"Identifying Cybercriminals and Strengthening Security Policies: A Deep Dive

[00:00:00] Welcome to the Business of Tech Lounge, the live version of the Business of Tech podcast.

[00:00:19] It's Wednesday, May 8th, 2024. And I'm Dave Sobel. Today on the show, we talk lots of security

[00:00:25] as the head of LockBit is identified, CISA positions itself and the State Department

[00:00:30] advances their strategy. Plus the RSA conferences full of announcements and some M&A from around

[00:00:38] the MSP channel. We'll discuss my interview with Ramsey Sahoon from Evergreen Services

[00:00:43] Group and preview of my interview with Rob Began, how you can partner with Microsoft.

[00:00:50] Plus, as always, your questions and comment. Now I want to thank sales builder our Patreon

[00:00:56] sponsor whose support makes this show possible. Focus on your IT sales workflow with the power

[00:01:02] of automation and visit them at salesbuilder.com. That's B U I L D R dot com. And do you want

[00:01:11] your logo to appear here? Vendors, you can do so with our vendor Patreon program. It's

[00:01:17] a simple monthly subscription and visit patreon.com slash MSP radio to sign up. I

[00:01:23] can't do this show without support. And thanks again to sales builder for things. They'll

[00:01:28] be taking questions and comments throughout the show. So make sure to put them in chat.

[00:01:33] There's a dedicated question section later in the show with those listeners submitted

[00:01:37] questions, but we'll put your chat up on screen anytime to make sure they get those

[00:01:42] comments out for everybody. But now our top story. US and UK authorities have identified

[00:01:49] and named Dmitry Korshev as the alleged leader of the LockBit ransomware gang. A 26 count indictment

[00:01:58] has been unsealed in the United States at a reward of up to $10 million is being offered

[00:02:03] for information leading to his arrest and conviction. The LockBit gang known for providing ransomware

[00:02:10] as a service has caused billions of dollars in losses and disrupted critical infrastructure.

[00:02:17] While the joint operation earlier this year reduced the gang's global threat, experts warn

[00:02:22] that ransomware gangs are resilient and dispersed, making it difficult to eliminate their activities

[00:02:28] completely. Korshev faces multiple charges, including conspiracy to commit fraud and

[00:02:34] extortion with a maximum penalty of 185 years in prison. And from Axios, the Cybersecurity

[00:02:43] and Infrastructure Security Agency, which is the US's youngest agency, has become a key

[00:02:48] intermediary between private companies and the US government in defeating and descending

[00:02:54] against major cyber attack. Director Jen Easterly now sees the agency as the goalie

[00:02:59] of the federal government cyber team. CIS is set to unveil high profile projects,

[00:03:06] including a public awareness campaign and a pledge from tech companies to implement

[00:03:10] Secure by Design Standard. The agency has also been proactively detecting malicious activity on

[00:03:17] critical infrastructure company systems, focusing on Chinese nation state activity.

[00:03:24] The US State Department released a new international cyber strategy at the RSA conference this week,

[00:03:30] outlining its approach to cyber diplomacy, including sanctioning ransomware gangs,

[00:03:35] establishing data governance policies and building international partnerships in cybersecurity.

[00:03:41] The strategy also identifies China as a significant thought cyber threat.

[00:03:46] The strategy's release underscores the importance of the private sector's role

[00:03:50] in implementing the strategy, with the Biden administration backing investment

[00:03:54] principles aligned with the strategy and promoting Secure by Design principles global.

[00:04:00] So, why do we care?

[00:04:03] One of the recurring themes of the business of tech has been the need for more security oversight.

[00:04:09] Well, we're getting it. Two big pushes. First, we see law enforcement making strides and

[00:04:15] identifying and bringing two justice criminals involved in cybersecurity. Second,

[00:04:21] the agency's tasks with implementing security policies are making significant strong.

