Podcast – Tips for Ransomware Protection

By John Pojeta | August 12, 2021

In the inaugural episode of The PT Buzz,  The PT Service’s John Pojeta welcomes Mark Whiffen and Ken Bartlett from Barracuda MSP to share their expertise on Ransomware protection in the MSP arena. The episode takes a look back at the history of ransomware and quickly jumps into the implications for MSPs and their clients. From considering vulnerabilities to discussing how to prepare and look forward, the episode gives more than just an overview, by providing some implementable tips and insights on how MSPs can better prepare themselves and their clients.

Where to Listen/Subscribe
Apple Podcasts Google Podcasts Anchor Spotify Breaker Podcasts Overcast Amazon Podcasts Castbox Pocket Casts RadioPublic Audible Reason Podcasts RSS

Podcast Resources:

Any and all resources we mentioned in the podcast can be found here. Looking for something not here? Contact us, we’d love to help you out.

13 Email Threats to Be Aware Of

Barracuda MSP

Guest Bios:

Mark Whiffen is a Senior Product Manager at Barracuda MSP. In this role, he oversees the product direction, development, and delivery of Barracuda Managed Workplace RMM and Barracuda’s partner services. He has over 20 years of Security and Public Safety software and service experience at companies such as Avast Software, Verint Systems, Nexsan, and Titus.

Ken Bartlett is a Systems Engineer with Barracuda MSP. Ken has over ten years of experience in the Information Technology field supporting both hardware and software.

Host John Pojeta’s bio:  John researches new types of business and manages and initiates strategic, corporate-level relationships to expand exposure for The PT Services Group. John came to The PT Services Group in 2011. Before that, he owned and operated an Ameriprise Financial Services franchise for 16 years.

Podcast Transcript:

John Pojeta: Hi everyone, John Pojeta here with PT Services Group. Hope you’re doing well. And welcome back to another session of the PT Buzz. This month’s MSP conversation is really a fascinating one around ransomware. A couple of my guests from Barracuda Mark within and Ken Bartlett helped me explore the historical aspects of ransomware.What we’ve seen, sort of trending and evolving in the last three to five years. And then what to think about and look at going forward. So hope you enjoy the episode. In the meantime, don’t hesitate to go to the ptservicesgroup.com/buzz for some of our prior episodes as well. Thanks so much.

And we’ll see you again next month. With that Mark, if you could take a minute, tell us a little bit about your background and how you not just work in the industry side, but how you help and support the MSP. 

Mark Whiffen: Yeah, thanks, John Mark I’m senior product manager at Barracuda MSP. I primarily have the ownership of the RMM product and our managed services.

So I do spend a lot of time. I have a background in public safety and security products. I believe that, you know, that’s a strong position. To bring this to the MSP table. And I’m really excited today to have the opportunity to discuss all things MSP and all things, security and ransomware. So it’s an exciting time.

John Pojeta: Appreciate it. Good stuff. Thank you. Mark, how about on your side? 

Tap/Click to View Full Transcript

Ken Bartlett: Thanks, John. I came from a MSP background, so I worked at a startup MSP for about 10 years. And in about 2015, I joined the vendor side. I also specialize in the RMM product, which is remote monitoring and management for the audience and Mark, and I work tightly together.

Both on pre-sales and post-sales with regards to listening to our partners, the development of the product and how we can help those partners become successful. And absolutely we specialize in the MSP space. So thanks for chatting with us today.

John Pojeta: Good stuff. So just as a refresher, our conversation is going to center around not just companies and governments and ransomware and the impact, but also the MSPs themselves and how they protect themselves and their client base.

And yeah. Really in prepping for today and looking back, I realized this goes back as far as really 1989, when the first, I guess, ransomware piece came out and interestingly enough, it came back in the day of the floppy disc. If you remember those and Commodore computers and all those good things. And so it’s got quite a history, we’re all accustomed to hearing things in the news periodically, we tend to hear about larger events or large-scale.

The interesting part is when we start 2022, the ransomware side has a $6 trillion impact on the global economy. And so it’s really got everybody’s attention in various ways. And I guess as a place to start Mark Ken, whoever wants to jump in first, if you could give us a little bit of your thoughts on the, sort of the evolution of ransomware, where we are today and kind of bring us up to speed a little bit history.

Mark Whiffen: Sure.

Ken Bartlett: From, from my, you know, I, I think we really all started hearing about it around the time of 2017, so that want to cry breakout. That was the first certainly the first major well-documented breach, which exploited it was an SMB protocol vulnerability. And it had some worm, automated lateral movement built it.

