ConnectWise CISO On R1Soft Vulnerability: We Have Some Work To Do
‘One of our big goals is transparency through what we do with our own stuff,’ says ConnectWise CISO Patrick Beggs.
When it comes to cybersecurity, what are you hearing the most from partners? What is their biggest ask?
Their biggest ask is don‘t break my stuff. The biggest thing is to understand the nuances of how we’re deploying your product and put them into how you‘re approaching security. You don’t use a 10-pound hammer on a one-inch nail. We want to make sure it‘s scalable to what they’re doing. The biggest challenge is understanding their challenges as we‘re rolling things out. We want security baked in. I want less security patches. For 2023 I’m going to be grading my folks. I want to look for patches we put out on the product last year versus this year. I want, in new products rolling out, there to be X amount less because if we‘re doing our jobs that’s already baked in. Baked in versus layered on.
What’s one big cybersecurity trend you're watching right now?
Vulnerability management, attack surface reduction and automation. Automation around identifying assets that you didn‘t previously know about. We’ve piloted some tools and rolling them out internally. It’s just the ease of implementation to integrate them into our environment but also really identifying applications and assets and telling us instantly if they‘re in compliance or out of compliance. right, and we’re not that big of a company I mean, we‘re similar size to some large MSPs. From a malware standpoint, we’re actually getting behavioral tools in place for quarterly phish testing. What we‘re doing is we’re identifying higher value users and higher value assets, we‘re correlating those and testing those folks on a continuous basis.