loader from loading.io

Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Release Date: 07/16/2021

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? show art How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

Craig Peterson - America's Leading CyberSecurity Coach

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New...

info_outline
What Happened With Facebook's Outage? When Will It Happen Again? show art What Happened With Facebook's Outage? When Will It Happen Again?

Craig Peterson - America's Leading CyberSecurity Coach

What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now...

info_outline
Could Using the Right Multi-Factor Authentication Save You? show art Could Using the Right Multi-Factor Authentication Save You?

Craig Peterson - America's Leading CyberSecurity Coach

Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some...

info_outline
Are You Using Encrypted Email Yet? Here's How! show art Are You Using Encrypted Email Yet? Here's How!

Craig Peterson - America's Leading CyberSecurity Coach

Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email...

info_outline
Do You Know How to Identify a Fake Web Page? - Whole Show show art Do You Know How to Identify a Fake Web Page? - Whole Show

Craig Peterson - America's Leading CyberSecurity Coach

Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post...

info_outline
You Need to Start Using Burner Identities ASAP show art You Need to Start Using Burner Identities ASAP

Craig Peterson - America's Leading CyberSecurity Coach

You Need to Start Using Burner Identities ASAP! In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business email compromises. It's really crazy. That's what we're going to talk about. [Automated transcript] An essential part of keeping ourselves safe in this day and age is to confuse the hackers. The hackers are out there. They're trying to do some things. Ransomware, for instance, like[00:00:30] business email compromise, is one of the most significant crimes times out there today. It hits the news...

info_outline
Apple is Adding Tech to Look At Your Photos For Child Abuse show art Apple is Adding Tech to Look At Your Photos For Child Abuse

Craig Peterson - America's Leading CyberSecurity Coach

Apple is Adding Tech to Look At Your Photos For Child Abuse This is a tough one. Apple has decided that it will build into the next release of the iPhone and iPad operating systems, which monitors for child porn. [Automated transcript] Apple has now explained that they will be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that?...

info_outline
The IRS Has Been Selling Bitcoin - Pay Up! show art The IRS Has Been Selling Bitcoin - Pay Up!

Craig Peterson - America's Leading CyberSecurity Coach

The IRS Has Been Selling Bitcoin - Pay Up! Bitcoin is all the rage. In fact, many people have considered investing in these cryptocurrencies or something. Of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [Automated transcript] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real-life-type things and you owned property, as it were inside this virtual world, they wanted to tax it. So, of course, if you sold something with real hard money...

info_outline
The The "Great Resignation" in Big Tech - Better Jobs, More Money

Craig Peterson - America's Leading CyberSecurity Coach

The "Great Resignation" in Big Tech - Better Jobs, More Money There seems to be a worker shortage. And many businesses are finding that, frankly, people involved in technology are resigning; they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [Automated transcript] [00:00:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you...

info_outline
Windows 11 Will Require a New Piece of Hardware show art Windows 11 Will Require a New Piece of Hardware

Craig Peterson - America's Leading CyberSecurity Coach

  1126-01-windows_11_and_tpm [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years; they are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so...

info_outline
 
More Episodes

Kaseya and the Problem with Managed Service Providers

We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack?

It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge. But let's talk about why this happened, because I think there are many things that you and I have overlooked here over the years, this ransomware God guy, gang called REvil, R E V I L has targeted cause say, or customers through.

[00:01:04] Say, but it isn't just kissy customers. It's really cause say, is customers for the most part. Now your head might be spinning a little bit, but here's, what's happening. I'm a business owner. You guys know that right now. Let's say that I don't do cybersecurity for businesses. That's what I do.

[00:01:24] But let's say I make widget. I as a widget maker, do not have enough knowledge about computers to, to really do it myself. So let's say I've grown and I've got 20 employees. The odds are very good that my office manager is the one in charge of the computer. The office manager probably orders.

[00:01:49] Computers probably tries to figure out what's going wrong. By the time of it at 50 computers or 50 employees, I've probably got a full-time it person who goes around and tries to take care of things. But before I've got that, full-time it person I'm probably going to outsource it. And by the way, a lot of companies, it's more like a hundred to 200 employees before they get someone who's really dedicated to it.

[00:02:18] So then that awkward teenage stage between where the office managers trying to do it. And finally the office manager can try and hire an it professional. Is where they go and outsource it. You talk to various types of companies. What are in the industry called break, fix shops. That's usually the first stop which is calling them up saying I've got a broken computer.

