Data-Driven SMBs, Compliance, FBI LockBit Recovery, CISA Snowflake Warning, & Phishing Prevention

[00:00:00] It's Thursday, June 6th, 2024 and I'm Dave Sobel.

[00:00:06] Three things to know today.

[00:00:08] An AWS study shows data-driven SMBs achieve greater financial success and efficiency.

[00:00:15] Eighty-five percent of managed services providers struggle with security compliance and potentially

[00:00:19] automation is the solution.

[00:00:21] And the FBI's lock bit recovery, CISA's snowflake warning and phishing prevention.

[00:00:28] This is the Business of Tech.

[00:00:32] A new Amazon Web Services report reveals that highly data-driven small businesses outperform

[00:00:39] their peers financially and across various business outcomes.

[00:00:43] These companies also have a more mature data strategy and adopt and use AI at a higher

[00:00:49] rate.

[00:00:50] Sixty-five percent of highly data-driven companies reported significant or moderate financial

[00:00:55] outperformance compared to 33 percent of less data-driven companies.

[00:01:01] Highly data-driven SMBs outperform less data-driven companies across all surveyed business outcomes,

[00:01:08] including customer satisfaction, revenue and process efficiency.

[00:01:12] The differences are substantial, often exceeding 30 percentage points.

[00:01:17] Sixty-nine percent of highly data-driven companies have a comprehensive data strategy compared

[00:01:22] to 28 percent of less data-driven companies.

[00:01:25] A mature data strategy correlates with significantly better financial performance.

[00:01:31] Highly data-driven SMBs adopt and use AI at nearly twice the rate of less data-driven

[00:01:37] companies.

[00:01:38] They report extensive use of AI in critical functions such as IT operations, cybersecurity

[00:01:43] and content creation, with usage rates significantly higher than less data-driven peers.

[00:01:49] Highly data-driven companies invest more in technology and processes that enable a common

[00:01:54] understanding of data, increased data trust, accuracy and governance.

[00:01:59] Eighty-five percent of highly data-driven SMBs have invested in data technologies compared

[00:02:04] to 65 percent of less data-driven companies.

[00:02:09] Now why do we care?

[00:02:11] So now I have the data to back up my statements about data management as a service, and the

[00:02:15] need to organize data for customers, and the incentives to do so.

[00:02:20] When I talk about technology investments that lead to revenue generation, here's a bright

[00:02:25] light shining on one.

[00:02:27] IT service providers must develop expertise in data strategy and AI to meet the growing

[00:02:33] needs of data-driven clients.

[00:02:35] There is a market for services that help SMBs become more data-driven.

[00:02:40] IT service providers can offer consulting on data strategy development, AI implementation

[00:02:45] and data technology investments.

[00:02:47] This niche can be lucrative given the clear financial and operational benefits outlined

[00:02:51] in the report.

[00:02:53] The evidence from the AWS report makes a compelling case for small businesses to become

[00:02:58] more data-driven.

[00:02:59] IT service providers should leverage this to offer targeted solutions to help SMBs harness

[00:03:04] the power of data, thereby driving mutual growth and success.

[00:03:11] With as many breaches and security concerns as I report in this show, it should be obvious

[00:03:15] that cybersecurity is not just about technology, but also the human expertise needed to interpret

[00:03:21] and respond to complex threats.

[00:03:24] Huntress is focused on elevating SMBs and MSPs around the world.

[00:03:29] Huntress has a suite of fully managed cybersecurity solutions powered by a 24x7 human-led SOC

[00:03:36] dedicated to continuous monitoring, expert investigation and rapid response.

[00:03:41] And the proof is the execution.

[00:03:44] Huntress is the number one rated EDR for SMBs on G2.

[00:03:50] Want to know more about the platform?

[00:03:52] Visit huntress.com slash MSPradio to learn more.

[00:03:56] According to a survey by Optega, 85% of managed service and security providers face significant

[00:04:04] challenges in maintaining security compliance for their clients.

[00:04:08] Lack of resources, expertise or technology are the common roadblocks.

[00:04:13] The survey also found that providers are open to delivering compliance services through

[00:04:16] automation platforms, but only about half are currently doing so.

[00:04:21] Compliance represents a small percentage of overall business and revenue for many providers.

[00:04:26] The report highlights the potential for growth in continuous compliance services and the

[00:04:30] need for providers to leverage their compliance offerings for business growth.

[00:04:35] Why do we care?

[00:04:37] Compliance is really hard.

[00:04:39] As regulatory requirements grow more complex, the demand for robust compliance solutions

[00:04:43] will increase.

[00:04:45] Providers who can efficiently deliver these services will be well-positioned to capture

[00:04:49] this expanding market.

[00:04:50] Yet that won't be everyone.

[00:04:53] Offering advanced compliance services through automation and expert knowledge can set providers

[00:04:57] apart from competitors.

[00:04:59] This differentiation is crucial in a crowded IT services market.

[00:05:03] That said, I want to highlight that compliance currently represents a small revenue stream.

