams using aesthetic-based tactics such as realistic-looking email templates and malicious websites. The aesthetics users recognize, such as the logo or color scheme of the site, are used to lure them into a malicious link or form field.
“The key to avoiding falling victim to phishing is to ensure users check that the URL matches the authentic website,” he said. “In any case, emails containing links must always be subject to greater awareness and vigilance.”
Dish customers should immediately update their passwords to be unique from any other passwords they’ve used in the past, or on other accounts, while ensuring each new password is strong with uppercase and lowercase letters, numbers and symbols, Guccione said. Passwords should also be paired with a strong multifactor authentication (MFA) option, when available, to provide an added layer of security in the event that their password becomes compromised.
It’s been nearly three weeks since Dish Network has provided an update on the widespread outage it attributes to a ransomware attack in which personal information was likely stolen by the malicious hacker(s).
Dish hasn’t fully recovered from the attack. According to TechCrunch, Dish hasn’t provided a substantive update since Feb. 27, despite customers continuing to experience issues or not knowing if their personal data is at risk.
“We appreciate your patience at this time while our teams are working hard to update our full website and get services back up to help you,” Dish says on its website.
In a U.S. Securities and Exchange Commission (SEC) filing, Dish said the network outage affected internal servers and IT telephony. It also said the threat actor(s) extracted certain data from its IT systems.
Darren Guccione is Keeper Security‘s CEO and co-founder.
“Although it’s still unclear how much data and exactly what type of data was stolen, what is clear is that the company has demonstrated a lack of transparency that can erode customer trust,” he said. “In ransomware cases that involve any type of customer data, there is an inherent threat to their passwords and other sensitive information. Bad actors sell this valuable information on the dark web and will often compare data from the current breach to information from data breaches at other organizations.”
Cybercriminals will also use this type of sensitive information for targeted phishing attacks, Guccione said. In phishing attacks, bad actors often tailor scams using aesthetic-based tactics such as realistic-looking email templates and malicious websites. The aesthetics users recognize, such as the logo or color scheme of the site, are used to lure them into a malicious link or form field.
“The key to avoiding falling victim to phishing is to ensure users check that the URL matches the authentic website,” he said. “In any case, emails containing links must always be subject to greater awareness and vigilance.”
Dish customers should immediately update their passwords to be unique from any other passwords they’ve used in the past, or on other accounts, while ensuring each new password is strong with uppercase and lowercase letters, numbers and symbols, Guccione said. Passwords should also be paired with a strong multifactor authentication (MFA) option, when available, to provide an added layer of security in the event that their password becomes compromised.
Huntress is investing more in its MSP partners to help them grow their businesses and better safeguard customers.
That’s according to Andrew Kaiser, Huntress’ vice president of sales. The Huntress Managed Security Platform delivers a suite of security capabilities backed by a 24/7 threat hunting team to help MSP and MSSP partners fight back against attackers.
Huntress’ Andrew Kaiser
“Huntress saw tremendous [partner ecosystem] growth in 2022 and more than doubled our annual recurring revenue (ARR),” Kaiser said. “That growth comes from a mix of recruiting new partners and helping our current partners grow their business. We also made some significant investments into the MSP community, which you’ll continue to see us double down on throughout 2023. For example, we made Huntress available at no cost to thousands of MSPs for internal use through our Neighborhood Watch program.”
Neighborhood Watch Helping MSPs
Neighborhood Watch is a collection of programs and resources to help elevate the broader security community. It offers “internal use” Huntress licenses. These licenses offer access to a variety of features across Huntress’ platform. Those include managed endpoint detection and response (EDR) backed by its threat-hunting team, and security awareness training (SAT).
Huntress’ latest research shows midsize businesses are struggling with cybersecurity. The survey was conducted over two weeks in January, with 256 companies in the United States and Canada participating.
Among the findings:
In the last 12 months, 24% of midsize businesses have suffered a cyberattack or are unsure if they have suffered a cyberattack.
Sixty-one percent do not have dedicated cybersecurity experts in their organization.
Forty-seven percent don’t have an incident response plan.
Twenty-seven percent have no cyber insurance coverage.
Scroll through our slideshow above for more from Huntress and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like