Interview
• Cybersecurity starts at home: If you’re offering tools to customers as part of the service, use them internally! A key part of our portfolio is making the technology available to our partners, and the principle of ensuring MSPs are secure and practising what they preach is an important one (and giving them all the support to do that)
• Reducing the number of cybersecurity tools for MSPs: It’s essential to have tools that can be up and running quickly and easily, not just to reduce the cost of deployment but also to be able to demonstrate the value back to the customers quickly
• Training isn’t a one off: Creating a regular training program with evolving, real world examples (such as phishing simulation and training) is essential to ensure employees are engaged and continually alert rather than delivering annually as a tick box exercise
• Share the knowledge: It’s essential for MSPs to leverage the reporting available, sharing results and information with their clients. Improvements come from sharing information, and then agreeing on action plans to drive changes for the better
Combining phishing protection with training can significantly reduce the load on employees, the number of false positives and the potential window of exposure. Legacy email gateway solutions oſten have a high rate of phishing emails getting through (typically missing up to 50% of malicious URLs), so disparate systems that don’t offer the right protection can disenfranchise employees and reduce their engagement with reporting – so significantly undermining any training program.
Training is key We’ve had a great response from partners we’ve worked with on implementing new phishing training and protection programs, and it’s highlighted the huge opportunity out there. We’ve found that many organisations haven’t update their cybersecurity training and advice for employees where they are working remotely for the majority of the time (or only ran one-off sessions), despite the fact that the risk has significantly changed – from home WiFi security, to updating Acceptable Use Policies for using personal devices. Even office culture can play a huge role in an organisation’s cybersecurity defences – being able to lean over to a colleague at the next desk for a casual question on a dodgy email is so much harder over Zoom, and so may well not happen – rebuilding a transparent and engaging cybersecurity culture is a brand new challenge in 2021. Te response has extended to customers too – we’ve seen plenty
of examples of counter-productive phishing programs in the press (such as offering a pandemic bonus to encourage employees to click links on phishing test emails), so there’s real appetite for more comprehensive, rounded services from MSPs that encompass protection, training and education.
Te challenge for MSPs is they want to sell technology and a managed service – but this also seems to be about education? It’s absolutely true, most cybersecurity solutions are effectively hidden in many ways (if you don’t see it, it means it’s working) but with phishing, employees and customers see this right in front of them. But if you can train them, get them on board and caring, they’re now supporting the technology, and it becomes much easier to sell a complete service as part of this because everyone’s
60 | December/January 2022
www.pcr-online.biz
part of the team. Tese threats will continue to evolve – aſter all, cybercrime is a massive business, so stealing credentials is a huge market in it’s own right, with no interest in ransomware or network compromise – they just want credentials.
What’s your prediction for how threats will evolve in 2022? While blanket, generic mass emails will continue (as long as they work, and enough people click, it’s a lucrative business) there’s no doubt the sophistication of phishing attacks will continue to increase. Te huge amount of personal and corporate data that’s available in the public domain means that social engineering can support highly targeted attacks, and the personalisation of phishing emails helps reduce our natural defences while helping to bypass traditional security defences. Recovery costs for organisations are significant – it’s not just clean-up or fines, it’s literally not being able to run your business in some cases, from paying employees or suppliers to not shipping product – so it can’t be taken lightly. Education and training therefore will need to continue, as well
as using advanced tools such as Machine Learning and Artificial Intelligence to replicate what a human can see when scanning the millions of data points across emails and messages. We’re starting the process with our MSPs by offering the Cofense
Protect toolset free of charge, as part of our ‘Protect your House’ program, so they’re keeping themselves safe first, and really getting to grips with what the technology can do. Once they’re there, there’s a huge opportunity for business growth, as well as really helping their customers transform the role their people can play in keeping cyber-attacks out.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68
