News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | When Supply Chains Break: Okta

Let’s start by updating on that Okta story.  1Password has become the latest victim of Okta’s customer service breach, where a threat actor gained access to Okta’s customer support case management system and used it to penetrate some customers. On Sept. 29, the password-management company observed suspicious activity within the Okta instance that it uses for managing its employee-facing apps, according to a company statement. The activity was quickly terminated, and while it didn’t detail the extent of the infestation in employee apps, it did say that no user or employee data or other sensitive systems were compromised.

Do you think you’re alone in feeling overwhelmed by standards?  Many defense contractors are falling behind in meeting the upcoming cybersecurity standards set by the Cybersecurity Maturity Model Certification (CMMC). A study commissioned by CyberSheath reveals that defense contractors are not meeting the CMMC standards, and the average score submitted by contractors has barely improved. The implementation of CMMC 2.0 is approaching, which will include mandatory third-party or government certification for vendors handling sensitive information. The Defense Department is expected to enforce compliance once CMMC becomes a finalized rule.

The Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with industry stakeholders and government agencies to update the National Cyber Incident Response Plan (NCIRP). The updated plan aims to provide a transparent and collaborative framework for cyber incident response, taking into account the evolving threat landscape and the role of the private sector as the first responder. CISA plans to involve regulators, critical infrastructure organizations, and the public in the development of the updated plan, with the goal of approval and publication by the end of 2024.

Why do we care?

If you ever need a supply chain example, 1Password gives you one.   The interconnectedness of digital services means a security breach can have a domino effect, and MSPs need to prepare for such scenarios. Even if one vendor assures no data is compromised, any lapse could weaken the larger security chain. Vetting vendors for cybersecurity measures and having contingency plans for multi-level breaches should be standard practice.

The news about defense contractors struggling to meet CMMC standards illustrates the complexities of adhering to cybersecurity frameworks. With the implementation of CMMC 2.0 approaching, MSPs in the defense sector or serving clients who must adhere to these standards need to double down on compliance efforts. The introduction of third-party certifications elevates the issue from a check-box exercise to one with serious legal and financial ramifications.

And, remember another call for input.    Since MSPs often act as the first responders during cyber incidents, their feedback could shape policies that are more practical and implementable. Staying involved in these policy discussions not only aids in better preparation but may also offer early insights into forthcoming regulations.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories