The Right of Boom Security Conference for MSPs is underway in Tampa, Florida. MSSP Alert and ChannelE2E are on hand to cover the event. Keep checking this blog for ongoing updates from the event, which is hosted by Andrew Morgan – founder of The Cyber Nation and host of The CyberCall.
Here’s what we’ve heard from the event so far:
1. Can your MSP really survive a cyberattack? We raised and explored this topic before the event. Among our concerns: what percentage of MSPs are truly qualified to offer Managed Detection and Response (MDR), and how many of these MDR-focused service providers actually offer credible response capabilities? We will seek answers at the event.
2. Top 10 cloud security risks that MSPs and MSSPs need to mitigate: This topic surfaced during a pre-conference workshop led by Beau Bullock of Black Hills Information Security.
3. The MSP ecosystem encompasses both physical and virtual CISOs: Full-time Information Security Officers, Virtual CISOs, and associated tech startups are emerging in the MSP software industry, leading a years-long journey that begins to deliver enhanced MSP industry security and better risk mitigation. It’s a safe bet that trending vCISO as well as true CISOs – including Datto’s Ryan Weeks – will be at the conference.
Right of Boom Conference Keynote Speeches and Thursday Content
4. Latecomers on this journey are left behind: This is the key takeaway from Wes Spencer, who called on the MSP sector to move together, to keep moving to the right and to ensure that no MSP is left behind in the cyber journey – d especially as MSPs begin to master detection and extend their focus to the effective right.
5. Wes Spencer joins Rewst: Details on Spencer joining Rewst are here from ChannelE2E. Rewst is an MSP-focused robotic process automation (RPA) software startup.
6. MSP Security Progress: Over the past three years, the MSP industry has made 10 years of progress, Morgan said. I agree.
7. Jon Murchison, CEO of Blackpoint Cyber: Most of the initial targeting involves RDP being open to the internet, an unpatched firewall, or phishing. You’d be surprised at the number of unpatched Exchange servers. Also watch out for malicious installations of RMM (remote monitoring and management) and associated free trials which may not be secure, he noted.
8. DMZs are dead: Move to the Zero Trust model for a good path forward, Murchison said.
9. Get to know the Center for Internet Security: A key name to know is Phyllis Lee, senior director of controls at the Center for Internet Security. Lee pointed out that MSPs really need to understand effective cyber hygiene to maintain proper posture and be aware of where your data is going, what records you care about – and that your network ends at the fingertips of your employees and partners. . Also read Microsoft 365 security guidance from CIS, Murchison said.
How to Mitigate Supply Chain Vulnerabilities
10. The Year of Supply Chain Vulnerabilities and Mass Exploitation: Here, guest speakers John Hammond of Huntress and Jennifer VanderWier of F1 Solutions emphasized that MSPs need to look beyond their RMM to really analyze the security of each tested/adopted toolset. In the case of F1 Solutions, the MSP has created a standardized list of security questions that team members ask their tool vendors. And in many cases, F1 Solutions will interview multiple sources at a software company about their cyber posture – to see if all the statements match up.
11. Ten security vendors MSPs should ask their software vendors: Thanks to VanderWier and Hammond for the list.
12. Additional Updates: Keep checking this blog for more updates. And if you’d like to meet me or say hello at the conference, email me ([email protected]).