One spring weekend morning in 2019, Jim Jessup experienced a nightmare scenario for any MSP – a cyber attack on his largest customer, which shared a co-managed environment with his company.
The attack resulted in ransomware on all of the client’s Canadian servers and the shut down of the parent company’s network – although the MSP Jessup worked at recovered by the end of the weekend, the client’s parent company had to spend more than a year and tens of millions of dollars replacing infrastructure and rebooting systems.
“It was very dramatic and also preventable,” Jessup told a crowd of solution providers at CRN parent The Channel Company’s XChange NexGen 2023 conference, which runs through Tuesday in Houston.
CyberQP Security Tips
The attack devastated the client’s parent company for multiple reasons, said Jessup, who co-founded and serves as chief operating officer of North Vancouver, British Columbia-based CyberQP, formerly known as Quickpass Cybersecurity.
About 100 percent of CyberQP’s overall sales come through the channel, according to CRN’s 2023 Channel Chiefs.
That parent company had actually declined his MSP’s advice due to budgeting reasons, he said. Each technician had persistent privileged access. Technicians never rotated passwords. No multi-factor authentication (MFA) enabled. And the parent company didn’t monitor privileged accounts.
While Jessup struggled to get this organization to adopt best practices back in 2019, Michael Coburn, CEO of Vero Beach, Fla.-based LevCo Technologies – an MSP with partners including Microsoft and Nerdio – told CRN in an interview that he has found ways to help his clients make the right choices.
While some MSPs have turned to cyber insurance as a way to motivate clients to increase security, Coburn said he has not been fond of that method. Instead, he’s found success with risk assessments – sometimes free, sometimes sold along with other services.
“Our clients have told us they find these risk assessments very helpful,” Coburn said.
The best practices from Jessup’s nightmare experience that he preaches to this day at CyberQP – zero standing privileges (ZSP), he said. Just-in-time (JIT) access. Administrative accounts created on the fly with the least privilege and disabled when not in use.
“Let’s give them the access that they need when they need it and don’t always have that door open for a hacker to exploit our systems,” he said.