The MSP Zone

WOM: Medium
The increase of cyber consultants has produced a lot of confusion and not always positive outcomes. But, there is one positive outcome we can point to: general awareness of cybersecurity issues has become more central to our daily discussion as a society.  
A recent story about misconfiguration of ServiceNow instances is a great example of how cybersecurity and managed services are very close, and yet sometimes quite far apart.  
MSPZone Reading Material: https://threatpost.com/most-servicenow-instances-misconfigured-exposed/178827/?web_view=true 

Weaver Outrage Meter (WOM): Medium
MSPs have been dealing with scarcity of technical and security talent for many years. The global pandemic and the more recent inflationary pressures have contributed to MSPs paying much higher wages than in previous years. This trend may be coming to an end.  
I don't want to suggest that we are entering a phase of wage deflation, but, it seems to me that we have peaked when it comes to the excesses in hiring MSP and technical talent. Let me explain.  
Highlights: 
This has happened before during the dotcom years 
Offshoring talent - MSPs are looking to new places to source less expensive talent 
Automation and AI 
MSPZone Reading Material: https://www.cio.com/article/306053/us-it-jobs-growth-slowed-in-february.html 

In the early days of the managed services profession we saw an incredible amount of misinformation about the role of the MSP. In fact, this was one of the chief reasons the MSPAlliance was created, to address and correct that misinformation.  
Today, history seems to be repeating itself. Just like when outsourcing and offshoring were confused with managed services, we are seeing similar confusion and damaging beliefs being shared by a growing number of people around MSPs. Never fear, though. We will break all this down and provide expert analysis.  
Highlights:  
MSP Security - separating the real MSPs from the break/fix providers 
CMMC Security "Experts"  
Cyber Insurance "Experts" 
What can we do to fix this? We won't be changing our name 

Weaver Outrage Meter (WOM): Low
The importance of cyber insurance should be obvious to most people today. The fact that cyber insurance coverage is being denied to an increasing number of organizations should be 1) a wake up call and 2) an opportunity for MSPs to have important conversations with their clients.  
There are some simple yet effective techniques you can employ right now to generate new sales and marketing opportunities, all related to cyber insurance.  
Highlights: 
Lack of information is a vital aspect driving insurance concerns 
Misinformation of MSP and break/fix is causing confusion  
Cyber education is desperately needed 
 
MSPZone Reading Material: https://securityboulevard.com/2022/02/5-reasons-companies-are-denied-cybersecurity-insurance-aria/ 

WOM (Weaver Outrage Meter): Medium
 
Aside from the obvious additional "S", the inclusion of security in MSP is both incorrect and misleading. Looking at the historical evolution of the MSP profession, managed security has been baked into managed IT services from the very early days.  
What has changed? MSSPs are now the rage and there is an active campaign taking place to disrupt existing managed services philosophy. We will examine the leading causes behind this MSP vs. MSSP battle, and offer opinions on what normal MSPs ought to be doing today.  
Highlights:  
Do normal MSPs avoid security? 
What is behind the MSSP push?  
Can general practitioner MSPs become MSSPs? If so, how?  
Outsourcing your NOC vs Outsourcing your SOC 

If you were paying attention during the early and mid 2000s you heard the phrase, “trusted advisor” used quite extensively. Today, some might have you believe that MSPs have lost that trusted advisor status with their clients. I don’t know if this is true, but it does deserve further investigation.  
Highlights:  
Trusted Advisor History 
Impact of Non-MSP “trusted advisors” 
How do we solve the trusted advisor dilemma?  

Outrage Level - Low
A really interesting article about a recent study from CrowdStrike. The premise of the article is that while cyber-attacks surged last year, 62% of those attacks did not involve malware. What does this mean? It means that old-fashioned intrusion methods are still very much alive and well today.   
It also means that we should not rely exclusively on malware intrusion defense technologies. Layered approaches to cybersecurity for MSP and customers alike are what is required. MSPs need to adopt and promote technologies to identify and prevent these non-malware intrusions.   
Highlights:  
“non-malware, hands-on-keyboard activity" still a dangerous reality for MSPs and customers. This means we should not place all our eggs into one basket, namely email defense and scoring.  
industrial and engineering sectors most targeted 
“Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and ramp up innovation on how they use identities and stolen credentials to bypass legacy defenses – all to reach their goal, which is your data,” according to George Kurtz, CrowdStrike's CEO.  
Recent claims by CISA that moving to the cloud will make us safer, may not be accurate. 
 
MSP Zone Reading Material: https://www.infosecurity-magazine.com/news/threefifths-of-cyberattacks-2021/ 
 
This episode is sponsored by VULTR: www.vultr.com 

It's that time of year again…MSPWorld! This episode will focus on all the things that I am excited to see at the upcoming MSPWorld conference. Speakers, sessions, sponsors, and topics I anticipate will be on everyone's mind.  
 
Highlights:  
Overview of sessions 
Review of this year's sponsors 
Analysis of MSP topics  
This episode is sponsored by PCMatic: PCMatic.com/MSP 

MSPs and customers alike are instrumental in the global fight against cyber attacks. Nobody can win by themselves; both groups are crucial to winning this fight.  
This episode will explore what lessons we have learned in the past 12 months regarding the global cybersecurity war and what methodologies are being successfully employed to reduce the  attack surface for cyber threats.  
Highlights:  
Stopping threats before they cause damage 
Understanding the source of the attack; similar to even correlation 
Attack vectors and how they have changed  
 
MSP Zone Guest: Brian Stoner, Stellar Cyber 
This episode is sponsored by ThreatLocker: www.threatlocker.com  

Cloud computing is not a new topic for MSPs. In 2009-10 our profession had an extensive debate around public cloud computing and its impact on MSPs and their clients. Today, it is time we have another discussion about cloud: the post pandemic cloud options for MSPs and their clients.  
Highlights:  
Current cloud situation 
Supply chain impact on private and hybrid cloud 
Flexibility for the MSP, customization 
With Guest: Shane Zide VP of Global Sales & Channel at Vultr
 
This episode is sponsored by Nuso: https://nuso.cloud/