I’ll admit, sometimes we come across a little harsh when talking about cybersecurity. We try not to be too relentless when evaluating the security posture of fellow IT professionals and MSPs.
Not because we’re cutting anyone slack (your clients won’t, after all) but because we’re all too aware that a company’s level of cyberdefense often comes down to one factor that the IT provider can’t control: money.
Take for instance the recent case of Tyler Technologies, a Texas-based technology and software services provider that is currently fighting against a highly disruptive network intrusion. As of this writing, Tyler Technologies has not disclosed the exact cause of the disruption, but KrebsOn Security reports that their response is indicative of a ransomware attack.
Various sources tell us that the issue was first noticed when the normal content on tylertech.com was unreachable on the morning of September 23rd. Tyler Tech later told KrebsOnSecurity that they became aware shortly thereafter that an intruder had gained access to their IT and phone systems.
“We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement,” said Tyler’s Chief Information Officer Matt Bieri.
This has already had an impact on the ability of some government entities to process payments for services or provide various resources online, according to affected IT professionals who reported the ripple effect of issues stemming from the incident. How many of Tyler’s clients have actually been affected is currently unknown.
Like most IT providers in 2020, Tyler Tech has been using the threat of ransomware as a selling point. They’ve published the usual cybersecurity checklists and ransomware awareness marketing materials that pretty much everyone else is pushing out. Folks aren’t wasting any time pointing out that irony, so we get another punch to the gut of the IT industry that makes everyone look like cybersecurity hypocrites.
They’ve published the usual cybersecurity checklists and ransomware awareness marketing materials that pretty much everyone else is pushing out. Folks aren’t wasting any time pointing out that irony, so we get another punch to the gut of the IT industry that makes everyone look like cybersecurity hypocrites.
This all goes back to the MSP Overwatch™ ideal: It’s much better to be a secure IT provider than to just look like one. And this case is a clear example of how all of that “trust building” comes tumbling down unless it really stands for something.
Now, back to what we were saying about being too harsh. Certainly we’ve all been in situations where we know a clients’ cybersecurity posture is too lax, but they refuse to do anything about it. Or perhaps you work in an in-house IT department and none of the bean counters will listen when you tell them they need to improve their cyber defense.
These are unfortunate and common scenarios, but they are scenarios where MSP Overwatch™ can make your life easier.
One reason why IT professionals and MSPs often run into a wall when trying to secure more budget for cybersecurity is a lack of information. If you’re not armed with the right data to show specifics about risk and needs, it can be difficult to gain traction with decision-makers.
It’s not just enough to say “your cybersecurity needs to be better — here are some suggestions.” And you might as well leave behind the generalized statistics (60% of small businesses get hacked every year, etc). No one takes them seriously.
MSP Overwatch™ gives you the ammunition you need to bring comprehensive cybersecurity requirements to your clients or executives, as determined and evaluated by outside experts. This is perfect for people who want to see established structure and quantifiable value before opening their wallets.
Unfortunately, the IT pro who is ignored on Monday is the same one who gets blamed on Tuesday when things go bad. MSP Overwatch™ could be the exact tool you need to make a real case for better cybersecurity… before you end up catching the blame.