loader from loading.io

Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Release Date: 07/16/2021

App Tracking Traps a Catholic Priest. How It Can Affect You, Too show art App Tracking Traps a Catholic Priest. How It Can Affect You, Too

Craig Peterson - America's Leading CyberSecurity Coach

App Tracking Traps a Catholic Priest. How It Can Affect You, Too Craig Peterson: I've got two hot topics for you this morning. One about this Catholic priest that ended up resigning and how that happened to tie into this Grindr account. And how it affects you because this type of technology used to convict him in the court of public opinion is something that. It could also easily be used against you. [00:00:25] And, by the way, it probably is. Now the next thing is this chip shortage. I've got a quote here from the Intel CEO. When is the chip shortage going to go away? When can we get...

info_outline
Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report show art Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report

Craig Peterson - America's Leading CyberSecurity Coach

Intel Tells Us How Long the Shortage Will Last [automated transcript] We're looking at a big chip shortage. You probably heard a little bit about it, but how long is it going to last? And we've got this explosive report out right now about spyware and some of the cyber hacking and what's happening with Android versus iOS. What should you be using, 50% of Americans are using Android, and the rest is split up mostly with Apple. iOS. So what's going on there? This is a research group that says, my goodness. The media outlets just aren't reporting the truth. So here we go with Mr. Chris Ryan....

info_outline
Google's Being Sued by the States -- And it doesn't look good for them show art Google's Being Sued by the States -- And it doesn't look good for them

Craig Peterson - America's Leading CyberSecurity Coach

Google's Being Sued by the States -- And it doesn't look good for them Craig Peterson: We talked earlier about Amazon and how much trouble they're in right now, Google apparently is in a similar boat. We had just this week, dozens of state attorneys, general suing Google on antitrust grounds. [00:00:16] You can reach me online. Just me. M E Craig peterson.com or what most people do is they just hit reply to my newsletter. [00:00:25] Hopefully you're on my newsletter, right? That goes out every week. If you're on that newsletter you can just hit reply and ask me questions. Any questions you...

info_outline
Recommendations to Turn Off Your Printers - eCar Fire Warning show art Recommendations to Turn Off Your Printers - eCar Fire Warning

Craig Peterson - America's Leading CyberSecurity Coach

Recommendations to Turn Off Your Printers - eCar Fire Warning Craig Peterson: Hey, we got another emergency patch out from our friends at Microsoft. And in this case, it has to do with printers and remote printer access. Do you have employees working from home? Microsoft has their big monthly patches that they release. They also have weekly patches that they released that are for slightly more critical vulnerabilities. And then they have. Patches that are released because there is a severe problem going on right now while that's what we are staring down. There is a vulnerability called print...

info_outline
COVID's Biggest Victim? The Traditional Workplace show art COVID's Biggest Victim? The Traditional Workplace

Craig Peterson - America's Leading CyberSecurity Coach

COVID's Biggest Victim? The Traditional Workplace Craig Peterson: Work from home is a huge deal, especially for a couple of segments of our society. And I want to talk a little bit about that now, as employees are returning to work, should they be returning to the office? There is a great article here this last week in Forbes magazine by Dana Brownley. And it was one of their editors' picks, and Forbes picked it, I think, for excellent reason. And that is so many of us have been working from home. And for many of us, it's been a godsend. I've worked from home now for over 20 years. And for me,...

info_outline
The FBI Weaponized Google Pixel Phones! show art The FBI Weaponized Google Pixel Phones!

Craig Peterson - America's Leading CyberSecurity Coach

The FBI Weaponized Google Pixel 4a Phones! If you look into buying a used Google Pixel 2a, I've got some news for you. The FBI has been very busy, and they've conned the con man. I love this story.  The FBI has been trying to track bad guys for a very long time, and there've been several ways they've done it. We know obviously about phone taps. We've seen those before the old days. I don't know if you've ever been to one of the original. Telephone switching stations were all not even original, but the types they had in the late sixties and early seventies. I remember going to see one, and...

info_outline
How Could Facebook Do a Better Job at Controlling Disinformation? show art How Could Facebook Do a Better Job at Controlling Disinformation?