[00:02:44] Can you fix it? And maybe they can, maybe they can't. And then a lot of break fix shops have tried to level out their income so that they have predictable monthly income so that they can hire the right number of people for the number of customers that they have. Although I've got to say most of them are badly overbooked.

[00:03:04]Now that they've hired those people, they this outsource break fix shop. They come in and say, okay here's what we can do for X amount per month per computer or employee, we will take care of those computers for you. One of the things that they'll promise to do is that they will take care of your cybersecurity for you.

[00:03:25] Now, cybersecurity is frankly, a specialty. It is not something that everybody can do. Even if you're using some of the best stuff in the world, like what we do, we have Cisco hardware, we have Cisco software that we run advanced malware protection. So that's the best of the top of the line.

[00:03:45] Most smaller businesses aren't going to want to pay for it, even though they might be able to afford it. Push those people out right now, because we're talking about, you were talking about a smaller business. So what does that outsourced it provider do for you? They might change their name and call themselves a managed services provider.

[00:04:06] And that's all well and good, but they need help as well. So I'm making widgets. I have this break fix shop that came in and fixed my computers a few times. And now they're handling my cyber security. Isn't that wall well, and goods was wonderful. So now they're handling, supposedly my cybersecurity. But they know they can't do it themselves and it would be too expensive to do it because they went cheap.

[00:04:33]You bought the least expensive option or, close to the least expensive option. So wait, and by the way, cheap in this case means that it's under $150 per. Person slash workstation per month. That's what it costs to get this stuff done. So you might be paying 25 or maybe even $50. They can't do it for that.

[00:04:57] So what do they do? They go to a company like. Now they also have some others. They have what are called arm AMS that keep track of some basic stuff for you, but they go to Garcia and say, okay, Casia we want you to monitor the computers, keep them up to date, et cetera for. Now did I, the widget manufacturer go ahead and hire  to take care of stuff.

[00:05:23] Did Kasiah even do it themselves or did they outsource it? Do I even know the Kaseya exists because it's really Kaseya that is managing my computers doing. We have, there has a software that doing the upgrade on my computers. This is a real problem because the widget maker, Nope, I didn't hire KSA. I didn't even know they existed.

[00:05:49] I trusted my local. Your local guy is not taking care of your cybersecurity. Almost completely guaranteed. There's very few companies like mine out there that we actually do it ourselves because we have looked at Kaseya. We've looked at all of these platforms. Every last one of them has had major problems.

[00:06:12] So here comes Casia with over a hundred thousand customers that gets hacked and distributes the hack to all of its customers that are running some of these on-premise devices that are trying to manage the networks for not Cassias clients, but for KSA as clients, client. Okay. Do you see how this is the level of indirection?

[00:06:35] You see how this is going to affect? This is a huge problem. And Casia not only have we warned some of these companies, like Kaseya about major design flaws in their software, but cause say his own engineers apparently about three years ago, warned Cacia about major design flaws in the software that they were using.

[00:07:01] So they knew about this. They were warned months, if not years in advance about it. So what does it say you do? They're concerned about profit and features, so they just keep adding features as alleged by their former employees instead of fixing the security problems. Cause it would be too hard to fix, take too long cost too much, and it isn't going to increase our revenue.

[00:07:26] Are you sitting down? Can you believe this is one of the major operators out there, major operators that is, is behind your manager services provider and your break fix shop that's who's doing it out there. So there are probably far more than that this thousand Kaseya clients that have gathered together to try and negotiate the ranch.

[00:07:57] And I got to say, I, I would be extremely disappointed if Kaseya customers didn't gather together and Sue them in a very big way. Curly sins, people claiming to be former Cacia employees are saying they warned the company about major flaws in their software. And that is what hit all of Cassias customers.

[00:08:24] Customers. This is incredible here. This is a much different style of relationship that companies have typically, right? Yeah. Okay. Law firms they'll outsource stuff, right? So let's say there's some maritime law. They'll go to a maritime law firm. They'll outsource it. So yeah, there are some models where this is done, but this is done routinely.

[00:08:49] In the cybersecurity space. It's not something we do. We stuck our toe toes into that pond and we didn't like it. We didn't want our customers to be hurt by this sort of thing. But anyway, there you have it. Okay. There, you have it all about profit and not about you. And by the way, it's also about how much you're willing to pay.