loader from loading.io

Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Release Date: 07/16/2021

Are You Using Encrypted Email Yet? Here's How! show art Are You Using Encrypted Email Yet? Here's How!

Craig Peterson - America's Leading CyberSecurity Coach

Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email...

info_outline
Do You Know How to Identify a Fake Web Page? - Whole Show show art Do You Know How to Identify a Fake Web Page? - Whole Show

Craig Peterson - America's Leading CyberSecurity Coach

Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post...

info_outline
You Need to Start Using Burner Identities ASAP show art You Need to Start Using Burner Identities ASAP

Craig Peterson - America's Leading CyberSecurity Coach

You Need to Start Using Burner Identities ASAP! In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business email compromises. It's really crazy. That's what we're going to talk about. [Automated transcript] An essential part of keeping ourselves safe in this day and age is to confuse the hackers. The hackers are out there. They're trying to do some things. Ransomware, for instance, like[00:00:30] business email compromise, is one of the most significant crimes times out there today. It hits the news...

info_outline
Apple is Adding Tech to Look At Your Photos For Child Abuse show art Apple is Adding Tech to Look At Your Photos For Child Abuse

Craig Peterson - America's Leading CyberSecurity Coach

Apple is Adding Tech to Look At Your Photos For Child Abuse This is a tough one. Apple has decided that it will build into the next release of the iPhone and iPad operating systems, which monitors for child porn. [Automated transcript] Apple has now explained that they will be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that?...

info_outline
The IRS Has Been Selling Bitcoin - Pay Up! show art The IRS Has Been Selling Bitcoin - Pay Up!

Craig Peterson - America's Leading CyberSecurity Coach

The IRS Has Been Selling Bitcoin - Pay Up! Bitcoin is all the rage. In fact, many people have considered investing in these cryptocurrencies or something. Of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [Automated transcript] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real-life-type things and you owned property, as it were inside this virtual world, they wanted to tax it. So, of course, if you sold something with real hard money...

info_outline
The The "Great Resignation" in Big Tech - Better Jobs, More Money

Craig Peterson - America's Leading CyberSecurity Coach

The "Great Resignation" in Big Tech - Better Jobs, More Money There seems to be a worker shortage. And many businesses are finding that, frankly, people involved in technology are resigning; they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [Automated transcript] [00:00:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you...

info_outline
Windows 11 Will Require a New Piece of Hardware show art Windows 11 Will Require a New Piece of Hardware

Craig Peterson - America's Leading CyberSecurity Coach

  1126-01-windows_11_and_tpm [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years; they are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so...

info_outline
Weekly - Microsoft is planning on making you buy a new computer show art Weekly - Microsoft is planning on making you buy a new computer

Craig Peterson - America's Leading CyberSecurity Coach

[Automated transcript] Weekly - Microsoft is planning on making you buy a new computer [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years. They are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market...

info_outline
Are You One of More Than 700,000 On U.S. Are You One of More Than 700,000 On U.S. "Watch-Lists"?

Craig Peterson - America's Leading CyberSecurity Coach

Are You One of More Than 700,000 On U.S. "Watch-Lists"? Craig Peterson: You've heard about the no-fly list, right? Yeah. How about the terrorist and other watch lists? It's impossible to get your name off, even when there was no reason to be there in the first place? Well, I got some news. The Department of Homeland security has been criticized for many things over the years. One of the things that they have been criticized quite a bit about is this watch list that they maintain. They have a watch list for no-fly. People get put on that watch list. It was initially intended to be, we know...

info_outline
Have Your Healthcare Records Have Been Stolen? show art Have Your Healthcare Records Have Been Stolen?

Craig Peterson - America's Leading CyberSecurity Coach

Have Your Healthcare Records Have Been Stolen? What can you do about it? Craig Peterson: We're talking about ransomware and what's the Conti gang and others doing nowadays. Hello everybody. Craig Peterson here. Thanks for joining us today. I appreciate you spending a little bit of time, and I enjoy helping bring you guys up to speed on what is happening. There's just so much of it. You wouldn't believe what I have to filter out. [00:00:23] The Conti gang has been very successful. Still, their money started to dry up recently when people figured out if they had a decent backup, they could...

info_outline
 
More Episodes

Kaseya and the Problem with Managed Service Providers

We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack?

It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge. But let's talk about why this happened, because I think there are many things that you and I have overlooked here over the years, this ransomware God guy, gang called REvil, R E V I L has targeted cause say, or customers through.

[00:01:04] Say, but it isn't just kissy customers. It's really cause say, is customers for the most part. Now your head might be spinning a little bit, but here's, what's happening. I'm a business owner. You guys know that right now. Let's say that I don't do cybersecurity for businesses. That's what I do.

[00:01:24] But let's say I make widget. I as a widget maker, do not have enough knowledge about computers to, to really do it myself. So let's say I've grown and I've got 20 employees. The odds are very good that my office manager is the one in charge of the computer. The office manager probably orders.

[00:01:49] Computers probably tries to figure out what's going wrong. By the time of it at 50 computers or 50 employees, I've probably got a full-time it person who goes around and tries to take care of things. But before I've got that, full-time it person I'm probably going to outsource it. And by the way, a lot of companies, it's more like a hundred to 200 employees before they get someone who's really dedicated to it.

[00:02:18] So then that awkward teenage stage between where the office managers trying to do it. And finally the office manager can try and hire an it professional. Is where they go and outsource it. You talk to various types of companies. What are in the industry called break, fix shops. That's usually the first stop which is calling them up saying I've got a broken computer.

[00:02:44] Can you fix it? And maybe they can, maybe they can't. And then a lot of break fix shops have tried to level out their income so that they have predictable monthly income so that they can hire the right number of people for the number of customers that they have. Although I've got to say most of them are badly overbooked.

[00:03:04]Now that they've hired those people, they this outsource break fix shop. They come in and say, okay here's what we can do for X amount per month per computer or employee, we will take care of those computers for you. One of the things that they'll promise to do is that they will take care of your cybersecurity for you.

[00:03:25] Now, cybersecurity is frankly, a specialty. It is not something that everybody can do. Even if you're using some of the best stuff in the world, like what we do, we have Cisco hardware, we have Cisco software that we run advanced malware protection. So that's the best of the top of the line.

[00:03:45] Most smaller businesses aren't going to want to pay for it, even though they might be able to afford it. Push those people out right now, because we're talking about, you were talking about a smaller business. So what does that outsourced it provider do for you? They might change their name and call themselves a managed services provider.

[00:04:06] And that's all well and good, but they need help as well. So I'm making widgets. I have this break fix shop that came in and fixed my computers a few times. And now they're handling my cyber security. Isn't that wall well, and goods was wonderful. So now they're handling, supposedly my cybersecurity. But they know they can't do it themselves and it would be too expensive to do it because they went cheap.

[00:04:33]You bought the least expensive option or, close to the least expensive option. So wait, and by the way, cheap in this case means that it's under $150 per. Person slash workstation per month. That's what it costs to get this stuff done. So you might be paying 25 or maybe even $50. They can't do it for that.

[00:04:57] So what do they do? They go to a company like. Now they also have some others. They have what are called arm AMS that keep track of some basic stuff for you, but they go to Garcia and say, okay, Casia we want you to monitor the computers, keep them up to date, et cetera for. Now did I, the widget manufacturer go ahead and hire  to take care of stuff.

[00:05:23] Did Kasiah even do it themselves or did they outsource it? Do I even know the Kaseya exists because it's really Kaseya that is managing my computers doing. We have, there has a software that doing the upgrade on my computers. This is a real problem because the widget maker, Nope, I didn't hire KSA. I didn't even know they existed.

[00:05:49] I trusted my local. Your local guy is not taking care of your cybersecurity. Almost completely guaranteed. There's very few companies like mine out there that we actually do it ourselves because we have looked at Kaseya. We've looked at all of these platforms. Every last one of them has had major problems.

[00:06:12] So here comes Casia with over a hundred thousand customers that gets hacked and distributes the hack to all of its customers that are running some of these on-premise devices that are trying to manage the networks for not Cassias clients, but for KSA as clients, client. Okay. Do you see how this is the level of indirection?

[00:06:35] You see how this is going to affect? This is a huge problem. And Casia not only have we warned some of these companies, like Kaseya about major design flaws in their software, but cause say his own engineers apparently about three years ago, warned Cacia about major design flaws in the software that they were using.

[00:07:01] So they knew about this. They were warned months, if not years in advance about it. So what does it say you do? They're concerned about profit and features, so they just keep adding features as alleged by their former employees instead of fixing the security problems. Cause it would be too hard to fix, take too long cost too much, and it isn't going to increase our revenue.

[00:07:26] Are you sitting down? Can you believe this is one of the major operators out there, major operators that is, is behind your manager services provider and your break fix shop that's who's doing it out there. So there are probably far more than that this thousand Kaseya clients that have gathered together to try and negotiate the ranch.

[00:07:57] And I got to say, I, I would be extremely disappointed if Kaseya customers didn't gather together and Sue them in a very big way. Curly sins, people claiming to be former Cacia employees are saying they warned the company about major flaws in their software. And that is what hit all of Cassias customers.

[00:08:24] Customers. This is incredible here. This is a much different style of relationship that companies have typically, right? Yeah. Okay. Law firms they'll outsource stuff, right? So let's say there's some maritime law. They'll go to a maritime law firm. They'll outsource it. So yeah, there are some models where this is done, but this is done routinely.

[00:08:49] In the cybersecurity space. It's not something we do. We stuck our toe toes into that pond and we didn't like it. We didn't want our customers to be hurt by this sort of thing. But anyway, there you have it. Okay. There, you have it all about profit and not about you. And by the way, it's also about how much you're willing to pay.