And this is sometimes referred to as commodity ransomware. You know, I was surprised too, to go back as far as 1989 and see that, you know, that floppy style Sneakernet, leaving disks around approach to see that that’s where it really originated from. But. Exponentially growing since 2017. So we’re seeing obviously a huge focus on this.

It’s been lucrative for many criminal organizations and we’ve also seen in not just a more automated approach, but also a more sophisticated human operator, poach approach when it comes to. Customizing these organizational focus, threats leveraging other malicious tools in conjunction with that worm and that encryption component of the ransomware.

These types of attacks, you know, are planned, they’re choreographed. They take weeks and months to go through and execute. And it’s a very strategic approach. It’s a business on its own and the payout is proportionate. If we look at another more recent one, In the Sam, Sam breach, this was that human operated approach where it was targeting medical and government organizations.

And as an added layer, we were seeing data exfiltration as a concern, whether you’re paying the ransom or not, that data will be exposed. And depending on the type of business, you know, that has a whole other slew of effect. So. That evolution has absolutely skyrocketed. If you look at the number of incidents, the sophistication of these attacks and then types of businesses that are being hit large, medium and small

John Pojeta: Mark, do you have some thoughts that you’d like to add there when it comes to that large, medium, small side?

I know as we were having the conversation up front, there’s a little bit of dialogue around that transition from most whale hunting. If you want to think about it, that way to more, the smaller efficiencies.

Mark Whiffen: Yeah. I mean, I think if you were to roll the clock back and we had this conversation three, four or five years ago, we’ll be talking about how those large enterprise, those big businesses are the ones that have to deal with cyber security.

They have to deal with the threats and, you know, everybody’s targeting them from a ransomware perspective. It was all the large customers to large enterprise. They had the money, it was kind of like, you know, cat and mouse, antagonistic game, they had the money to put up the security front. They were the ones who had to invest in it.

They had to build the process and the best practices. And then, you know, the cyber threats, where were the terrorists were hunting them. And it was, it was kind of like on that level playing field of it was the big, the big players and the big industry were the ones who had to define it. Now, if you look at it, you know, and can call up the 2017 breach.

And since it’s really shifted that spotlight to this one, the smaller businesses are the target. The smaller business are the, you know, more focused on, on being able to try to keep their business alive. But yet now you have a cyber-attack are coming after them. MSPs are stuck in the middle of, they have to protect, allowing them to protect their business for, for all the SMBs to be able to continue to move forward.

So it’s, it’s really shifted from that one big. For that one big pay off on an enterprise level to a much smaller, more prolific SMB target base. And then the MSP is the, is that line of defense that sits in the middle. So strategically it’s a very big shift, you know, that, that the industry has to.

John Pojeta: Yeah.

And it’s clearly a difficult space for one of the things I looked at as I was prepping today is, is not just on the business side, but we’re seeing government entities having to deal with it. And we hear about the big ones on a, on a national basis that occur. But there are small towns, townships boroughs, cities that are also dealing with this.

And they genuinely don’t always have the resources, not only to protect themselves, but to deal with the reality of ransomware. And so it really puts them in an awkward spot. And one of the things that we deal with that cat and mouse side of things and trying to work through that process is, is looking at how companies then start to address the protection side, whether that is the government entity, the individual government, or the individual business side, but, but understanding the reality of the landscape.

And, and what to do. And, and I know both of you talked a little bit with me about prep, test implement, recover, those kinds of approaches to this. Ken, can you walk us through a little bit of what that looks like if you’re that small business or that small government and the MSP that’s supporting those entities?

Ken Bartlett: Sure. It’s a difficult conversation to have and, you know, I’ve had some MSPs comment that they feel like they’re, you know, insurance salesman, so to speak, they’re selling programs that are extremely unconventional for a service provider, like end user awareness training train excuse me, training you know, these types of things are not in the core focus.

If you go back five or 10 years ago it was not an everyday conversation that these MSPs were having. I would say that, you know, a lot of these small business owners, especially small you know, these, these business owners may not understand that their business is a target. They may be fixated on the headlines or the national news, as you mentioned, John, but I would say, you know, have some of the same conversations that you’d have if you were talking to backup and business continuity.

So. Let’s every backup solution or Dr. Solution has to be sized according with customer expectations and their tolerance for downtime. So go through that cost of that calculation analysis with regards to how much does it cost. If the business is shut down per hour, per day, per week, and let’s scale out a solution, that’s going to work that both fits your budget, but also your tolerance for downtime.

So these questions, you know, again, you might’ve already had these, if you’re an MSP, dealing with your customers and dealing with. Well, there’s your businesses, but these dollar figures are absolutely relevant here when it comes to proactive services that have never really crossed a business owner mind, a business owner’s mind that end user security awareness training that I mentioned AI driven fishing protection.

You know, these are things that really businesses must have. Everyone is a target these days. And so. Preparation testing, implementation recovery, you know, having these connected offline backups that are safe from encryption. You know, this, this is really a must in this day and age, and we’re seeing this across every organization, every vertical, you know, every specific, regardless of whether you’re servicing construction.

Or legal or medical, you know, this, everyone is at risk here. So there’s a there’s a process to work around it and prepare yourself and have these conversations. But it’s a difficult one. It involves lots of research, lots of understanding, and unfortunately, lots of different tools to help you be defensively prepared for something like that.

John Pojeta: And I, I assume that Ken, it’s safe to say that a lot of companies there’s a, there’s a big, I don’t know what they don’t know side of things. And they deal with a lot of individual employees, users like myself. So I fall into that bucket of like my car, I put gas in and it goes my computer. I turn it on. I expect it to function.

Do my, do my thing and make sure I can get ahead with what I need to do. And I’m probably to some degree my own company’s own worst enemy because I don’t think all those things through. And so internally we put a lot of, a lot of hedges in place. So if I try to download something I can’t, and it stops me and those kinds of things.

But when you think, I guess a little bit about some of the tough decisions that companies need to make when it comes to. A ransomware event actually occurring. How does that start to play out? If, if you’re on that company side and we have an MSP and what sort of starts to happen there and, and walk us through a little bit of what that experience looks like.

Mark Whiffen: Yeah, well it’s, I mean, it is tough decisions that have to be made. We did, we did a partner advisory console at the beginning of the year. And one of the, you know, we always have an ongoing conversation with them about security versus it, you know, the implementation of security and then just usability and being able to convenient business convenience and, and a lot of the different conversations around that balance.

So when we asked that question to our council, you know, we had a lot of different MSP representation on there and we said, well, you know, you look at it. Where it talks, look at the evolution, look at everything that’s happening. And where do you, you know, where do you stand on that? Because, you know, we always have that painful conversation where it’s well, security and convenience.

Don’t always go hand in hand. So where do you position that? How do you, how do you move forward? And, and it was the first time ever, I would say in, in all of the different, you know, advisory councils and different MSP conversations, et cetera, we had where it was very unilateral and was very specific and everybody.

Common response was the same and it was security. Now needs to outweigh convenience. You have to be able to undertake some inconvenience because security is far more common, more prolific, and it’s just more important so that, you know, that is the actual answer. Is that now for the first time ever.

Everybody’s starting to get on the same page. There’s a lot of compassion and a lot of understanding together to say, we need to be on the same page. Security is something we have to deal with. It has to come first, not as an afterthought, you can’t have a business and then see how you can be secure. You have to have a secure business, right?

It has to be, it has to be a defining factor. So what we find is that. MSPs are now willing to take that conversation. And part of it’s because the SMBs are having a conversation coming to them and saying, well, how are you securing my business? I don’t want to be on the news for, for that receiving end. So it really motivates the conversation.

And as a part of it, what you get is that kind of global community comes together. We look at best practices, standards, and how you can make. You know, make that a business strategy. So what I think comes out of it is that everybody’s starting to understand that upfront work, but now it comes into part of that process, which is recovery remediation.

How do you minimize the potential for harm, but maximize your ability to get back on your feet? If something devastating should happen, it has to be part of the strategy. And I think that. That’s the tough conversation that has re the reality is it has been asked and now it’s being dealt with, which is, I need to build a plan.

That’s not just, if I get attacked, the plan needs to be, and you don’t ever want to have to execute on it. But the plan needs to be when I get attacked, how can I recover, remediate and get back on my feet quick. So that tough conversation is all about driving the need for a recovery plan, having a data protection plan in place, making sure you have implementation processes, making sure it’s documented and making it.

All aligns with the best practices that luckily as more and more visibility comes on these things, the, the community unifies around the messaging, the best practice in the standards. So you start getting a lot of smaller MSP. Getting to take advantage and leverage of a lot of the large you know, like the government entities releasing their, their standards and best practices as you move forward.

So you’re starting to get that consolidation of the, of that strategic approach and recovery is starting to come into it strong. And I think that’s probably one of the toughest decisions is implementing that, that, that, that recovery strikes.

John Pojeta: One of the things, I guess that jumped out at me, Mark there that, that maybe we didn’t talk about previously is when we look at how we’re in a little bit more of a sprawl mode, still with people working from home, office hybrids, et cetera, what kind of impact does that have on how companies plan and how you support them and how MSP supports, and is it dramatically different?

Is it just an extension of what is already happening? How does that.

Ken Bartlett: I can go through it. The you know, I think there was a drastic shift initially when things really you know, that would’ve fallen, I guess, March 2020 timeline, right? All of a sudden, you’ve got businesses that are not set up for e-commerce they’re not set up for remote work.

Not everyone is accustomed to that flexibility that some of us who work in tech might’ve had, you know, having laptops, having home offices. There were quick measures put into place in order to keep you know, the gravy flowing businesses still have to operate individuals, need access to company data.

And so there were, there were many, it insists have been scrambling in order to keep the lights on, so to speak and, and meet those deliverables. And as a result of that, Careful calculated decisions and plans may not have been put into place. So we saw a huge spike in the number of phishing related emails, whether it was, you know, COVID docs, vaccine related, or test result related, you know, these types of hot topics that were getting the clicks.

And it was unfortunate, but that really fueled the fire where we, until where we are today with those exploits and distributed workforce and a much larger footprint with all these vectors, whether you’re talking traditional email-based factors or compromising devices, which are VPN into corporate networks, et cetera.

So there was a little bit of a scramble. I feel like the majority of companies have addressed some of those now. They’ve embraced it. They’ve put in those safeguards in different measures. Yeah, that hybrid environment does change things. Now we’re still seeing email as the primary vector for phishing attempts.

Phishing is a primary inbound method for ransomware. So many of these bulk low effort attempts from threat actors. Users with tactics like, and so forgive me if you don’t, you’re not familiar with some of this terminology, but domain spoofing account takeover, conversation hijacking. These are when these advanced controls are really, you know, that’s when they really pay off and, and come to work for you at your defensive We’re going to publish something along with this podcast here, Barracuda published an eBook on the 13 email threat types, and they’re very distinct threat types.

Whether you’re talking about traditional spam or you go into the more complex end of it, which is. Domain impersonation, blackmail conversation, hijacking event, account takeover. There was one incident where a contractor was working with a business to complete some renovations and construction at their head office.

And an account takeover, threat actor actually intercepted the payments between the business owner and the contracting company for the final payment. So they snuck in there and monitored his account for such a long time that they were actually. Intercept that construction company payment and or payroll we’ve heard of payroll details being redirected as well.

So there’s so many email threat tapes let alone when you factor in user behavior and these other components. So these tools and safeguards, you know, when you, when you look at. Personalizing the user behavior and helping spot in these. These can be very subtle details. You know, domain takeover, there could be an extra S you know, domain.

It could be something that all the organizations could slip, but that end user awareness training is something that all businesses should be leveraging as that human element absolutely remains critical. Another one I want to mention John is mobile devices bring your own devices, mobile devices in jail.

No, this is a security gap for some SMBs in the sense that not all of them would feel the need to manage mobile devices. And that might be the that’s a legitimate thought process there. But you know, we’re seeing a lot of questionable and suspicious attempts with regards to getting access to mobile devices, whether it be text messages coming through, or I messages from unknown individuals, you know, that’s something where.

Maybe the safeguards and the cautiousness gets dropped when you’re not working on your laptop. You’re more, you’re more you know, flying by the seat of your pants with the, with regards to a mobile device. And you might feel more confident clicking a link on a mobile device, not realizing it’s a, it’s a suspicious or malicious link as well.

So we’re being hit at all angles here and all businesses are,

John Pojeta: yeah. A lot of those mobile devices. I know for a lot of people that I know. And certainly for me, I view it as a, as a personal and a work device. It’s got both. So if I’m mentally in personal mode, I’m behaving one way. If I’m in business mode, I probably have some different tendencies and how I interact with that device which can certainly impact things too.

So

Mark Whiffen: if I can jump in there. Yep. Please do. So one of the things that we’ve seen is that as the shift in the pandemic, what we’re really seeing the takeaway is that you have this massive digital transformation that’s been accelerated by, you know, multiple years of growth has been accelerated into 18 months.

