Craig explains why Hackers have found a new target that they love and why it might put you in jeopardy.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] Welcome everybody. Hey, if you think that your IT being outsourced is going to somehow protect you from the bad guys. Unless they are a security service provider, I’ve got some news for you.
Hello everybody. Craig Peterson here. A welcome and glad you joined us here on news radio 98.5 And AM 560. I also want to remind everybody that you can find me online. You can listen to this as you are a hold of radio range, even just go ahead and. Ask your favorite platform, whether it’s Google or Alexa to play, WGAN we’ll give you some more or details a little bit later on in the show today, but let’s start with our top story of the day today.
That has to do with managed IT providers. Now, a lot of businesses are trying to do the whole information technology thing themselves. You’ve probably heard different ads. In fact, there’s one group that advertises frequently here on WGAN, and this is kind of a big deal when you get right down to it. Are you better off taking care of your IT yourself? Or are you better off having someone else do it?
Then when you really dig into it, the bigger question I think is, does it make sense to just use a regular IT company to outsource everything? Or should you again have specialties? No, it’s like you’ve got a department inside your business that might do the finance stuff. You’ve got another department that obviously handles IT. You got sales, you got marketing. They’re all fine-tuned. It is very difficult to find a third party that’s fine-tuned, if you will, to cover everything that you might need from an IT side.
Well, we have been finding out some very interesting numbers lately. There’s a great article I have up on my website from DarkReading. That’s talking about this.
Basically, most of these MSPs or managed IT providers managed services providers. Have become a major gateway for the bad guys to break into small and medium businesses. I mean major gateway.
We’ve seen this ourselves just as recently as last week. We’ve been working with some managed service providers now to provide them with managed service security services because it’s impossible for them to do the best job.
I just saw a mailing I got today from a company called SonicWall. They make firewalls, which are just fine for businesses that aren’t heavily regulated, but they do not meet the requirements for more heavily regulated businesses. SonicWall’s out there sending out these mailings saying, We’ve got it all. All you need is us.
That also reminds me of a mailing I got from Microsoft and I saved it. I just could not believe this. This must have been 20 years ago now maybe a little longer, actually, when I think of it, we’re saying, Hey, listen, security is a real problem, but if you have Windows XP and Microsoft office, rest assured that your security is virtually guaranteed. I shook my head at that, decades ago in this sort of stuff still happening today. So many companies are out there lying and misrepresenting.
Now. I get it, you guys, this is not your forte. It’s not the forte, cybersecurity of most managed services providers. Frankly, I think the vast majority of these companies that are trying to help you out with the IT, just don’t realize what they should be doing and what’s required of you, right?
You go to them because they are the experts. They tell you what you need, right. Isn’t that the reason to write the checks. I’ve found the same thing being true inside a lot of companies where you have your own IT people and those IT people are trying to keep things straight.
And man, I’ve been working on this cybersecurity quiz thing. What are the main activators behind cybersecurity and where are you at? It’s a self-evaluation thing that you can do as a business. Right now I’ve got the technical ones all done, and I’m working on one for the business owner C-level to understand where they’re at and where they might need to go with it.
For years, cybersecurity has really been the area that big businesses, enterprises, what we used to call them here. And the enterprise was like a big business, a publicly-traded company. Nowadays we’re adopting more of the European definition of enterprise, which is any business out there, but cybersecurity is been really the area that large businesses don’t have to worry about.
What the bad guys have found that small and midsize businesses have also been the target of attacks, but historically those attacks have been the broad-based phishing attacks, or they’re trying to run a worm around the internet. It’s just a target of opportunity. From small business and medium business standpoint, the number of times they might be hacked or the damages caused were probably reasonable, you could get insurance for it.
But that has all changed now. The insurance companies and we’ve talked about a couple of these on the show before, are not paying out the policies. If you have a cyber insurance rider, for instance, as a regular end user, just a home user, many home policies now come with a cyber insurance rider. So if your identity is stolen, they will help you to recover the damage that was done, right. You can never really recover identity. You’re not going to get it. Back. It’s not gonna all of a sudden become safe, but they all help you with the damage. So anything that was bought in your name it’ll, they’ll back it out, any bad credit report backs them out. The same thing was available for the small, medium, and, even the large business markets where you pay a rider, and then if you do get attacked then okay, the insurance will pay for it.
When you look at the numbers, I think you might come to a different realization. Where right now about a year, a quarter of all businesses are hacked per year. There is some security event that occurs in about a quarter of all, all businesses. That’s a lot. What was the fee for your premium as a small business? Was that fee just an add on, an extra 25 bucks a year, a quarter a month, whatever is, I, I know biggie. Well, what’s happened is the insurance companies have realized that they can put requirements on you. That’s one of the things we do. We have special scanning software that allows us to scan a network and look for standard insurance requirements. You know, the stuff the insurance companies usually want. No, we’re not the only ones, I’m not the lone ranger out here.
There are other companies that have these tools. There are some free checklists you can find online. I would encourage you to use them. Nowadays, if your information is stolen, if you are hacked, they’re going to go through that list and say, did you comply with this? Did you comply with that? Did you comply with the other thing? If not, they’re going to fight you.
That’s true for the mega-breaches like Equifax has been fighting their insurance company in the courts. We’ve seen everything all the way down to little companies that are fighting it in the courts. Then on top of it, not only is a cyber insurance stuff, a threat, and a problem. It goes to the next level. And the next level, when it comes to all of this is. Is your business going to survive?
You got hacked and you have to fight with the insurance company. If the regulators find out, if your business is regulated, which nowadays is pretty much every business out there, what is it 300 million? Oh, it, you won’t get into that right now. All of the people here in the US plus the businesses and all of the hundreds of thousands of regulations anyways.
What’s going to happen when the regulators find out you were hacked? That’s when the real problems come up. The regulators are going to come in and there is a checklist, whether it’s a NIST checklist, the CMMC, the HIPAA/HITECH, whatever it is, you are going to be held responsible.
So. What are the bad guys found? It’s kind of like going back to the Willie Sutton misquote, right? Which is why did he Rob banks all that’s where the money was. Turns out that isn’t a legitimate quote, but you know, that’s okay. He, he robbed the banks or bank robbers, Rob banks, because they keep cash there. They keep gold. They keep silver, back in the day. So they’d go in and Rob them.
Well, where are all of the keys to the kingdom when it comes to your computers? Well, they live in the IT department. Don’t they, IT can get on, can give you access to stuff. They can take away access from staff, right? That’s what it does. And they can be pissed off and leave your employ. If they leave your employment, what happens? Do you have automated systems that remove access for the IT people?
Cybercriminals have now figured out that these low-end small businesses that are out there calling themselves managed services providers, managed IT providers are a great way. If they break into one of those, we’ve seen major security holes for the tools almost all of these companies are using. If they break into one, those, they now have the keys to the kingdom for 50-100 companies out there. So be very, very, very careful.
Cybercriminals understand the average managed services provider cannot keep your data safe internally inside their own networks or in yours. So just like that Pandora’s box is open.
Hey, you’re listening to Craig Peterson. If you’re going to hop in the car, the truck, and drive, hopefully, you’ve got Siri with you, maybe Google, maybe Alexa can listen to us there.
Just say, Hey, Alexa, play WGAN stick around. Cause we’ll be right back.
You’re listening to Craig Peterson.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: