‘I would say, flat out, an emerging trend of charlatan level is the channel has to start auditing the claims of most of the security vendors,’ says Kyle Hanslovan, Huntress CEO
Huntress CEO Kyle Hanslovan said MSPs should audit security vendors’ claims that they provide 100 percent security, because people believe such claims, and that the best way to spread security awareness is through training and education.
“I would say, flat out, an emerging trend of charlatan level is the channel has to start auditing the claims of most of the security vendors,” Hanslovan told CRN. “When I hear someone tell me they provide a 24-by-seven security service and I look at their staff and they have six people, somebody either is a robot or they’re BS-ing.”
The most effective way to amp up security is through education, he said.
“Still to this day we see partners buy amazing products, like great next generation EDR, but they don’t configure it, they don’t manage it or to be frank, they don’t have the team on staff with the skills to manage it. So they have to solve that problem somehow at a cost that makes sense, whether that’s internal training or standardizing outsourcing,” he said.
The threat researching firm has always been a managed security platform, he said, but all the work that has been done, even through acquisitions, was at the endpoint.
“We started looking back and asking our partners, ‘Where are you struggling to manage?’ The number one thing we hear is, ‘No talent, still.’ And even if they do have talent, nobody wants to manage the mundane monotonous anywhere. They don‘t want to manage the cloud monotonous. They don’t want to manage user training,” he said.
To help with that, Huntress in August paid $22 million to buy Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. About 15 employees came over in the acquisition.
“Now we have a whole team full of shady hackers and how do we help do all of that for [MSPs] and bring that expertise,” he said. “It’s going to take me probably three quarters to get it to where my standard is, but it’s totally usable today. It’s just I’ve got high standards for elevating it beyond just security awareness training.”
And with training also comes holding security vendors accountable.
CRN sat down with Hanslovan to discuss the impact of security awareness training, how a recession will impact ransomware attacks, 2023 security trends and why MSPs should audit security vendors going forward.
What do you want to do with Curricula at the start of 2023?
So we launched a little while ago the Neighborhood Watch Program. This was this idea of, ‘We are stronger as a community if everybody has a default stack, plus Huntress gets to learn about the threats in the community a lot better.’ I made a $5 million investment in giving away free product into Neighborhood Watch. We did that on our managed EDR side. Recently we made another massive investment for 5,000 partners. If they sign up for Neighborhood Watch, they get free security awareness training. You can imagine investors like to see me making money but I think it actually goes a lot further when you‘re able to get people using the product, testing their product and learning from that.
There’s a lot of talk about an impending recession and how that will affect ransomware incidents. Some security experts are saying it’s unusually quiet right now, but then there will be an uptick in incidents. Are you seeing that?
I would confirm, we are also seeing less ransomware attacks. Across the 1.8 million computers that we manage, ransomware attacks are currently at four percent. They’re usually at seven to 10 percent.
Why do you think it’s quiet right now?
We actually started seeing the downtrend happen, and it could be correlation–not causation, in February when Russia and Ukraine started having more back and forth. It’s kind of convenient that both of them have a large cyber actor presence, and I don’t know maybe they’re going at each other. Maybe it changed when the Biden administration started labeling some of these as terrorism. So we have seen a downtrend, period. Bitcoin now has less value too, so some of these could be many reasons, but bottom line I can tell you is we are definitely seeing a lull.
With the economy changing, there is no doubt that folks have to get paid. Threat actors have to make money somehow. We‘re noticing, even in some places, they’re holding the data for ransom, but they‘re not actually encrypting. They’re skipping that part and just only holding for extortion, or threatening to maybe call a regulator or threatening like, ‘I’m going to call your customer and show them I have your data.’ So there’s still other ways even by not using ransomware to still hold data theoretically for ransom. For me, it‘s not going anywhere. It’s such a great source of income for them, it‘s clearly not going away in 2023.
What are you hearing from partners about that? Are they getting more worried?
It’s the awareness of this stuff, it’s the cyber insurance companies. I don‘t think there’s been a massive awareness change on ransomware, everybody‘s kind of there. But the end clients are getting much better education. Now they have to renew their cyber insurance and they actually have to say, ‘If you want it, you have to have A, B, C and D.’ So it’s crazy. Like we’re actually seeing cyber insurance drive more adoption of the SMBs in security than regulation.