[00:04:27] So, your takeaways. You must involve law enforcement in your breaches if you want continued

[00:04:32] success here. One of the things we've seen over and over again is those companies that do involve

[00:04:38] law enforcement are getting better results. Let's point to that Lord Kusaya hack on July 4

[00:04:45] that led now just recently to full conviction. What was the difference? Key

[00:04:51] law enforcement involvement early in the process. Second, you do need to cultivate your

[00:04:57] relationship with CISA. That might be as simple as building into your procedures how to connect to

[00:05:03] their resources. But there's a lot more you can do too. They've got low branch offices,

[00:05:08] there are officers who are wailing and waiting to talk to you and a large number of resources

[00:05:13] not just for incident response but for use in your business ongoing. Make sure you are

[00:05:19] leveraging all of those resources and be proactive about both of these engagements because

[00:05:25] he is looking like that's making the difference. So what do you think? Are you encouraged by

[00:05:31] these moves? Do you see cybersecurity changing because of the government involvement? I do want

[00:05:36] to hear those questions and comments in the chat if you're watching live.

[00:05:41] We've got a couple more stories to talk about. First up, Fortinet has announced new updates

[00:05:46] to its generative AI portfolio, including the industry's first Gen AI Internet of Things Security

[00:05:53] Assistant. These updates enhance security and network operations providing capabilities such as

[00:05:59] generative AI assistance scripting for network configuration, conversational AI interface for

[00:06:04] IoT vulnerability detection, and dictation capabilities for threat hunting and analysis.

[00:06:11] Fortinet's generative AI Assistant, Fortinet AI, supports natural language processing in multiple

[00:06:17] languages, bridging the cybersecurity skills gap and improving operational efficiency.

[00:06:22] The company also prioritizes generative AI security and data privacy, ensuring secure

[00:06:27] AI processes and protecting customer data. Fortinet AI is integrated with various

[00:06:33] Fortinet products enabling context-aware security and network operations assistance.

[00:06:40] Ignite is adding a Microsoft Perview compatible document classification label feature that

[00:06:47] integrates with security partners, Prana. This allows users to have their content scanned

[00:06:52] and labeled for access security levels, preventing improper access. The integration

[00:06:57] works with various DLP, DRM, and EDR products using AI to classify content and apply metadata.

[00:07:05] Ignite is exhibiting these features at the RSA conference.

[00:07:10] OnePassword Enterprise Password Manager, Partner Edition, is now available in beta for managed

[00:07:16] services providers. This comprehensive solution offers centralized client management,

[00:07:21] streamlined billing, and integration with existing client services and app. MSPs can

[00:07:26] enhance their security measures, protect clients' data, and become trusted advisors

[00:07:30] with AI's level of security provided by OnePassword. Register as an MSP to stay updated on the OnePassword

[00:07:37] Partner Program and start transacting as a reseller. So, why do we kid?

[00:07:44] Now I'm very security-centric today, probably due to the RSA conference this week,

[00:07:49] and so we're looking at these products with a critical eye of understanding what's useful.

[00:07:53] This is the time to showcase those new technologies. I'm going to start with Fortinet.

[00:07:58] I'm certainly very interested in the idea of a product that can provide insights and assistance

[00:08:04] to you while using it. Being able to ask it questions, get information back, and provide

[00:08:10] additional language support is an interesting idea. The idea of being able to communicate

[00:08:15] right with those products makes a lot of sense. And thematically, it hits a lot of the things

[00:08:20] we've talked about from an AI perspective, that there will be a so-called co-pilot

[00:08:25] for every situation. That makes a lot of sense to me. Ignite, of course, looking at it from the

[00:08:30] perspective of automatically classifying documents. Again, an idea that makes sense.

[00:08:36] We've got tons of data out there, and for the most part, most organizations have done

[00:08:40] a very bad job of doing data management. Anything that we can do to make that a little bit better

[00:08:46] makes sense to me. Finally, I find it interesting to note that OnePassword has moved into this

[00:08:51] now Asword Manager at a multi-tenant level. It's intriguing to see the security platforms move

[00:08:58] this way. Now, I want to balance these advanced products with the idea of doing the basics well.

[00:09:04] If you're not doing the basics well, this is beyond the need that you have right now.

[00:09:08] Remember the basic idea of two-factor authentication, good audit log, great backups,

[00:09:14] and your customer education are going to be the key to succeeding in a security landscape.

[00:09:20] But you've got to start there, and you've got to start somewhere.

[00:09:23] Reminder, we are taking those questions and I'm watching the chat. If you've got an idea,

[00:09:27] throw it in the chat, and we will talk comment or talk about it any point during the show.

[00:09:32] Now this past weekend, I interviewed Ramsey Seyoon as one of the co-founders

[00:09:37] of Evergreen Services Group. Here's a snippet of that interview.

[00:09:42] Actually, yeah, a little bit of your insight into kind of what's the perfect

[00:09:46] sense of the way a deal would be structured for your, looking from Evergreen's perspective

[00:09:52] of how that value and investment will return back from a cash and from an ownership perspective.

[00:09:58] Can you give me a little bit of like the perfect version so that we don't have to

[00:10:01] describe a specific deal, but like kind of the structure in your head of the way you want that

[00:10:06] Yeah, yeah. I think the perfect Evergreen deal is wide and the first company we acquired,

[00:10:16] I will get specific, the first company we acquired most consulting has been just an amazing acquisition

[00:10:25] and I think been kind of in the benchmark against which we measure all of our other acquisitions.

[00:10:34] So it was a really solid, operationally mature MSP doing a lot of the right things.

[00:10:43] Lloyd Wolfe was the founder, really strong operator. He wanted to sell and transition

[00:10:48] out of the business but he cared a lot about the business operating independently

[00:10:52] and about it having a long-term problem. We put Elliot Hyman who actually is now the CEO

[00:11:01] oversees all of our MSPs, all 70 of them globally. But we put him in as the director of business

[00:11:07] development at Wolfe Consulting for a year and then he succeeded Lloyd as CEO and Lloyd transitioned out.

[00:11:17] Wolfe is more than triple in size since we are all organically like no acquisitions

[00:11:25] is tripled in size since we acquired it. And now that Elliot has hired his successor,

[00:11:36] guy named JB Lamb that runs Wolfe Consulting today, as Elliot's elevated to oversee all of our MSPs.

[00:11:43] So that was kind of, that one it felt like we just got everything right, like as far as the

[00:11:49] quality of the business, the quality of the person that we partnered with and Lloyd,

[00:11:54] placing a leader, the succession plan going really well, that leader having a bigger career

[00:11:59] opportunities within Evergreen as they grow in their career. So I think that's kind of what it

[00:12:08] all goes right. So we have to ask why do we care? One of the reasons I've been talking

[00:12:15] to some of these M&A and private equity investors is the idea of understanding their thesis.

[00:12:21] It's really easy for us as analysts to broadly talk about private equity as a single thing.

[00:12:28] It is, except it also isn't. You've got to make sure that you understand what the different

[00:12:33] players are trying to get out of their investment. Some of the players like Evergreen

[00:12:38] are looking at a thesis that they explain very clearly, that they're looking to create cash

[00:12:44] machines of these organizations that spin off cash on an ongoing basis. Other DCs are the idea of

[00:12:51] taking an asset, changing it around, re-bundling it, increasing revenue and driving down lower costs

[00:12:58] and then selling it within a specific timeframe, say three to five years. I think it's critically

[00:13:04] important that we do a better job of asking the investor side of the equation what their thesis is.

[00:13:11] Most of the time when I look at M&A coverage, it's always about the idea of, well, what are they

[00:13:18] looking for and how do you get your business ready? That's only half the story. Your business

[00:13:24] is ready, but then who is it sold to and what happens to it after? Particularly if your

[00:13:31] A out will be happening over the lifetime of that investor. And I think it's important that we spend

[00:13:37] more time understanding that because not all transactions are equal. I want to give Ramsey some

[00:13:42] credit. He got specific in the interview and did went into some of the specific ways that they put

[00:13:47] deals together. I would encourage you to go ahead and dig into that video if you want to learn

[00:13:52] more and note that I've interviewed several other investors as well, and you can spend

[00:13:57] some time hearing their different pieces. Probably you also had Brandon Ballu, who's one of the

[00:14:03] member who wrote a book specifically on private equity, who then also will give you the

[00:14:07] counter arguments on when certain pieces don't make sense. Now we do continue to take questions,

[00:14:13] or you can submit them anytime in the chat window or submit it for next week if you're

[00:14:19] watching the recording, sending it to question at MSB radio dot. So we've got a couple more

[00:14:25] stories before we dive into questions. First up, managed IT IT services provider data prize backed

[00:14:33] by Trinity Hunt partners has acquired hook systems and IT service provider to expand its presence on

[00:14:39] the East Coast and offer cybersecurity services. This marks data prices third acquisition following

[00:14:45] Coalier cybersecurity and PDI adding hook systems strengthens data prizes regional footprint

[00:14:51] and enhances its technology services with a personalized touch.

[00:14:55] Intiva's acquisition of the purple guys is considered a significant move in the MSB industry,

[00:15:01] making Intiva one of the largest MSPs in the country. The acquisition expands Intiva's presence

[00:15:07] in multiple regions and indicates a ramp up in M&A activity in the IT services industry.

[00:15:12] The deal highlights the trend of rapid consolidation among MSPs and the robust

[00:15:17] capital conditions for M&A. The cultural fit and complementary geographic markets were critical

[00:15:23] factors in the acquisition of the combined company aims to continue delivering excellent services

[00:15:28] and offer opportunities for grants. Finally, Accenture has agreed to acquire

[00:15:33] Parsonate a data consultancy specialing in data products and modern data foundation

[00:15:38] services. The acquisition will strengthen Accenture's data and AI capabilities in Europe,

[00:15:43] particularly the retail, industrial, consumer goods and life sciences industries.

[00:15:47] The move aligns with the increasing focus on data and AI as research shows that 75% of C-level

[00:15:54] leaders plan to increase spending in those areas. The acquisition is part of Accenture's strategy

[00:16:00] to enhance its data and AI offerings follows previous acquisitions in the same field.

[00:16:05] The terms of the transaction were not disclosed. Now why do we care?

[00:16:11] Now I'll make my always joke that when terms of the transaction were not disclosed,

[00:16:15] you should replace it with a case of fear because you should always lower the valuation in your

[00:16:20] head rather than inflate it. One of the reasons that those add information is kept private

[00:16:24] is to make you think it's more. Actually take the intention and flip it on its head

[00:16:29] and assume it was for very little that will actually help you in your analysis.

[00:16:34] Now I want to tell a tale of the M&A strategy. The reasons for M&A vary greatly.

[00:16:42] What we're seeing here is two major examples of it and why I wanted to focus on it.

[00:16:46] The first is that geography and capability expansion are key ones.

[00:16:51] See what happened here with both the purple guys and with data prices expansion.

[00:16:56] They were focused on the area of moving into new geographies.

[00:17:00] That's a key detail. That if their expansion is about that, that's one of the reasons to do it.

[00:17:06] And you got to make sure that you understand again the thesis of what acquisitions have.

[00:17:11] Capability expansion is the other one. In many cases here this was about adding

[00:17:15] cybersecurity into their offerings. I want to highlight Accenture for a moment because

[00:17:19] they're looking at data and AI capabilities. One of the reasons I like looking at the really

[00:17:25] large consulting organizations is because they are planning much more aggressively for the

[00:17:29] future and they see opportunity in AI and data management. Have you heard a theme here before?

[00:17:36] You should. That's something that we've been talking about multiple times on the show.

[00:17:40] And that's why I find these particularly ones interesting is that we can talk about what

[00:17:45] the differences is. Those expansions geography wise are very, very tactical.

[00:17:50] But investments in new areas of offering are much more strategic.

[00:17:55] And that's ultimately why we care to learn lessons from those strategic investments

[00:18:00] decide if they matter to our own organization. Now make sure to put any questions in chat. We do

[00:18:05] take them and we will be answering any questions in chat and live. Remember,

[00:18:10] if you bring your questions live, you'll get a live response. Really do enjoy taking the questions.

[00:18:16] Of course, if you don't have an opportunity to join us live, submit them at him.

[00:18:20] Q&A gives you a chance to get involved with the show. So let's take our first submitted question.

[00:18:27] Thinking about all the various breaches we track, how do vendors responses to security incidents

[00:18:32] impact long term user trust and vendor selection strategies?

[00:18:37] This is a fun question to talk about. To think about the way vendor responses matter,

[00:18:41] let's focus on the question in long term response. I think short term,

[00:18:46] you always want to think about it from a crisis management perspective,

[00:18:49] over communicate and over correct. But long term, how much does this really linger?

[00:18:56] I asked the question because in most cases from a financial perspective, most of the large

[00:19:01] organizations, particularly large vendors are not seeing long term consequences of vendor breaches.

[00:19:07] And they are not ultimately being pushed away by users. I think this is important to note,

[00:19:13] it isn't necessarily a long term P. So I wouldn't worry too much about long term consequences of data

[00:19:21] breaches, I would think much more about the way they're going to partner with you during the breach

[00:19:26] itself. Look at their if they've been breached and many have of the way that they've responded

[00:19:31] and the way that they put together their incident response plans. It's an easy example

[00:19:36] for me to cite, because Seya who is not very well loved oftentimes in the IT channel

[00:19:41] is an example of doing a good job on communication. They actually were very proactive with their

[00:19:46] partners where they could be, and they were very involved with law enforcement. Ultimately, that

[00:19:52] resulted in a conviction and sentencing for the lead hack. So what I would counsel you to do is

[00:19:59] spend less time on the long term implications and focus a little bit more on understanding

[00:20:04] the way their short term incident response plan is because you want to make sure that

[00:20:08] you've got a partner you can work with during the breach. So we've got another submitted question,

[00:20:14] let's pull it up. How can salespeople in the MSP industry improve client acquisition and conversion,

[00:20:20] especially when traditional methods like networking events seem less effective?

[00:20:26] So it's interesting that the question comes to focus on the idea of network events being

[00:20:31] a little less effective. Person-to-person network is a bribe. You have to do it on a one or two

[00:20:37] business card basis at a time. So what I would tell most MSPs and IT services companies in this space is

[00:20:43] I don't think there's nearly enough investment in trained digital acquisition. I would say are you

[00:20:49] looking at all of the various ways that you can build community online around your organization?

[00:20:54] That's going to include things like digital ads, particularly very targeted ones that run over

[00:20:59] time with a digital acquisition strategy to drive them to your website where ideally

[00:21:05] you've done work to make sure that your website is ready for acquisition. And if you think just

[00:21:10] having a contact us form is enough, I'm going to tell you that there are two videos on my website

[00:21:15] or my YouTube channel that you want to dig into where I talk about e-commerce as an idea for

[00:21:21] your strategy for your website. You want to do more? Can they book an appointment with you?

[00:21:26] Can they engage your services? Can they call up and buy the by assessment services? These are

[00:21:32] optional and ideal places for you to start with a digital acquisition strategy. You want to think

[00:21:39] that through and can they sign up for resources? Can they get access to webinars, networking events

[00:21:45] that you do online or your newsletter? Can you get access to those resources directly?

[00:21:50] Are you a destination for them to go in an online man? Think about that full digital funnel.

[00:21:57] Most MSPs do not spend very much time thinking about that digital acquisition funnel and I would

[00:22:03] encourage you to spend some time there, particularly if you're finding that networking events

[00:22:08] continue to be more and more difficult. I love getting these questions ahead of time. And so if

[00:22:14] you have one submitted in a question at mspradio.com, I think we've cleared the question board

[00:22:20] for today. So let's go ahead and move on and talk about what's upcoming this weekend.

[00:22:26] I'm going to be offering out you the opportunity to hear my interview with Rob Fagan on partnering

[00:22:31] with Microsoft. Here's a preview of that interview before we dive in because you're a super deep

[00:22:38] Microsoft partnership expert, but it already give me some context about tell me kind of how you

[00:22:43] got to be an expert in all things Microsoft and the partnership relationship.

[00:22:49] Yeah, that journey goes back a few years now. It's about 15 to 11 20 years now. I think

[00:22:54] that I've worked with Microsoft in the partner community. So both as a value added reseller,

[00:23:02] I was an individual contributor there and then went through that journey in a number of different

[00:23:08] companies. And finally back in 2015, I started my own Microsoft partner where we were referred

[00:23:13] to as a systems integrator. So we were deploying Microsoft software for businesses of all sizes,

[00:23:19] whether they were sort of small companies of 50 or 100 people, or they were larger companies of

[00:23:25] thousands up to tens of thousands of employees. We were deploying Microsoft software. So that's

[00:23:30] really where the journey started and I always had a passion for working with Microsoft. I think

[00:23:35] the technology has evolved and it's really become, you know, very broad in terms of what

[00:23:40] Microsoft brings to the table. So I've really enjoyed this journey. So in particular, when I

[00:23:46] think of the big tech players, Microsoft really is the only one that is very bold about saying we

[00:23:52] are partner friendly and want to engage. You know, I don't think about Alphabet and Google,

[00:23:57] despite them having a partner program, I don't think of them in the same way. Amazon same way

[00:24:01] has a program. I don't think of them in the same way but Microsoft has that reputation. Now,

[00:24:06] when you start to talk with somebody about like, Hey, I want to be better at working with

[00:24:11] Microsoft. But where do you start that conversation to understand the best ways to navigate a really

[00:24:18] large organization? Yeah, that is it's the million dollar question because as I alluded to Microsoft

[00:24:26] does so many different things and they have so many different avenues that you can add value

[00:24:31] to a customer. And that ultimately the interesting place is how can you add value through that

[00:24:39] partnership? That interview will be dropping this weekend. I look forward to talking about it

[00:24:44] with you more next week as we'll dive into why do we care that you've had the chance to listen to

[00:24:48] it. A reminder for listeners, my Patreon supporters already have this video and you can get all my

[00:24:54] interview content as a supporter early visit patreon.com slash MSP radio to sign up for

[00:25:02] them. Now I want to thank sales builder our Patreon sponsor whose support makes this show

[00:25:07] possible. Focus on your it sales workflow with the power of automation and visit them at sales builder

[00:25:13] dot com that's B U I L D R dot com vendors you too can get your name mentioned on the live show.

[00:25:21] It's a simple monthly subscription visit patreon.com slash MSP radio to learn more and listeners

[00:25:28] you can support the show like share and follow on your favorite platforms. It really does make

[00:25:33] a huge difference. I appreciate your support in that way. You can also support directly on Patreon

[00:25:39] with our give what you want model you set with the content is worth as part of your subscription.

[00:25:44] If you have a question or listening to the recording, send it in a question at MSP radio

[00:25:48] dot com next week. This live show is on Wednesday. So catch us live Wednesday, 3pm Eastern.

[00:25:55] Thanks for joining me for the business of tech lounge and I will see you next time.