Craig Peterson - America's Leading CyberSecurity Coach

How Could Facebook Do a Better Job at Controlling Disinformation? Hello, everybody. Great discussion this morning about Facebook and what is going on with their monitoring and controlling some of the topics. Should they have something in place that really stops false information? How could they do that? And what's their real motivation behind all of this. With Mr. Christopher Ryan, we also got into how the general services administration has completely messed up. Again, it's authorization, this FedRAMP authorization. Why are our federal agencies using some tools like zoom that have been proven...

info_outline
Amazon Is In For a Rough Ride show art Amazon Is In For a Rough Ride

Craig Peterson - America's Leading CyberSecurity Coach

Amazon Is In For a Rough Ride Did you know that Amazon has a new CEO? I remember back in the nineties; I pledge that I would never use Amazon again because they filed and were awarded a patent on technology everybody was using.  Jeff Bezos is out of a job. [00:00:19] This is a guy that grew a company that all they did initially really was book sales, and they had a warehouse the size of the Amazon, right? Because they wanted to represent everybody. They had every book ever published, and to a large degree. They did. They had a whole lot of bucks, and then I've expanded, of course, beyond...

info_outline
Kaseya and the Problem with Managed Service Providers show art Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Kaseya and the Problem with Managed Service Providers We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack? It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge....

info_outline
Predictions About Olympic Cyberattacks show art Predictions About Olympic Cyberattacks

Craig Peterson - America's Leading CyberSecurity Coach

Predictions About Olympic Cyberattacks We're all excited about the upcoming Olympic games. And so are the hackers. Oh my goodness. I just finished reading a report by the cyber threat Alliance about what they're expecting to happen at these Olympic Games in Tokyo.  The Olympics have always been a huge target when it comes to the bad guys. [00:00:23] You might remember there have been abductions at the Olympics before where some of the Olympic competitors were held at gunpoint. Of course, we're not going to forget that one anytime soon. And looking back through the last few Olympics, there...

info_outline
 
More Episodes

Kaseya and the Problem with Managed Service Providers

We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack?

It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge. But let's talk about why this happened, because I think there are many things that you and I have overlooked here over the years, this ransomware God guy, gang called REvil, R E V I L has targeted cause say, or customers through.

[00:01:04] Say, but it isn't just kissy customers. It's really cause say, is customers for the most part. Now your head might be spinning a little bit, but here's, what's happening. I'm a business owner. You guys know that right now. Let's say that I don't do cybersecurity for businesses. That's what I do.

[00:01:24] But let's say I make widget. I as a widget maker, do not have enough knowledge about computers to, to really do it myself. So let's say I've grown and I've got 20 employees. The odds are very good that my office manager is the one in charge of the computer. The office manager probably orders.

[00:01:49] Computers probably tries to figure out what's going wrong. By the time of it at 50 computers or 50 employees, I've probably got a full-time it person who goes around and tries to take care of things. But before I've got that, full-time it person I'm probably going to outsource it. And by the way, a lot of companies, it's more like a hundred to 200 employees before they get someone who's really dedicated to it.

[00:02:18] So then that awkward teenage stage between where the office managers trying to do it. And finally the office manager can try and hire an it professional. Is where they go and outsource it. You talk to various types of companies. What are in the industry called break, fix shops. That's usually the first stop which is calling them up saying I've got a broken computer.

[00:02:44] Can you fix it? And maybe they can, maybe they can't. And then a lot of break fix shops have tried to level out their income so that they have predictable monthly income so that they can hire the right number of people for the number of customers that they have. Although I've got to say most of them are badly overbooked.

[00:03:04]Now that they've hired those people, they this outsource break fix shop. They come in and say, okay here's what we can do for X amount per month per computer or employee, we will take care of those computers for you. One of the things that they'll promise to do is that they will take care of your cybersecurity for you.

