News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | MSPs response to supply chain attacks

It seems MSPs are moving on security.    According to a recent Kaspersky survey, 28% of managed service providers (MSPs) reported that a massive supply chain attack on an MSP software provider, revealed in December 2020, had affected their organization in some way. The breach also had a wider impact on the majority of MSPs: overall, 72% of providers took action in response to the attack, even though they were not affected.   That is in survey data released by Zawya.

A letter from the deputy national security advisor and National Cyber director was issued from the White House urging the private sector to boost cyber defenses for the holidays.   “Historically, we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions,” they wrote.

A recent breach disclosure of an Oregon healthcare organization appears to have accidentally revealed that the FBI believes the HelloKitty ransomware group operates out of Ukraine.    This is new information not previously released. 

And in Log4J news, CISA said they had not confirmed reports by multiple security companies of ransomware installations or attempts by other governments to steal secrets.  “We are not seeing widespread, highly sophisticated intrusion campaigns,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a call with reporters.   On the same day, Microsoft’s Threat Intelligence Team indicated that hackers associated with the governments of China, Iran, North Korea, and Turkey have been trying to find ways to leverage the Apache Log4j vulnerability.  The first public case of the vulnerability being used to download and install ransomware has been discovered by researchers.    BitDefender reported they found it directly.  

Finally, some details of cyber security that made it into the approved National Defense Authorization Act.     It greenlights CISA’s CyberSentry program, focuses on critical infrastructure, and also requires DoD to submit a report on how its Cybersecurity Maturity Model Certification (CMMC) program impacts small businesses.

Why do we care?
I’m reserving judgment on CMMC.  I’ve heard strong voices saying it’s critically important for smaller providers, and others I trust saying it isn’t … and that version 2.0 is too neutered to matter.       Hearing from the DoD itself on what THEY think the impact will seem savvy to me.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories