Sign Indiana Banking Living Will Secure

Industry sign banking indiana living will secure

as a technology solution provider you're on the front line of a cyber security war zone warding off every enemy defending every connection and there's no day off you've got to be ready when an attack happens not if your clients may already believe you're protecting them from cyber threats but are you you're not alone every hero needs a gun that's where we connect connect wise and our platform of products and services give you the tools and education you need to step up your game cyber security is a scary subject and an attack on you your client can destroy everything connectwise is the ally you've been looking for protect your clients secure your future and start to understand the profit potential of security as a service our customers are learning how to tame the war zone by building recurring revenue with security because of your energy we are in it too it's time to take your security offerings to the next level it's time hey what's up everyone welcome to it nation secure i'm craig fulton i'm corey layman and we are your hosts for the next two days i cannot believe this event day is actually here i'm so excited here at it nation headquarters we have spent six months dreaming up this new conference and i'm so excited it's a security conference focused just for msps we know there's a lot of content that comes out of these big cyber security events but much of it is not even applicable to our small and mid-sized businesses like you and that's why we've built this event especially for you our msp community yeah and a lot of you this may be your first it nation event and you may be thinking what is this and why are you focused on cyber security you know it was three years ago we came to it nation connect and we stood on stage and said hey cyber security is the next big opportunity we're going to focus on helping transform your business to be an msp plus right because look at connectwise and the it nation we're dedicated at providing you with a complete solution for your cybersecurity needs whether it's the frameworks yeah the frameworks or business transformation i was going to say craig um this reminds me of you know i don't know what 10 years ago when we were transitioning from break fix to manage services and it it's kind of following that same path right yeah so in in doing that right just like we did before we're giving you the education we're pairing you up with the products and services that you need and importantly this community right getting focused on the community because you can't do it alone and look no matter where you are in your journey with cyber security whether you're you're mature in it and you've been doing it a long time um from endpoint protection all the way to uh risk assessments or you're newer in it and you're like look you know we do firewalls and we do perimeter security and some antivirus scanning we've got a little for everyone right because as corey said we are the experts in business transformation by working with you right we did and and it takes more than just things i've listed here right it's about culture as well it is a completely different way of looking your business just like going from you know being a service provider to a managed service provider it's a culture of being proactive it's a culture of looking at recurring revenue well you got to have a culture of security and thinking of security first right yeah um and to do this we've simplified the frameworks right it is very very confusing uh there's government regulations what's the big one in north america nist there's nist right we have cyber security essentials essentials eight and you're thinking boy i'm reading some of this how does this apply to me well we've demystified all of that we've created the msp plus cyber security so we're going to talk about that in a little bit but they may also be thinking well how do you know this that's why it wasn't craig and i don't worry look i'm an engineer i get skeptical too like who are you and why should i listen because look you should listen to me i'm a cyber security expert over 20 years ago i successfully removed the free version of mcafee from a windows machine but i realized hey that ain't good enough anymore but we have assembled an amazing team here we have csos we have cissp certified individuals we have people just like you used to run and own their own service provider business so let's talk about who they are we have jay wayne brian frank david michael and an honorable mention i want to bring in drew sanford he's not on the team but he's a great colleague here at connectwise that helps him out he is um combined that team has over 150 years of experience in the cybersecurity uh space so they really know their stuff um right now i actually want to throw it over to jay ryerson you mentioned the framework right so jay is going to give us a little bit more details about the msp plus cyber security framework so jay thanks corey effective cyber security requires a layered approach you've got to implement the three layers of cyber security of course people process and technology and you can't forget the controls like administrative technical and physical controls that are necessary to reduce risk and improve your security posture when we talk with partners from around the world they kept asking you know jay which cyber security framework should be aligned to and at the end of the day our team used that as a challenge to go out and investigate and research what was out there we were surprised to find that there were more than 50 cyber security frameworks and none of them were aligned specifically for msps and yes we did go deep on nist on cis on cyber essentials and the essential 8 as well as many others what really cut us off guard again was the fact that there was nothing targeting and designed to help and assist msps when it comes to cyber security and that's where our journey really began our team spent a lot of time with partners in north america in the uk and in australia they're trying to understand what they were looking for and what would help them be successful as they make the pivot into msp plus that's msp plus cyber security as we did that it became very obvious that we need to lead the conversation so let's be clear on the one thing that we learned that i think is very important for msps are listening in today most msps will not become an mssp a managed security service provider ultimately they should probably won't even consider doing that because the cost of investing in time and people and the infrastructure necessary to deliver security in a 24x7 environment without any revenue is not reasonable or practical for most of us where we did witness success with msps were the ones that determined that they needed to deliver the essential cyber security solutions their clients needed to stay secure so we then built the msp plus cyber security framework designed to provide partners with that fundamental framework necessary to implement cyber security in a reasonable and productive manner it really is that that place to start when it comes to looking at cyber security it has a maturity model it's designed to give you a good bet our best or what we call the fundamentals the advanced and the master level books to really help you implement security using a continuous improvement model it's where i would start where most of our partners have found it's a great place to kick off their cyber security journey so you can download the framework and the playbooks and use those to help elevate and accelerate your entry into cyber security with your practice the playbooks describe in depth you know what to do how to do it how to measure it and how to improve it over time it really is that gps for delivering cyber security for your practice then ultimately as i mentioned they really are designed to accelerate your team's entrance into cyber security lastly you may not have heard us mention that we've had more than 5000 people who have attended our certified fundamentals courses in the last 12 months it's a no course designed to really help enable your team and build up that foundational level of security so you're all using the same language and have the same objectives in mind if you haven't attended make sure to spend a few minutes to get yourself and your team registered for upcoming classes later this month or in early december i'm jay ryerson vp of cyber security initiatives reporting in from tampa florida now back to the studio hey thanks jay that's exciting because you know certifying over 5 000 people that's putting things to action right i've attended some of them we have the you know um fundamentals of engineer right it's different from the owner but i've seen you actually passed the test and i did and you saw me on linkedin proud to put my certificate out there but we've got so many more exciting things going on in the it nation right you may not even know so let's break down what those are we have it nation share share our our user groups they meet regionally this year's been a little weird right with kovid but um but we've managed to do it virtually it's been really great and craig that you got started at user groups 10 years ago right i accredited a lot of the success i have in this industry to go in there because i've met a lot of great partners we share things i hear what the pains are bring them back to connectwise and we work to solve them so those events are amazing at bringing our users together they can learn how the platform can grow their business make it efficient and i've heard partners say man i feel so alone in my small town or my big city and who do i talk to they're meeting people there yeah and we sorry yeah then we have it nation explore explore is our product user conference right so this is where we come we bring really the users of our software and they come and they learn how to use the products more efficiently all the products yeah that's all the products in the suite so basically a giant user group it's amazing i love the atmosphere there if you haven't checked it out hopefully we'll be back in person we're planning to be back in person next year um so hopefully if you haven't checked that out that's an awesome event to come get started at um if you're using the products and aside from our users right we bring our solution partners there right these are the companies building the solutions that you're delivering your customers you can learn from them as well and look the next thing we have this is a big one it nation evolve these are our peer groups this is where you say if you're an owner an executive you in your business you want to take the business to the next level because maybe you're like man i wake up every day and i'm just getting through the day it'd be nice to learn how to start setting goals and how to get traction towards moving towards them that's what this does we bring the your peers together in a non-competitive situation in groups talk about aligning your business to frameworks such as eos or stratop we teach you financial acumen so that you know you can benchmark your business against your peers using service leadership index right we teach all of this and you hold accountability to each other and i've seen nothing but success come out of that and then what's the big thing we have well you know this time of year it's almost november and uh we have our it nation connect event connect it's our biggest it's the biggest industry conference uh for msps out there in the technology solution provider space so um it's really the most amazing event um if you want to talk about coopetition which is kind of you know we haven't used that word but that's what we've been talking about this whole time you're you're meeting you know people that you might compete with but you're all working together because we i love our motto wise together rise together yeah so nowhere is that more prevalent than it nation connect so typically this year thousands of you would be booking flights we'd be like choosing food and beverages um and we would be all focused on going to this event that focuses on transforming your business growing teams bringing together the largest gathering of vendors and solution providers in the industry um and so we're so sad we won't be there in person but we have reimagined it it's gonna be an amazing virtual event not like any of the boring virtual events you've probably sat on um way more fun yeah and look in addition to the education there which honestly it's gonna be the best you're gonna find we bring in the experts our partners who have lived the challenges and succeeded and are sharing lessons and people from outside industry who bring experience from other sectors to really focus on transforming your business whether it's sales and marketing operations human resources strategy and planning or what we're here for today cyber security we are passionate passionate about the content in this quality of it and actionable and practical because i've seen it you know a lot of people get together and there's a lot of talking we pride ourselves at itnation on giving you the house you can take action that's right and um all of the vendors are there you know all the solutions you're using it's just the biggest gathering um we're expecting over 20 000 people this year uh to join the virtual connect that's pretty big insane um you can still take you can still take part by registering there's the link on your screen uh tickets are started free yeah right so you can uh if you're one of these companies like man i wish we could always go but i can't get that many people there and i gotta send them across the country get everybody together in your office free yeah so that is the it nation um it's this global community of peers thought leads leaders and experts who are passionate about technology dedicated to lifting the industry um so whether you've been to our event or this is the first time you're hearing about it we're really glad you're here you're already part of the it nation you're a member so um we're just happy you're here yeah let's not keep on waiting any longer all right so let's get started i know you guys are are wondering what to expect here at itination secure uh let's talk about what we have in store over the next two days so um first if you haven't already done so watch the welcome video in the lobby of our virtual platform it will show you everything you need to know where to click how to get places where to navigate and how you can experience the platform and the event you know a lot of these virtual events are different we know you need to know where to go so look while you're navigating make sure you navigate over to our sponsors right we couldn't do this without them they make this stuff possible but they provide the products and services designed to optimize and elevate your security practice so look in their booths not only will you find the information on the solutions but they're going to have fun giveaways one-on-one meetings and more but speaking of i wanted to remind everyone that our diamond sponsor web root has a bunch of ways for you to win prizes at it nation secure be sure to stop by their booth and select email me to be entered in their daily drawing for some bose headphones i know good for virtual zoom meetings because everyone's like craig turn your mic down find some great headphones you do need some new headphones but look uh plus right attend their breakout sessions and register for a free trial and then be entered into one one of their gopro hero8 cameras oh you can take that hiking yeah so for those of you who have purchased the geek pass we have so many breakout sessions lined up and we've broken them down into five themes for you the human element security operations virtual chief infosec officer marketing and selling cyber security and our partner-led thought leadership so you can stick to one track or you can bounce around it doesn't matter the choice is yours and the good news is you don't have to watch everything in just two days if you purchase the geek pass this content is available for you on demand for 90 days so make sure to take advantage watch things live watch things recorded schedule time out you just don't want to miss any of it we also have our daily security briefings on industry hot topics we have some really amazing prominent speakers the secretary of state for the state of louisiana that's amazing so he's going to be doing a briefing um so much industry topics look my favorite portion is networking and entertainment oh i know i love getting to know our partners i love to talk and have conversations and i love entertainment because corey you know i love comedy you wish you were a comedian that's what i'm doing next um so i'm excited for this guy his name is justin willman he is the star of the netflix show magic for humans uh justin will join us live for an intimate evening of comedy and magic so look bring your friends bring your co-workers bring your family have a great time family friendly we want you to enjoy it enjoy it with the people you love take pictures with it put it on social media hashtag us right but without spoiling any surprises it's safe to say you haven't seen a show like this before but first we have an exciting keynote lined up for you that we're about to kick off and i know what you're thinking i'm so over boring webinars so are we but this is more like a tv show that's right so craig did you know we're at war cyber criminals are coming for us but our partners are on the front lines and we're fighting back and we recently commissioned a study with vansenborn to survey smbs small businesses about cyber security and some really really interesting stats came out of that right so let's talk can you tell me more are you ready yes 86 of small businesses reported that cyber security will be within the top five priorities for their organization wow that's a lot that's good you think it would be more yeah but i mean this is this is businesses across the whole gamut of industries right right but you know what that means right there's some businesses out there still thinking this isn't going to happen to me it doesn't happen the business is like mine doesn't happen and look there's more right 38 of them say it's their top priority number one wow that's impressive because you think about it right all business runs on technology now and they know that has to be protected here's another one here's another one 91 of small businesses would consider using or moving to a new it service provider if they offered the right cyber security solution 91 wow so you can look at that two ways either 91 of your clients are at risk of leaving you if you don't have a cyber security solution um or you can go and grab 91 percent of your competitors clients um and switch them to your cybersecurity solution that's pretty cool yeah i mean i look at that as an opportunity yes i bet there have been companies out there managing their own technology thinking they got it and now they realize wait i gotta go outside tons of green field for you wow and look last one right on average small businesses that use an msp now listen to this one right okay they would consider moving to a new provider if they offered the right cyber security solution but would be willing to pay 30 more for it wow wow oh my gosh i can't even do all this math so if you get 91 of your competitors clients and then you're getting them at 30 more wow that's a lot of money you can make more rich listen we know cyber security can be really challenging when you're starting out but we've got a reporter in the field drew sanford he is going to do a special report on the real life challenges msps can have starting out in cyber security so drew take it away thank you corey i am reporting live from indianapolis indiana where we have a long time msp with an interesting story to share many msps starting out in their security space are looking for how to sell how to position how to build a stack that will allow them to make security a growing powerful part of their revenue and profit unfortunately early on they often try to grab a single security product without any real strategy and launch into sales mode some are successful but many struggle without support or a plan to succeed they have not understood how to deal with many of the questions they will receive then the unthinkable happens one morning the msp wakes up and receives a phone call from a very large client they report that none of their systems are working and all their files have strange extension names many msps in this situation run out and start trying to fix the problem with little understanding of how or what happened at this point too often the stage is set for them to fail the client wants a miracle and the msp is just trying to survive how can the msp respond and be successful how could the msp have convinced the customer before the attack to put protections in place this is a common scenario that many msps are reporting too often according to a study we commissioned with vance and bourne 68 of smbs want to be confident in the ability of their provider to respond to security incidents and 58 percent want to be confident their msp can minimize their damage or loss on top of that the potential risk keeps growing the average ransomware payment jumped in q3 to over 178 thousand dollars to help us understand many of these struggles let me welcome mike clemons the president and ceo of bike cafe consulting and msp here in indianapolis indiana hi mike i'd like to welcome you to it nation secure with us today can you introduce yourself and tell us a little bit about your background hi drew it's great to be with you today my name is mike clemens i'm the president and ceo of bike cafe consulting we've been in business here in indianapolis for over 21 years and i'm i'm so excited to talk with you today excellent well as you know we're here talking about security and how it impacts many of our different businesses and msps as we go through this process can you tell us a little bit about how you got started in the security conversation and maybe some of what the initial challenges were you ran into absolutely at the beginning it was fairly easy um 21 years ago we just had our run-of-the-mill anti-virus software that we placed on computers and and we put in some passwords and stuff like that into the network and that was about it just over time though um the security for our clients has become a bigger and bigger issue and especially over the last five to six years where the ransomwares have really taken a huge toll on a lot of companies in our area well i know it you were sharing with me earlier that as you were beginning the steps beginning that process of figuring out what the security journey looked like for you that you had kind of a rude awakening with a with a very large client can you tell us a little bit about that absolutely um the large client that we had in downtown indianapolis we just brought on i mean we were a week into the onboarding of this client and we get a call about nine o'clock at night saying hey we got ransomware on our computers what do we do so we were kind of really scrambling around because we didn't have a sop for being able to put all this together and we had five or six texts running around all the different computers trying to figure out where it was and things like that did that set you up for submit from any awkward conversations with that customer with them asking you you know some weird things like i know i've heard customers before you know partners before share with you know well i thought we had what it took to solve this we just brought you in how did you you know how did did that put you in an accounting awkward stance well i mean just the awkward question of how did this happen you know i mean they kind of threw it into my court of why did this happen to us you know well it was because somebody clicked on something but their response was how come we weren't protected yet you know and we didn't have a playbook at the time to be able to go in and have that conversation with the client at the very beginning of our relationship so speaking of that you just mentioned a playbook what are some of the things that you wish you would kind of happen to had in your hands to help you and your team when you were starting on this security process and figuring out where to fit it well i would love to have the training for my team and myself on a sales side to have that conversation with the client so that we can start with the expectations of when we bring out a new client and be able to set that expectation with the client of what's going to happen so they know up front and having that playbook and the training would have went a long way with us thank you mike for joining us today and sharing your experiences around your journey and some of the steps that could help other msps as they look to get started mike mentioned that one resource he wished he had identified early on was training to prepare him for what he was going to experience one tool many msps are taking advantage of today is the connectwise msp plus framework and playbooks to give them a path to reduce risk and minimize the impact of a cyber attack this is a resource that did not exist when mike started out and might have made all the difference the msp plus framework along with our fortify security suite has been a powerful combination for msps to quickstart their ability to launch a security practice with confidence make sure you get your free copy today another resource msp should engage in is happening this week right here at it nation secure purchase security is presenting a breakout on the talk walking you through how to have a real conversation with your clients answering questions like how do you start the conversation what do you talk about and how do you get your client to take action on this very important issue this breakout will be tomorrow at 1 50 p.m eastern time check it out with that let's head back to the studio to corey and craig wow we get it right techs don't like to follow processes i was one hate doing that because it's like i got this right but it's not that way with cyber security the risk is too high right these companies they like i said run on technology and they have to have that to stay up and productive we're not just fixing technology anymore we're saving their businesses and that's why creating a culture of cyber security in your business is so important okay so i challenge you ask yourself what does cyber security culture look like for you today wow yeah i mean your staff are really the first line of defense from attackers you know that and when your staff understands what these cyber attacks look like how it impacts the company and your clients they start to build their risk perception and get better right yeah and that's why you have got to make an investment in education and training right now for those teams right just like this conference right taking our certifications getting the fundamentals and the advanced downloading the playbook all of it yes for sure it's and this is going to be critical for their ability to succeed and also having an incident response team is probably important too processes and procedures man um so look influencing behaviors and perceptions really does make an impact it does there's a lot of stories and i just heard another story uh we our team received a call from a partner where a customer accidentally wired money to the wrong account so in this case it sounds like the email had been compromised and an attacker sent wire instructions it was around the closing of a new home but let's go to jay he has more information jay you're absolutely right the partner told us the email came from the correct email account at the closing attorney's office but with incorrect or spoofed bank account information sadly we hear stories like this almost daily in fairness i know this partner and they talk about cyber security and the risk to their business including business email compromise and ransomware on a regular basis they write blog articles they've delivered podcasts they've even had webinars highlighting the need to sacrifice a little to get the right cyber security in place for their customers and don't even get me started on the impact of business email compromise and covet 19 world i mean you would think that by now everybody would actually understand what's going on and yet we're seeing more victims with escalated number of attacks happening this year now it nations secure teams started looking at the fbi's ic3 report the internet crime complaint center report that they put out annually what was scary is the math coming out of that report based on last year's numbers the average business email compromise financial loss to a business was seventy five thousand dollars it's fascinating and yet really scary to see them increase the number of bec attacks happening across businesses of all sides the reality is it's happening because these are easy to implement they don't require advanced malware or techniques to launch an attack they simply capitalize on the human side of cyber security now if you're wondering why this should be important to you in a recent research by vance and bourne commissioned by connectwise in june and july of this year there are some interesting stats you should know 77 of the smbs worry they'll be the target of an attack in the next six months it's nearly three quarters of the market believe that they're gonna fall victim in the next six months sixty percent of the smbs are investing more in cyber security because it reduces risk for their organization see this isn't a technology problem to solve we need to solve for risk with our customers ultimately all roads lead to risk around cyber security and 59 percent of smbs predict they will outsource all or most of their cyber security activities within the next five years it's a major opportunity for msps to capitalize on cyber security with the small business environment customers so keep in mind the msp plus cyber security framework our supporting certified courses and the connectwise fortify suite are designed to help you reduce the risk you face as a service provider as well as the risk to your clients from business email compromise but let's not just take my word for it i had the chance to catch up with a friend and partner matt lee from iconic i.t he's calling in from wichita kansas matt welcome to it nation secure thanks jay um i appreciate it real quick about myself i'm with iconic i.t as you can see by all the wonderful logos um and we are a managed services provider that manages about 15 000 humans uh across five states um i wanted to talk about a specific business email compromise because they are rampant the fbi sent us a warning in april um and and obviously we've seen the threat actors taking advantage of it and i want people to kind of understand how it works this one was a 1.4 million dollar uh compromise that a company lost um and they were company b in this example so the way this works is the threat actors aren't these disorganized you know people that are just hanging out in their basement they've got research departments they have people pulling done bradstreet reports to figure out how much companies do from a revenue perspective once they select a target that's going to be company a and so for company a they really have no other choice but to either try to brute force the attack or fish in in random and sometimes they just find company a buy phishing right they send out these large campaigns and company a somebody in accounting clicks and they do some research and find that company's a viable target and they go ahead and start attacking that person so what they'll usually do is they've already compromised company a's controller let's say they're going to say either start looking through for the accounts receivable that's due to them or they're going to try to attack one themselves in this instance we're kind of just talking about where they've they've compromised and they're going to attack company b so what they do is let's say company a is it has a domain that's like ironscales.com for example they change the i into an l it looks visually exactly the same and they purchase elrond scales.com they then send an email that they've captured from company a controller's email they've just pulled a piece of a conversation chain out and brought it into this other email system and the other email system is a valid domain right it's elrond scales.com they then try to do what's called conversation hijacking they start to send a new email response to that last email chain from the legitimate domain of company a um and then they as they respond back to company b they now have taken over that conversation they then set rules on company a's mail domain so that company a's controller never receives the next message it just simply gets filters out to elrondsscales.com to continue the chain and so they basically start conversing with the controller of company b which does two things for them it identifies the controller company b or the ap or ar person of company b right but it also lets them start asking for changes to be made we're here in in this coveted times um and we're all working from home to some degree and so they say hey listen things have changed company b we'd like for you to wire us or change your ach to citibank instead of the bank that it currently is or instead of a paper check so company b says all right i'm fine we'll do that um and they change it they send their money and in this case they send out basically um 900 000 to company a from company b so company a never receives the funds but they also don't notice it and when they do oftentimes the the email responses from b are being intercepted um and changed over to the threat actor so company b has now lost nine hundred thousand dollars and what makes this really insidious is the threat actor now knows company b so they start attacking company b if company b similarly doesn't have two-factor authentication or doesn't have the right accounting controls or controls in general in place then company b now is exposed for its accounts receivable uh the threat actor repeats this process and buys a domain similar to company b attacks the front end of company c and company c in this instance wired 500 000 over to the fictitious company b threat actor so the threat actor now has received nine hundred thousand five hundred thousand right um and has made a massive cash flow disruption to company b in ways that that oftentimes destroy that company in fact if you think about it they actually then probably paid company a again so they they actually are out significantly more cash flow in that response if company c then folds and doesn't have the ability to pay them so essentially these threat actors are are able to manipulate the situation we find ourselves in in the sense that normal accounting controls for calling to verify something may not be as rock solid right you might call and receive a desk phone that doesn't have a forwarding instruction or you have to then trust the threat actor as they give you a number to call to validate them and so essentially you know as you think about this this business email compromise kill chain really has two pieces one is education and prevention on the front end with spam filtering and things to help look for those spoof domains or new domains and then the other side of that is in two-factor authentication but if you really wrap it all up it really starts with us as the msp and it really starts with us having that conversation with the client explaining what those things are and if we don't know what those things are find a way to get help find a way to advance your maturity level from a security perspective and the things we have to do as a trusted advisor one of the things that that we've done at iconic has been to latch on very heavily to a lot of the free resources out there that are meant really just to rise the water so that it rises all ships right one of those examples would be connectwise certify it is a program that allows our technicians and our sales people right to go through a separate track that helps them get a very good base layer of knowledge from a a security perspective um if you can't talk about it with the language that's correct then then you have nowhere to start and so we we think that's a great entry point and some of our advanced technicians are now even starting to get into the advanced courses and to build that knowledge over a longer period of time to make it something that is just part of what we do jay i appreciate you letting me talk about this today business email compromise is such a a big threat to us just like ransomware and we really have to up our games uh as technicians and as as professional service people um but i'll kick it back to you so thank you thanks matt for that scary and yet real world experience and while i wish this was the only case i've heard recently we don't have enough time in the next two days to cover all the stories that we've heard from partners related to business email compromise if you want to learn more about how to defend against these attacks i might recommend some of these sessions webroot's doing one called what kovid 19 means for cyber security and spy cloud has one called combating common behaviors that create breach and account takeover risk or what they refer to as both can be great sessions i think you're going to want to attend as you can see we've aligned the speakers and content here at it nation secure conference in an effort to help you lock down fight back and reduce risk for you and your clients now let's head back to the studio with corey and craig he yikes what a crazy story quite a story a lot of money but not uncommon that happens to us right i have personal stories like this like our cfo reached me and said hey i just got an email from you saying to wire uh your your paychecks to a new account going forward thank god he called me um did it have the little yellow this email came from outside the organization and that's what caught us attention right because we have created a culture of security here and look you heard what matt said too right brute force attack brute force attack as technicians we typically think of this as oh they're attacking an internet address a report right no they're doing this to people they're coming at them and they've done it again to me and you've gotten emails hey yeah can you go out and get this gift card for me they keep coming and they will find someone right yeah it's about the human element that's why we have sessions about that it's mind-blowing how organized they are you know like we always think like oh a hacker in his basement right like that's such that's such an antiquated vision of a cyber criminal because these guys are organized they run it like a business they have sophisticated technology they probably have their own playbooks right um so that's why our industry needs to be smarter and that's what we're all here to do right and look we admit it and we know it right it's hard it is really hard because you're busy running your business and and now you have to find new qualified talent right it's a completely different type of uh calling that you're going to need and when you're building out your cyber security practice yeah it is really difficult you know we've been talking about the talent gap and and how difficult it is to find talented uh staff for years at it nation and that was just around managed services now you add security to it and gosh it's just really difficult but a few partners have figured it out right we have a couple that are doing it really well so i want to go now to wes spencer from perch security to talk about getting started in cyber security including staffing and addressing that skills gap so wes take it away all right corey thank you so much my name is wes spencer and i'm the chief information security officer at perch security my job is to help all of our partners think through strategize and build better information security plans and services and products into their portfolio and by the way i also managed to purchase internal information security as well one of the things that i get asked about a lot is hey wes i'm thinking for the first time of building or enhancing my cyber security services we want to go beyond just managed i.t and we want to offer cyber security services as well we have some customers of ours that are leading the charge on that maybe a bank or health care something like that we we see this as a revenue opportunity but we also see we need to do this to protect ourselves protect our clients because cyber security as we all know is getting more and more systemic as a threat and we need to address it and so a lot of times partners will come wondering where do i begin how do i go down this journey of success and i think one of the biggest challenges that exist in all of this is the staffing part where do i find the talent to run the talent to build all of this and i can quickly share a story of my own where i've been through that i remember at a bank that i worked at i was the the ceso at a bank and i hired my very first security analyst we got him trained got him up and running turned out to be a great analyst and within a year he ended up leaving for new york stock exchange i remember thinking how do you compete with that you really don't it's so difficult for an msb to truly build that i've got some statistics for you 52 of smbs agree that they lack the in-house skills necessary to properly deal with those security issues so we have a problem in that we just don't have the staff and the people resources internally to do all this another stat for you 57 of smbs don't have specific cyber security experts in their organization so even our clients don't have what's necessary it's just it's very difficult in the talent shortage in the cyber security skills gap to find and meet all of that so how do we handle that how do we address that well with me today is sean brown of snap tech it and i asked sean some questions around this and really got his feedback because they've successfully gone through this themselves and they've they've been able to find a pattern of success through a co-management solution that's worked very well for them and i wanted you to hear more from sean himself so you could understand how their path to success looked so i'm joined by sean brown of snap tech it sean tell us a little bit more about yourself and what snap tech is all about well good to be with you wes good to see you again it's been a little while um so i'm sean brown i'm the president and ceo of snap tech i t and so we're a managed service you know provider we've got offices here in the atlanta area out in phoenix and in san francisco and you know we've been kind of in the security kind of business and and doing managed i.t work and then tacking on security on top of it for a number of years now so sean one thing i want to ask because i love asking this question is what got you into managed cyber security in the first place oh that was a great story so we were working with a company i guess it's been about six years uh now and um they came to us and said uh hey so whenever you're ready just send on over your sock to report and i was like uh we don't have a sock to report so i guess we better guess we better get busy so we started about six years ago going through and doing a sock two type two audit uh in fact i was working on our uh our audit just a few minutes ago before we jumped on this call so we're right in the middle of the audit season again and that was six years ago i mean that's that blows my mind because for the most part i think sock twos and audits and going through those processes is just now starting to happen you know maybe a year or two old so you guys have been doing this for a really long time okay so that that's valuable to us sean because one of the things i would love for you to clue us in on and give us some more information about is you guys have been down this road before you've gone down this journey of how do i get the the personnel to run all this security people are different than iep people right so i'm sure you guys looked at do we build a sock in-house uh do we do we not do it what led you guys to the decisions that have caused you to be successful today in that strategy sean yeah that's a that's a good question we we started out you know trying to train our internal staff on security and then we started also trying to find great partners in the security space that were that could help us fill the gap that we had both on the technical side of some of the things that we were trying to solve like you know sim and sock and threat hunting and threat intelligence uh and that's when we discovered kind of perch security and started working with you guys because not only did you guys bring incredible technology to us that helped us fill a bunch of gaps but you also brought the personnel and the sock to us as well which was a huge help and so we kind of view it as uh you know we were kind of talking about this term earlier we kind of view this as kind of a co-managed sock environment where we've got some internal technical um securities you know team um but we don't have all of the knowledge and all of the skill sets that we need and so we leverage your persian and the sock to help us fill that gap and that partnership got it so what i'm hearing from you it's not that you couldn't do it but just the resource building finding the security personnel retaining that talent like those are things that it's just far better to outsource that piece but still manage the security relationship for your clients i mean you guys have always been a risk first strategy first cyber security solution seller but for you guys outsourcing the security operations and the talent made the most sense for you guys right yeah it really enables us to scale quickly right and so um the target base that we look at are you know larger clients and so when you bring on a couple of larger clients it's great to be able to have that scalability of just putting in a new device knowing that i've got a great sock behind us as opposed to trying to backfill and hire whenever we bring on you know additional clients like that it really makes us scalable that's a fantastic point that you bring up is scale needs to be considered in all of this as well i mean you might be able to meet the technical requirements for one client that needs a very niche set of cyber security solutions but how do you scale that right so what i'm hearing from you is you guys have also built a solution that allows you to scale not just with perch but your entire security services portfolio is completely scalable because you've built that intentionally in mind as well right yeah absolutely they're you know like like we were talking earlier we have an internal team uh and it's you know small in nature as we continue to grow we'll grow that team a little bit but having having you know perch as a large part of our sock is has been great in providing that scalability sean thank you so much for joining us today you guys heard from one of the best that i know of that is doing cyber security uh just top notch sean thank you for joining us thank you for sharing your insight this has been tremendously helpful yup wes good to see you again thanks everybody all right thanks hey i don't know about you but that was awesome i personally learned something every time i talk to sean hey are you curious was that good but you wanted more and you want to hear more about how you could dive into that i've got a treat for you i want to pitch something to you attracting diverse cyber talent is a breakout session by our friend amy that is going to be a great session where you can talk and learn more about all of this really want to invite you to that session because you're going to be able to take some of these things we just talked about and dive in much deeper thank you so much for your time corey back to you wow that combo i love those guys wes and sean they're like a power duo of cyber security expertise like oh i just love them and those guys at snap tech they've been such a staple of the itunation community for years now they've just been amazing yeah we met them over a decade ago at rit nation events and they keep coming back really giving back to this community but the important question here is do you do it yourself or do you partner with someone it's been that way for a lot of things we had that challenge with he cloud now with cyber security and sock right and we find that most partners are successful are doing it co-managed and look i'm going to make a little plug here um don't mean to but if you do need that at connectwise we do have a sock service available for you that's right um so if you're so okay so now you have your staff they're trained you have a playbook you've done you've created your culture you have your technology stack you have your co-management plan um now comes what might consider what some people might consider the hardest part of this whole thing right actually selling it to your client right we have really focused our lives on loving technology understanding that providing service but we have sometimes have a hard time selling it right driving that value and a lot of customers may think you've already been providing security services as a part of this i've seen it on there or they might think well i don't really need any more than that not gonna happen to me that these are common right so let's kick it back over to jay for another real world example take it jay thanks craig this may sound funny but i've heard partners refer to it as the burns and the bees conversation for cyber security it's the one conversation you must have with your clients to reduce your risk without that conversation your clients are likely to believe you are providing the right cyber security to them as you may know we've had the opportunity to work with thousands of partners as they've wandered along their security journey over the last few years it's exciting to see progress being made and partners reducing their risk while also driving new revenue around cyber security but what concerns all of us is the fact the client still believes the msp is providing cyber security as part of their msp's service to better understand the mindset of the business client here's some fascinating stats from the recent benson-born study only 13 of smbs are having a regular cyber security related conversation with their msp that's scary that 13 and my fear is is that they think that they have the conversation once a year potentially and that's not really enough that's not what smbs are looking for so they are switching to new providers to get the right cyber security so don't think that that's really a good number because it's not for 38 of the smbs these conversations are triggered only by a quarterly review followed by 35 who do so in that annual review again once a year or once a quarter is probably not enough today to make sure that that you keep your customers safe and aware and abreast of all the current information of what's happening in cyber security risk is changing daily our clients need to understand that on a more regular basis than once a quarter maybe even once a year but even more worrisome is the fact that 29 of the smbs talked to their msp about cyber security only after they suffered an incident where's my facepalm emoji for that one that's crazy really only after they've been hit that they had that conversation so to help us better understand this from a partner perspective i met with emily jones practice leader and director of operations at warren average technology group in montgomery alabama talking with her about the experiences that she had with the prospect and what her team has done to drive security with their clients and more importantly within their own business emily welcome to it nation secure thank you jay here and our group is in the southeast we are a group of about 40 people in our technology group we are part of a larger organization called warren average one of the largest accounting and consulting groups in the southeast but our group specializes in business software solutions technical solutions and security solutions so we have a vast array of knowledge and expertise on our team our group was called in this past year just as a prime example to do a security assessment on an organization that was over 50 locations over 20 states throughout the united states so it was a rather large organization and our report of findings came back and said that they definitely needed to tighten up their antivirus they needed to tighten up their segmentation in other words this large of an organization was running completely a flat network which kind of like you know scares us all to death they were also lacking in some of their offsite backups they were amongst numerous other things that we had in our report of findings they had their own internal i.t group that wanted to do the remediation so we were out of it at that point this that and the other unfortunately approximately six months later we get a phone call from them they had been hit with ransomware the only good thing out of that is that they did have cyber insurance the ransom was a million dollars the insurance company was able to um get that negotiated down to 700 000 so still had quite a chunk of change um needless to say all the amount of time that they were completely down during that time frame they called us back in to help give consultative guidance on how they needed to go about the remediation so that is something that our group does the point being is that the client did not take our advice to start with they drug their feet on trying to get any of the remediation done had they just started with a simple thing of updating their antivirus or taking and putting a plan together to make sure that their network was segmented properly it would not have taken down everything this one was hit so bad that they um encrypted every vm that the the client actually had so one of the things that we've done in our group is trying to educate everyone in our group we are a company of about 40 individuals that includes administrative that includes our business software group our technical security group technical and security group excuse me there and um we put them all through some certified training that connectwise offered back in the may june time frame may think that strange putting even administrative people through that but it gave everybody in our group a great understanding of nist and where we're going as a company because our goal is to reduce not only our risk but to reduce the risk of clients as well because we all know in the world we live in you touch it you seem to own it and then when something happens the fingers start getting pointed so that is one of the things that we've done is to educate our entire group we went back through and looked at our service offerings and made some changes in that area as well and one of the changes was taking some of our security options that had been options in the past and put them into our core function which we're kind of leaning on the name now of a tsp because it really includes both msp and mssp and a lot of the software work that we're doing as well so um going forward there are things that we are going to continue doing to reduce our risk as we are continuing to reduce risk for clients and those that come to us as a client um thankfully the company that i told you about they are doing well now they have their network completely segmented they have updated and upgraded to next generation firewalls as well as their antivirus so they're on the right track elements are changing frequently and security is not going away it's just going to increase so i appreciate connect wise doing this it nations secure and allowing us to be part of this thank you so much jay thanks emily if you're like most of the people on the call today you've probably been in a similar situation with a client or prospect who fell victim to a cyber attack even after you made the right recommendations you can't make this up because it's happening every day of the week i also found it interesting that emily went down the path of requiring every employee in the company including her administrative staff to attend the certified fundamentals course if she isn't the first partner to have done that and i believe it truly shows her commitment to a security first culture in her organization if you want to learn more about our iot nation certified courses plan to visit the exhibit hall and click by the connectwise security management booth to learn more i'm jay reimersy vp of cybersecurity initiatives here at connectwise asking you to stay safe stay healthy and stay secure and now back to the studio with corey and craig incredible what happened to emily's company could happen to you think about it okay i love that everyone took the certified course too that just says hey we all want to have this at the whole company we want everyone to have this security culture let's all get trained on it and understand it so we can speak that language that's awesome i love it um and when you're and listen talking to your clients more than once a quarter and once a year that's what's going to make it happen just like emily was saying there i know right let's let's prevent jay from doing a face pound again no i don't know look here's another stat for you 29 percent of msps have have a talk about cyber security when after the breach not good look we want you guys to learn how to have these conversations more that more often than once a year before a breach occurs but not just have the conversations but be successful in arming your clients with your recommended solutions and and actually getting them to buy into that so there's a couple of breakout sessions you might want to check out one we have how to package your msp security services gary peek is leading that one i mean gary pica could sell anything to anyone right we have business processes and tips for filling your security pipeline but not just filling it it's going to talk about how to close it so check out those breakout sessions learn how to have those conversations and not just have the conversations but close the deals as well all right look do you think we scared him you scared me look we don't mean to scare you but sometimes fear is what makes us change but we got to get ahead of this thing right we need to be proactive just like we do with managed services and you know you've seen it there are some scary stats out there that should get your attention and here's what we need you to know we talked about it nation this community you are not alone you are not alone we're here to learn from you we're here to give back and we're here to help that's right as a member of the it nation you have so many resources available for you and we just want you to take advantage of those and that's all we have for today so thank you so much for joining us we had i hope you learned something i hope you had a lot of fun craig and i will see you back here at 3 p.m eastern today we're going to set you up for success in the cyber games and we're going to recap the day talk about some fun stuff that we might have learned give away a prize or two but for now it's time go check out the solution partners all of our wonderful sponsors who make this event possible go check them out and we'll see you back here later thanks