[00:03:25] Now, cybersecurity is frankly, a specialty. It is not something that everybody can do. Even if you're using some of the best stuff in the world, like what we do, we have Cisco hardware, we have Cisco software that we run advanced malware protection. So that's the best of the top of the line.

[00:03:45] Most smaller businesses aren't going to want to pay for it, even though they might be able to afford it. Push those people out right now, because we're talking about, you were talking about a smaller business. So what does that outsourced it provider do for you? They might change their name and call themselves a managed services provider.

[00:04:06] And that's all well and good, but they need help as well. So I'm making widgets. I have this break fix shop that came in and fixed my computers a few times. And now they're handling my cyber security. Isn't that wall well, and goods was wonderful. So now they're handling, supposedly my cybersecurity. But they know they can't do it themselves and it would be too expensive to do it because they went cheap.

[00:04:33]You bought the least expensive option or, close to the least expensive option. So wait, and by the way, cheap in this case means that it's under $150 per. Person slash workstation per month. That's what it costs to get this stuff done. So you might be paying 25 or maybe even $50. They can't do it for that.

[00:04:57] So what do they do? They go to a company like. Now they also have some others. They have what are called arm AMS that keep track of some basic stuff for you, but they go to Garcia and say, okay, Casia we want you to monitor the computers, keep them up to date, et cetera for. Now did I, the widget manufacturer go ahead and hire  to take care of stuff.

[00:05:23] Did Kasiah even do it themselves or did they outsource it? Do I even know the Kaseya exists because it's really Kaseya that is managing my computers doing. We have, there has a software that doing the upgrade on my computers. This is a real problem because the widget maker, Nope, I didn't hire KSA. I didn't even know they existed.

[00:05:49] I trusted my local. Your local guy is not taking care of your cybersecurity. Almost completely guaranteed. There's very few companies like mine out there that we actually do it ourselves because we have looked at Kaseya. We've looked at all of these platforms. Every last one of them has had major problems.

[00:06:12] So here comes Casia with over a hundred thousand customers that gets hacked and distributes the hack to all of its customers that are running some of these on-premise devices that are trying to manage the networks for not Cassias clients, but for KSA as clients, client. Okay. Do you see how this is the level of indirection?

[00:06:35] You see how this is going to affect? This is a huge problem. And Casia not only have we warned some of these companies, like Kaseya about major design flaws in their software, but cause say his own engineers apparently about three years ago, warned Cacia about major design flaws in the software that they were using.

[00:07:01] So they knew about this. They were warned months, if not years in advance about it. So what does it say you do? They're concerned about profit and features, so they just keep adding features as alleged by their former employees instead of fixing the security problems. Cause it would be too hard to fix, take too long cost too much, and it isn't going to increase our revenue.

[00:07:26] Are you sitting down? Can you believe this is one of the major operators out there, major operators that is, is behind your manager services provider and your break fix shop that's who's doing it out there. So there are probably far more than that this thousand Kaseya clients that have gathered together to try and negotiate the ranch.

[00:07:57] And I got to say, I, I would be extremely disappointed if Kaseya customers didn't gather together and Sue them in a very big way. Curly sins, people claiming to be former Cacia employees are saying they warned the company about major flaws in their software. And that is what hit all of Cassias customers.

[00:08:24] Customers. This is incredible here. This is a much different style of relationship that companies have typically, right? Yeah. Okay. Law firms they'll outsource stuff, right? So let's say there's some maritime law. They'll go to a maritime law firm. They'll outsource it. So yeah, there are some models where this is done, but this is done routinely.

[00:08:49] In the cybersecurity space. It's not something we do. We stuck our toe toes into that pond and we didn't like it. We didn't want our customers to be hurt by this sort of thing. But anyway, there you have it. Okay. There, you have it all about profit and not about you. And by the way, it's also about how much you're willing to pay.