And as a result, you have that big shift and the shift has really been. Primarily driven by about three factors. There’s cybersecurity, there’s the digital transformation and cloud and SAS based products. So as we see that, and we know that I, I, I believe it’s around 80% of SMBs have reported that, you know, that shift to cloud is what helped them get through the, you know, the pandemic timeframe and there’s that absolute need where the SMB has had to find ways to rejuvenate their business.

And a lot of it is through that digital transformation. So as a result of that digital transformation, what we’re seeing. You know, oh, you have this, this increase in complexity, intensity and frequency of the attacks going against these SMB business units that are attempting to grow and survive. So that evolution, I think, is part of a very tricky you know, understand the vulnerability, understand the gaps and there’s this cyclical approach about having, being able to assess that digital transformation, make sure that you create a base.

Make sure you’re able to extend that you know, close the gaps and then reassess and reevaluate because digital transformation is very ongoing and very demanding. And it puts the MSP in a spot where they have to grow and they have to repeat and they have to bring, bring that mindset of, you know closing down those particularly, you just mentioned that hybrid work environment is the key and that’s the that’s the big shift for digital transformation is really taking what was traditionally, maybe a recreational device.

And now it’s a business driven. And being able to, you know, still interject security and, and make sure that you’re minimizing chances of vulnerabilities. And that’s where I think there’s a lot of creative solutions. You know, that I think are that become very ingrained into the part of the strategy that you need to be able to maintain that digital transformation.

John Pojeta: That’s good stuff. Thank you. You w one of the things I think, and I, and I, I, I think backwards a lot before I go forwards, but in our household, we talk a lot about the change element. And when I first started in the business, my first employer brought me a book and it was called managing, managing at the speed of change.

And this was in 1995, so it goes back quite a ways. And we’re still struggling to wrap our arms around the speed of change. And it happens in this space and the it space more than anywhere. And, and one of the things that I know all of us grapple with is that tendency of always feeling like we’re, we’re reaching out for something that we can never quite obtain.

And we feel more reactive rather than proactive. A lot of times. Can you speak a little bit to the change? And how companies are trying to be more proactive and how MSPs and Barracuda and all the organizations there are, are there to support it and help that change. Move hand in hand. If that makes.

Mark Whiffen: Yeah. Well, I think, I think when we talk about just earlier alluded to the, you know, the idea of the digital transformation, what really is important there is that the SMB has had to find a way to survive their business. They need to grow and Excel and thrive in that industry. So they’re focused on trying to, you know, evolve their business, particularly during the pandemic and the hard times, but you’re going to see that continuing to, you know, that digital transformation is not going backwards.

So as a result, they, you know, the SMB is working hard to thrive and grow their business. And the MSP is probably. I had a heavy security background. So you’re finding that balance is it’s really important that the MSP is taking over the domain of security. They’re having conversations with the SMB, but whether, what I think is coming out of it is that you have this focus on the products and the services that the MSP really needs to be able to bring to the table.

They need to be able to empower the SMB to go off and do their business and make sure that they’re able to grow and evolve as they need. So security. As an overarching principle has moved into the primary spotlight, where it needs to be a business driving factor. You need to be able to look at the growth and, and, and allowing an S and P two to Excel in their industry, what they do.

But the MSP has got to step in and do as much as they can to secure it. And there’s a lot of different strategies. That you can use to implement that. But I do think that it’s a lot about minimizing. You know, every strategy is about minimizing the threat, minimizing the risk and, and allowing the SMB to Excel and grow.

John Pojeta: So let’s, let’s take the conversation a little bit in a different direction. Let’s talk about MSPs themselves. So we talked a lot about companies and obviously, yeah. Fees and, and vendors are supportive of those companies. But when you look at the MSPs themselves, what are some of the things they need to think about that are maybe a little bit different because they are the gateway to these other companies in terms of how they protect the MSP itself.

Mark Whiffen: Great question. I think first and foremost, it’s really about MSPs are going to have to work with vendors. They have products and services that they are implementing and products and services that they were selling through to their, to their SMBs. So I think one of the first things they need to do is to make sure that they choose vendors that align with their business strategy.

It’s a brand recognition. The MSP puts their brand on the line when they offer their outsource services to their customers. So they want to choose vendors that have the same integrity in the same way. and treat their brand with the same respect as their own. Nobody wants their brand to be recognized. So it’s, I think it’s a very strong indication.

They need vendors that are going to align and be secure and bring best practices to them so that they can secure their brand and their business for both their internal products, their internal services, and for the services they extend out to their customers. So I think it really needs to pivot on choosing vendors that align with your business strategy and that compliment your services and offerings.

