Last week, I got off the phone with an MSP who was recovering one of their biggest clients from a ransomware attack.
I know ransomware attacks have not been in the news as much lately, but they still are happening and are no less dangerous now than in 2022.
What happened?
A technician on the team had opened RDP to the outside world while performing a server migration. I’m sure you’ve had your fair share of server migrations. Maybe you could do this in your sleep and you’re thinking this was a rookie mistake, but you know what? This wasn’t this technician’s first rodeo with a server migration.
After the two week project was buttoned up, they closed the project ticket and went on to another project. But in the process, RDP was left open. This was exactly how the attackers got in and spread throughout the environment.
Attackers are looking for easy access.
Attackers are looking for the easy low-hanging fruit. This RDP configuration is low-hanging fruit. I know you would point this out at a prospect site if you performed a security assessment.
But how do you make sure that issues like this are buttoned up?
That technician DID run a continuous scanning tool as part of a project plan. The problem is he acknowledged the RDP being turned off; this was something he already knew had happened, so it wasn’t concerning. What he wasn’t thinking about was the fact that it was STILL open after the project had finished.
What we’re finding is that when partners perform projects, whether or not they are routine, OR when other vendors come in and make changes on a network, they need to double check their work. That’s where tools such as third-party pen tests (provided as part of the GalacticWatch subscription) become vital. They point out issues that can occur through every day, common oversight.
Even better?
They have a virtual Chief Security Officer (vCSO) program in place that monitors projects in their client environments. That way, when a project is finished, a third-party security analysis is performed, and any security issues are addressed. Things can’t fall through the cracks.
The vCSO program is a way for you to enable IT directors, CIOs, or other technology leadership to introduce a concept—a partnership—that does not threaten. A solution-focused offer that most leaders will want because they recognize risks are only growing. This is the perfect platform in which to address minor configuration errors and major concerns that you have.
This is a solution that you are well-positioned for and can deliver better than the cybersecurity candidates in the job market today.
Now is the time for you to act. If you wait 6 months, this position will be filled. And you may end up being relegated to the faceless list of “computer repair guys”.
But you’re not just another computer repair guy. You’re capable of becoming a security leader, and I want to help you get there.
And I have an idea:
We recently launched an incredible new framework focused on steering MSPs toward a virtual Chief Security Officer role.
The framework includes it all: sales workflow, marketing, presentation templates, security reports, meeting agendas, meeting cadences and talk tracks. It even helps you identify needs within organizations and set up a strategic security plan.
You are elevated above compliance. Above managed services. You’re at the top of the food chain. If you are interested in lifting your vCSO platform, where you become trusted as a solutions-focused leader, you will not want to miss our next vCSO accelerate session.
More information at www.vcsoaccelerate.com