[00:05:07] I'm not sure I would start here, particularly after considering the previous story.

[00:05:12] If you can't deliver this yourself, partner.

[00:05:17] The FBI has recovered over 7,000 lockbit decryption keys and is urging past victims of lockbit

[00:05:23] ransomware attacks to come forward.

[00:05:26] The keys can be used to recover encrypted data for free.

[00:05:29] Despite law enforcement's efforts to shut down lockbit operations, the ransomware gang

[00:05:34] is still active and targeting victims.

[00:05:37] The gang and its affiliates have reportedly earned up to $1 billion in ransoms between

[00:05:42] June 2022 and February 2024.

[00:05:45] The FBI is reaching out to known victims and encouraging others to report incidents at

[00:05:50] IC3.gov.

[00:05:53] The U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about

[00:05:57] an increase in cyberattacks targeting Snowflake customers.

[00:06:02] CISA recommends that customers proactively search for malicious activity in their systems

[00:06:06] and report any findings.

[00:06:08] The advisory comes in response to recent allegations and disclosures regarding unauthorized activity

[00:06:14] in a third-party cloud database environment.

[00:06:17] ConnectWise has been authorized as a CVE numbering authority by the Common Vulnerabilities and

[00:06:22] Exposures Program.

[00:06:24] The authorization highlights ConnectWise's commitment to cybersecurity and its role in

[00:06:28] assigning CVE IDs to vulnerabilities and publishing associated CVE records for its

[00:06:34] products and services, as well as vulnerabilities discovered in third-party products.

[00:06:39] KnowBe4's 2024 Phishing by Industry Benchmarking Report reveals that without training, 34.3%

[00:06:47] of employees are likely to click on malicious links or comply with fraudulent requests.

[00:06:52] However, organizations that integrated simulated phishing attempts and testing with security

[00:06:57] awareness training see a significant drop in Phish-prone percentage, or PPP, with an

[00:07:02] average drop to 18.9% within 90 days and 4.6% after 12 months.

[00:07:10] Why do we care?

[00:07:11] Tactically, I wanted to boost the FBI and CISA's callouts.

[00:07:16] If you have clients affected, that's critical information.

[00:07:19] ConnectWise's move is a data point.

[00:07:21] To give you some perspective, Enable can also issue CVEs, and Kaseya, Ninja, Eterra, Barracuda,

[00:07:28] and Huntress as examples cannot.

[00:07:31] Let's not overblow the importance and also acknowledge it's a proactive move.

[00:07:36] Finally, basic security awareness and hygiene remain the win.

[00:07:40] Phishing training works.

[00:07:43] Are you ready to spot opportunities by aligning IT with your clients' business strategies?

[00:07:49] GetInSync equips MSPs and IT professionals with the tools, methods, and training to deeply

[00:07:54] understand client strategies, ensuring IT investments directly support key business objectives for

[00:08:01] tangible outcomes.

[00:08:03] With GetInSync, you gain critical insights that empower decisive actions, enhancing your

[00:08:08] competitive offering.

[00:08:10] This solidifies your role as a trusted advisor and supports your clients' strategic needs,

[00:08:15] bringing greater success.

[00:08:17] Boost your readiness to become a certified GetInSync trusted business advisor with our

[00:08:22] free online assessment.

[00:08:24] Accept the challenge and discover if you have what it takes to become an indispensable

[00:08:28] strategic partner for your clients.

[00:08:31] Begin your journey with GetInSync.

[00:08:33] Visit getinsync.ca to learn more.

[00:08:42] Thanks for listening.

[00:08:43] Today is National Moonshine Day, National Drive-In Day, and National Yo-Yo Day.

[00:08:48] But can you drink moonshine at the drive-in with your yo-yo?

[00:08:52] Have a question you want answered?

[00:08:53] We take listener questions.

[00:08:54] Send them in, ideally as a voice memo or video, to question at MSPradio.com.

[00:08:59] I answer those live each week on our Wednesday live show, next week 3pm Eastern on YouTube

[00:09:04] and LinkedIn.

[00:09:05] And if you like the show, make sure to share it.

[00:09:08] Do me a favor and tell a colleague, tell a friend, tell someone else and help us grow

[00:09:12] the show.

[00:09:13] I really do appreciate it.

[00:09:14] I'll talk to you again tomorrow.

[00:09:17] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines.

[00:09:23] Posted at businessof.tech.

[00:09:25] If you like the content, please make sure to hit that like button, follow or subscribe.

[00:09:30] It's free and easy and the best way to support the show and help us grow.

[00:09:35] You can also check out our Patreon where you can join the Business of Tech community at

[00:09:40] patreon.com slash MSPradio or buy our Why Do We Care merch at businessof.tech.

[00:09:47] Finally, if you're interested in advertising on the show, visit mspradio.com slash engage.

[00:09:55] Once again, thanks for listening to me.

[00:09:57] I will talk to you again on our next episode of the Business of Tech.

[00:10:04] Part of the MSP Radio network.