John Pojeta: Okay, good stuff. One of the things we didn’t touch on that I had in my notes here that I wanted to get some opinions and some takes on, and just as a general user, we see a lot more coming into play with social media and other avenues banking, but it is that second layer, two factor authentication. And some of the methods that companies are using to try and protect their users in sort of that channel fashion, to make sure that they are who they are.

Ken Bartlett: We there’s, there’s obviously a lot of general recommendations as far as security, best practices. Keeping up to date with your vendors as Mark suggested, you know, working with a trusted advisor is, is a critical component. Ensuring you have the education, the knowledge about them choose the product, whether it be hardening or just configuration best practices.

You know, you got to spend the time to work with that vendor to ensure you’re doing everything possible. And if they’re not on your side, then you know, maybe it’s not the best fit. So whether it be something like MFA on all products where possible, some of these other very common, generic sort of best practices or at least privileged permission to administration.

You know, there’s, there’s no need for excessive administrator accounts and tightening that along with setting, auditing and logging around those admin behaviors is something that a lot of organizations simply do not do. Ensuring the customers are protected with things like advanced email security training and awareness, especially those individuals who are in control or have access to two financials are at elevated privileges.

These all help combat spear phishing, or targeted phishing attacks or social engineering, right? It doesn’t, it doesn’t take too long to figure out what someone’s title is nowadays. With LinkedIn and these other websites that focus on professional networks. So these sophisticated attacks are the ones that are very elaborate and can outsmart an end user.

So to speak through deception users should always question unusual, suspicious, or rushed, immediate requests for managers or executives and confirm via another means prior to action. And that, that end user security end users, humans are a huge variable when it comes to protect them. He’s Asian.

So that multi-layered approach of course, is important that we’ve, we’ve all heard of that terminology, but reiterating that to the end users. So they avoid being the weakest link. Of course, your standard sort of best practice around automating patching for third party in a west level devices, you know, keeping firmware up to date on gateway devices or network devices and auditing those patches as well, holding someone on the team accountable.

And then we have the whole shift. Really the next gen security product. So moving away from a traditional VPN and moving into something like zero trust network, access technology, that’s a component that cha it trusts by exception. So there’s an evaluation. It doesn’t always trust. We’re, we’re looking at an of constant evaluation and assessment on whether an individual user.

We’re an individual device is trusted and something as simple as disabling local anti-virus may impact the devices and the resources that these individuals have access to. So that’s, that’s a whole different shift and premise on some of those. men thinking. And, and that’s sort of the new standard.

We need to be a little bit more we need to scrutinize access a little bit more, even if it comes out the, at the harm of productivity, there’s a delicate balance here. And we have to meet that in the middle in order to protect the data and our customers, the people involved here.

Mark Whiffen: Yeah. And part of that is, is really driving home.

The conversation of layered security. I mean, I don’t think we can overemphasize that enough. Like everything you just mentioned, Ken was, you know, it’s all about the layers. It’s, it’s the more you can stock the layers to better, the better defense you put up. And I think, you know, to kind of jump onto one of the ones you mentioned there with the idea of, you know, more than a traditional VPN, the zero-trust network is one that I think is really taking, taking a lot of visibility right now because that.

John, when you mentioned earlier about that, you know, your, your one device now also serves as personal versus and business. And for us, that’s really a strong factor because we, we see the layers. So that device may be multi-purpose on your end, but it also serves that business function. And then as a responsible.

That layered security part of that is understanding that device may be exposed to more because it’s also a personal device. So your layered security. So it’s not just, I need a VPN to get in. It’s also a lot more layering in terms of maybe because of the type of device and the type of user, and that I am in a hybrid work model that now my layer of security needs to be in there.

Maybe I need just access to something. So it ties in, there’s a lot of complexity around zero trust network, but it’s really starting to show as the hybrid models, the digital. You mentioned that, you know that, that gray area between a personal device and work device, as that gets more and more complex, zero trust networks solutions are really able to help you scale that and be able to define rules and regulations by which you are going to allow access.

So when you combine that level with things like having another one, that’s I think strong and, and is a strong factor in layering, your solution is an XDR solution. So having that, that level of complexity. Whether you’re able to go to manage SOC with it. There’s a lot of different complexities, but it’s about that layer because it’s, it’s, it’s each of those.

And Ken made a reference to the 13 email threat types. Each one comes in and you have different defense strategies, particularly about all these different infiltrations. So I think it’s, if you cannot underestimate enough how a layered strategy is really what it’s going to take to, to kind of stack your defense into your favor.

John Pojeta: That was great stuff. So I guess the, the last part where I’d like to kind of wrap things to some degree in both, both of you mentioned zero trust and sort of that, I guess that next transition or what’s coming, and I’d like to spend a little bit of time there and I’m okay if you want to take us back and talk about a core reality that really needs to make sure is happening inside of businesses.

We talk about. Sort of that ongoing what’s next behavior what’s coming. What’s something we need to make sure that we’re doing. So if each of you could take a moment and say, Hey, if you’re a, an MSP supporting companies, here’s the one, here’s the two, three, whatever, however deep you want to go, but thoughts that you would really have on saying what’s next.

And what are the things you really want to spend time on and think about here? Even if it’s something you’ve already mentioned, you want to expand on a little bit or reinforce that’s okay. Sure

Ken Bartlett: I can start there, John. You know, I I’d say spend the time to understand the threats, you know, do your research and adopter pro proactive staffing processes that can serve as an additional layer.

So you know, MSPs have had to evolve their service offerings. A lot in the last five, 10 years. And this includes you know, different layers, best practices, but also education to their customers. And your customer it’s for the listeners about a direct business risk. You know, we believe that MSP must make this security shift sooner than later in order to protect their customers and the future of their business.

So again, regardless of your vertical, regardless of your industry, specification or specialization being an MSP has never. Easy job. And it’s button a lot more complicated with the requirement of being this trusted advisor. So I would say, you know, certainly don’t be, don’t make any assumptions, understand, do your research, and then come up with a service offering that includes these types of behaviors.

And so your get comfortable around these conversations with your customers, the old saying plan for the worst and hope for the best, you know, kind of comes to mind here. You can do a lot more than just hope, you know, with the addition to some of these security tools. These features mentored above whether it’s zero trust or at least privilege or keeping on top of audits and network behavior, you know, using this Ms.

Using the, the MSPs using this multilayer protection strategy will benefit from a radically reduced susceptibility to email attacks, which ultimately better helps defend your business, your data and your peak. So I’d leave with that. John, that’s a kind of an all-encompassing view for my

John Pojeta: that’s great stuff, Ken, thank you.

What about on your side?

Mark Whiffen: Well, I think I go back to layered strategy. You know, layered security strategy I think is, is absolutely paramount. I mean, if we stop and look at the various attacks, surfaces that an MSP has to deal with email web apps, remote access, web browser network, perimeter, user error.

That’s a deal. That’s a suite of area that you have to bring a lot of knowledge in, and that’s tough. It’s tough to be able to do best practices for all of that. So it’s tough to build a layered security solution. So you need to make sure that you have a portfolio that’s addressing those key issues and, and what builds on top of that.

In that strategy. I think there’s a constant need. And we’ve been talking about this a lot, trying to make sure that it’s a clear message, but it’s a constant need to be able to assess those areas, see where your vulnerabilities are, see where your risks may lie, and then being able to identify that remediate those close those gaps, but it’s gotta be cyclical.

And I think. There’s a trend towards, of just try to combat at once and, and hope that you can sit on that for a while. And I think that’s a, that’s a, that’s a, you can bring in a great layered strategy or layered security strategy, but you still have a vulnerability if you’re not continually reassessing, you’re not addressing the gaps, recreating your baseline reassess because the threat actors are evolving rapidly.

You know, the idea of ransomware as a service is this scary, intimidating process. So being able to have, you know, choose your vendors. Choose a portfolio that attacks, you know or, or actually prevents and blocks against as many attack surfaces as you can. I think it’s a very key, strategic view that you need to take, which is that continual ser, you know, circle of assessments, reassess remediate, and then continue to build on top of that, knowing that there’s a very prolific.

Attack circus surface vector that you have to combat against. So you really need to have a portfolio that addresses that.

John Pojeta: And w one of the things that both of you have spent some time and touched on is just that human factor. And so Ken, you positioned it around the reality of the user and how they engage and what are they prepared for?

What aren’t they prepared for? You take an individual like myself who understand how to use the, the, the devices and how to get them to do what I need them to do for my role. But I might not always understand all the aspects behind the scenes that I need to be cautious of, and that that’s hard to, to build a process for, to protect against, but, but clearly vital. And Mark, you mentioned it in a different way where there’s, that there’s that innate nature in humans where we reach a goal or reach a spot and we kind of want to let out a sigh of relief of, Hey, we made it or we hit it. And well, we, we, we quickly need to realize is we need to start preparing again immediately for that.

Stop on the train in essence, because it’s not going to stop. And that’s why you keep referencing it. This, this circle, it just keeps coming around and around and around. And you got to keep prepping and prepping and prepping. So, gentlemen, I can’t thank you enough for the time. Either one of you want to spend a little bit more time on Barracuda and tell our audience a little bit more about the services that you provide on that.

Ken Bartlett: Let me just encourage you to check out our portfolio. Obviously, Barracuda is a security focused company. So whether you’re looking at email security, backup, remote monitoring, and management Mark mentioned XDR, so we’ve got a whole slew of security focused products and a lot of experience in this space.

So I’d encourage you to check us out and see if there’s a good fit there. And of course, thank you for joining and listening in today. Thanks John. Thanks everyone.

John Pojeta: Thanks so much, Ken, anything you want to leave us with

Mark Whiffen: Mark? Yeah, I think you know, it’s important to have an MSP focus. And so we spent a lot of time looking at the MSP, looking at their portfolios, look at what they need to bring, but looking at the industry where the attack surfaces, where the threats are and trying to balance it by bringing in a portfolio.

And I think the best example of that aggressive wanting to help MSPs build the best security strategy is, is just our recent acquisition with Scott. I mean scout brings in, they have a full XDR solution, really great solution, but it also is backed with the 24 7 managed SOC team. So understanding that there are certain, you know, kind of like you said, taking your foot off the gas and being able to relax.

Part of it also is being able to get the right portfolio and the right vendors that allow you to have solutions like it 24 by seven managed SOC, because that allows you to be able to take the breath while somebody else is working. So your solutions in your technology continue at the same pace.

Even though you’re the one taking your foot off the gas, but you’ve chosen vendors that are actually continuing to accelerate and bring you more defense. So I think as a vendor, you know, Barracuda is a very strongly aligned and aggressive about trying to build the best portfolio. That’s continuing to evolve and, and to bring that best layer of security strategy that we talked about earlier.

So for me, it’s, you know, a vendor selection is such a key thing. We design ourselves to be a security company, and we want to really pass that on and give the MSPs the best fighting chance in a very volatile Market. So that’s kind of my fault. Thanks again for the opportunity to speak on this. John is very exciting.

I know it’s very topical with a lot of the events that have happened recently. And so we just being able to implement and talk to people and let them know that there’s vendors that understand you know, understand the plight that’s happening and being able to move it forward and secure and, and work on a portfolio.

Just, just knowing that, you know, there’s people that actually have the same vested interest in trying to come through this in the best strongest security.

John Pojeta: Yeah. I think what you’re stressing there with vendor selection is, is vital in the sense that vendors become a joint guardian of the brand for the MSP in the field.

And I don’t know that everybody’s always aware of that in, in selecting the process because that brand is everything for the MSP in the field and making sure. Protected, but also promoted in the right ways. And that’s an interesting balance and, and vendor selection is a vital part of that process. So thanks so much for tuning into this month’s episode of the PT Buzz brought to you by the PT Services Group.

Don’t forget if you’d like to learn more about this episode, ask questions, make a comment or suggestions for future episodes. Please visit the ptservicesgroup.com/buzz, and be sure to connect with us on Twitter and LinkedIn at the PT Services Group. Looking forward to connecting with you again next month on the PT Buzz.

Podcast Feed:

NEW Episode Keys to MSP Security

Podcast – Keys to MSP Security

Join the PT Services and Barracuda MSP for a conversation about changes in the managed services space. We touch on the key shifts and developments that have impacted the service…

Learn More

B2B Podcast Healthcare Collaboratives with Bill K

Podcast – A Conversation About Healthcare Collaboratives with Bill Kite

Join us for a great conversation in the health care and benefits arena featuring Bill Kite, president of D & S Agency and recent board president of United Benefits Advisors….

Learn More

Tags | , , , ,

About the Author/Host

John Pojeta

John Pojeta - Vice President of Business Development

John researches new types of business and manages and initiates strategic, corporate-level relationships to expand exposure for The PT Services Group. John came to The PT Services Group in 2011. Before that, he owned and operated an Ameriprise Financial Services franchise for 16 years.

Join Our Conversation

Comments (1)

Trackback URL | Comments RSS Feed

  • Vanessa Capozzi says:

    Great information on ransomware. Thanks.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *