That was a hot topic during a Business Success Symposium presentation at last week’s Channel Partners Conference and Expo. Kevin Lancaster, CEO and co-founder of ID Agent, which provides dark web monitoring and ID theft protection, led the presentation.
The unfortunate reality is that the vast majority of SMBs globally fall below the “cyber poverty line.” he said.
“They can’t comprehend the scale and complexity of today’s cyberthreats and what you have to do to protect them,” he said. “The customers that channel partners represent have no idea how easy it is for us or anybody to exploit them.”
Some of the biggest problems include: availability of easy kits to build viruses, the uncontrollable volume of breaches, and the consolidation of personal and professional lives, especially on mobile devices, Lancaster said. In addition, password hygiene “stinks,” he said.
“Nearly 80 percent of people still use the same or a derivation of the same password on everything,” he said. “If people say they don’t do it, they’re lying; practically everybody does it.”
This information is out there and it’s something that needs to be monitored going forward, Lancaster said. In the meantime, customers are undereducated, see no return on investment in cybersecurity, value convenience over security and think, “We’re too small; it won’t happen to me,” he said.
As a result, they’re not buying what MSPs are selling, such as security information and event management (SEIM), firewalls, 2FA/multifactor authentication, monitoring, training and password management, he said.
After the session, Lancaster told us the MSP has to have these conversations with their customer now.
“Because of the volume of third-party data breaches, the volume of email addresses and passwords that are out there, the fact that all their customers and employees are using those email addresses and passwords, and the same variation of that password across everything that they log into, is making it harder for the MSP to secure their customer,” he said. “So they need to have that confidence to be able to take this data into their customer and say, ‘Look, this is why you need to be doing these things I’m telling you you need to be doing. You need to be investing in security. Otherwise, I hate to say this cliché, but it’s not if, it’s when. It’s when your organization is going to be compromised — and there’s a high probability that it’s going to be compromised through some type of compromised credential.”
MSPs can’t be shy about this anymore, Lancaster said.
“They need to sit down and say, ‘Look, we need to show this data to you; you need to see what’s already out there,” he said. “This has nothing to do with my ability to protect your network because I’m doing a great job of that. This has everything to do with the fact that your employees are …