- Power Up by Empath Cyber
- Posts
- Post-Hack: One MSP That Won BIG on a $4M Contract!
Post-Hack: One MSP That Won BIG on a $4M Contract!
Here's one MSP that won big on the aftermath of a huge data breach!
Wes Spencer
July 03, 2023
Power Up by Empath Cyber
In today's rundown:
🤖 Uh Oh. Not a Good Time to be a SolarWinds Exec!
🧠Two Cyber Differences Between the EU and the US
đź’» Post-Hack: One MSP That Won BIG on a $4M Contract!
Reminder: Don’t forget to join Wes on July 5th as we talk about discovering cyber risks in client discovery! Here’s the webinar registration page!
Read time: 6 minutes 👇
So I’m back US state side from an amazing trip to Ireland where I spoke to MSP friends in the EU at DattoCon EU. What an awesome time! And I learned a few things that I’ll share in today’s newsletter! Stay tuned!
Wes at the Cliffs of Moher in Ireland last week!
Uh oh. Not a Good Time to be a SolarWinds Exec…
I just gotta say: if three years rolled by after a major headline news breach and I’m an executive of that company… I would start to feel like things are fairly safe. I mean, that’s how it normally goes, right? Have a breach, survive the meltdown, pay for credit monitoring as a penance, and eventually folks just forget and move along, right?
But nope. Not for SolarWinds. Just last week, execs at the company recieved a Wells Notice from the SEC. That doesn’t mean SolarWinds execs are going to jail. But it does mean that the SEC is planning on bringing enforcement actions (probably fines, but possibly more) against them.
The executives.
The people who probably matter the most on a large breach like this. Now, for SolarWinds, they are claiming this is all unfair.
"SolarWinds has acted properly at all times by following long-established best practices for both cyber controls and disclosure,"
Oh, really? Acted properly at all times? Here’s a little meme I created just for this fine and audacious occasion:
But according to the former SolarWinds CEO Kevin Thompson, there’s nothing to see here. Afterall, he squarely blamed one of the world’s largest breaches on an in intern. Because yeah, that’s super plausible.
So what does this mean for the rest of us?
It means get ready. The SEC is starting to come down hard on major cyber incidents. It means we need to be prepared for a cyber incident. We’ve got to have mature incident response plans in place. We must make notification to law enforcement, regulators, and state agencies a priority.
In short: a cyber incident MUST be treated SERIOUSLY. As security practitioners, we’re only beginning to see the beginnings of this trend. And keep in mind, the SolarWinds CISO was one of those execs given a Wells Notice by the SEC. My friend Jamil Farshchi from Equifax said it best:
This is a really big deal. It's unprecedented: this is likely the first time a CISO has ever received one of these. And the implications are immense: Wells Notices are no joke. They create massive career hardships—especially if one plans to work for a publicly traded company.
Two Cyber Differences Between the US and EU
As mentioned before, I’m back from an amazing trip to Ireland to speak at DattoCon EU. And I wanted to share some thoughts I learned during my many conversations with MSPs in the EU.
First, I was surprised to see how much respect the NIST CSF has among our EU MSP counterparts. While the EU does have an international governing body for cybersecurity, it lacks a comprehensive framework that holds the same weight as the CSF. As a result, I learned that many MSPs are very familiar with the popular US framework.
Second, because the EU lacks such a framework, but individual countries like the UK have their own security standards like the Cyber Essentials, I noticed something interesting. Many EU MSPs have standardized a more common base set of security minimums vs US-based MSPs, however they tend to lack the depth and complexities around framework alignment that many US MSPs are now pursuing.
In other words, I discovered the base minimum of security standards is a bit higher in the EU, but interestingly many US MSPs have begun to take their security maturity much further than those in the EU.
Interesting! So if you’re an MSP in either the EU or the US and you’re looking to continue growing in cybersecurity maturity, here’s a few link that will really help propel your MSP forward:
The Cyber Cast — join into thousands of other MSPs as we dive deep into the CIS controls. Completely FREE!
The Cyber Call — join me and over 6,000 MSPs on a weekly MSP-focused cyber live stream hosted by Andrew Morgan!
Empath Cyber — Need to take your whole team deeper? I hear you. There’s precious few resources for the entire MSP to grow in cyber. Especially those non-technical folks or new to the industry. Empath Cyber has you covered!
Post-Hack Wins! Here’s One MSP that Won a HUGE $4M Contract!
After the City of Dallas suffered crippling cyber attack in May, the city has taken decisive action. Last week, the City of Dallas approved a brand new $4 million budget for a new “threat and anomaly detection system” for the city.
Congrats go out to Netsync Network Solutions, an MSP out of Texas for securing the deal! Sometimes all it takes is a breach to get a client (or prospect) to care!
So this gets me thinking… is your MSP reaching out to help others around you? Are you seen as a source of authority for cybersecurity? Do clients and prospects know they can come to you for a solution in their new post-breach reality? Something to think about for sure.
That's all for now!
Did someone forward you this email? If so, you can sign up to the #1 MSP Cybersecurity Newsletter in the world right here: www.empathcyber.com/powerup
If you have any interesting projects or ideas, please reach out to us by [email protected] or hit me up on LinkedIn. As always, thanks for reading, and see you next time. 🫡
Find Empath Cyber and Wes here: