HacWare CEO: Phishing Is Big Business

‘We’re in the channel, we’re focused on growing and scaling,’ says Tiffany Ricks, CEO of HacWare. “We’re moving fast. We have to wear multiple hats. But the key thing to remember here is all businesses now are technology businesses. All businesses are vulnerable to phishing and other types of attacks. It’s super important to make sure that you‘re thinking about security training as a part of working and trying to protect the businesses that you support.’

Tiffany Ricks, CEO of HacWare

Tiffany Ricks, CEO of HacWare

Tiffany Ricks, CEO of cybersecurity training vendor HacWare, needed a phishing simulation product for her consultancy business, so she created one herself.

Brooklyn, New York-based HacWare was founded in 2019 as Ricks owned a consultancy business in Dallas which focused on helping companies understand how hackers break into their systems.

“I decided that we needed a product that could send phishing simulations and try to see if those users are going to fall for them, and then train them,” she told CRN. “This is what I needed in my consultancy, a way to automate that.”

She then realized that MSPs needed that same product she saw a need for, so she created it herself.

“And then that creates awareness,” she said.

Since launching in 2019, HacWare is now used by MSPs in seven different countries “to educate their users on phishing and other cybersecurity topics.”

“It automates the phishing simulation process and it uses real phishing data to test the users on how cybercriminals are attacking them today,” she said. “Then it automatically trains them on what they potentially did wrong and also help them meet other compliance endeavors that the clients may have.”

Most recently, HacWare partnered with Involta Partners, a Cedar Rapids, Iowa-based data center, hybrid IT and cloud-forward consulting firm, and on CRN’s 2022 MSP 500 list, to expand cybersecurity awareness.

“We‘re in the channel, we’re focused on growing and scaling,” she said. “We‘re moving fast. We have to wear multiple hats. But the key thing to remember here is all businesses now are technology businesses. All businesses are vulnerable to phishing and other types of attacks. It’s super important to make sure that you‘re thinking about security training as a part of working and trying to protect the businesses that you support.”

CRN spoke with Ricks about the partnership and how HacWare is expanding its awareness on phishing attacks to help the MSP community. Click through the slideshow to see what she had to say.

Channel trends today

Channel trends today

What was the idea behind the partnership within Involta?

It actually started from one of our other partners. They were using our cybersecurity platform but they also needed us to support their marketing endeavors. They had us as a vendor and some other vendors supporting them, and Involta was one of them. All of us were trying to create this pod where we were commenting on our partner’s post and we ended up meeting the representatives over at Involta because they saw how we were supporting this one partner. They said, ‘Hey, I saw that you do phishing simulations. It sounds pretty cool what you are doing, we need to offer this for our companies that we‘re supporting on the managed services side.’ It really started from us supporting one of our partners marketing endeavors, met them, showed them what we’re doing and they needed to create an easy way to train all of the small businesses and mid-market companies that they‘re supporting. This was a no-brainer.

How does the partnership benefit your partners?

Involta is a data center, so they focus on data storage but they also work with managed security providers who have a data issue where they need their data stored or data needs to be recovered if there is a ransomware breach. They‘re there when there’s what we call a boom in cybersecurity. When something bad happens, they help these partners to recover after the boom. Now let‘s get some training in place to educate these users to prevent it from happening again because oftentimes ransomware attacks happen because of phishing and lack of user education. Now Involta can go back to these partners and say, ‘Hey, I’ve got this tool that’s going to automate the phishing training experience for you and for all of the clients that you‘re going to support. This is something that’s going to make it easy, continuous and it‘s an AI-driven platform. This platform is going to [decrease labor costs by] 40 percent.

What is the economic impact of phishing attacks?

The economic impact of phishing attacks is twofold. The number one reason a phishing attack happens and how you need to reduce your risk is user training. The continued impacts on phishing on MSPs and in the channel is because when a phishing attack happens 60 percent of those companies go out of business. What I‘m seeing is the intention of the cybercriminals, when they’re phishing, is to not only steal data but take businesses offline and to put them out of business. Insurance companies are now requiring, if you want to get cybersecurity insurance to protect your business from being liable when your customers experience a breach, you have to have something that‘s going to address phishing. Security awareness and security training is the number one thing. The impact to not addressing phishing properly is you probably won’t be able to get cyber insurance.

Also, we‘re seeing that companies, depending on the size of the company, when there’s an attack and it‘s ransomware that’s involved, the payout rate ranges. We‘ve seen some for smaller MSPs where it’s about a $100,000 payout, which is a big impact to your bottom line. We‘ve seen some payouts for ransomware at about $14 million, so phishing is big business for cybercriminals. The economy around phishing is huge and they have operation centers set up to make sure that their business grows. They have teams that are focused on making sure that they’re sending out these phishing attacks that are hard to spot. They have affiliates where they‘re paying others to help them get the resources from these targets, so it’s big business.

What’s one emerging cybersecurity trend you're watching right now?

One is on the entire chain. [Hackers] are seeing that they can go after MSPs who have access to all of these businesses. They can target this organization which has a viral effect and get access to all of these different endpoints and all of this data, which could be used for a bigger phish. The other thing is that we see them targeting the providers to these MSPs. We saw when they were targeting Kaseya and that was because this viral effect. They can get access to some part of the supply chain and exploit it to get access to more data.

On the phishing side, I see a lot of the attacks more focused on trying to exploit our basic needs. We’ll see a lot of messages coming in to MSPs that are talking about service interruptions and they’re acting like or impersonating a Kaseya or someone who is providing some sort of service to that MSP. They’ll say they‘re going to cut off that service due to nonpayment. I also see the same thing replicated with regard to MSP’s customers. They’re impersonating the IT department and they‘re trying to say, ‘Due to not paying this invoice we’re going to disconnect your service.’ It’s all about trying to create urgency to get them to get information, like a credit card. So I saw I see a lot of the psychological things in the channel community. It’s a lot of just trying to figure out where they can get in to get access to the masses.

What is your biggest challenge right now in your company and how are you trying to overcome it?

The number one challenge is we want to make sure that we are effectively meeting the needs of our customers. The challenge is just trying to make sure that the phishing training is getting to the user. Sometimes we are combating other products that are doing their job. Their job is to make sure that bad messages don‘t get to the employee, but we also want to make sure that our training gets to the employee. We’re always trying to make sure that we resolve that but then we also are trying to make sure, for our partners, we are actively listening to all of the requests that they want and everything that they need. Our goal is to, as fast as we can, provide those resources to them because their job is under a lot of stress. They have to make sure that they are protecting these businesses from a security breach. They have to make sure that the businesses are operational and running from a technology standpoint and then they have their own businesses to run. They’re heavily reliant on our tools and we want to make sure that we are responsive and providing them what they need at the appropriate time. That’s what keeps me up at night, is how do we continuously evolve and innovate and bring the product features that our customers need but also balance with marketing and sales enablement. How do we help them to understand more about what the product does and get it into the customer’s hands to address our number one concern in cybersecurity, which is phishing.

The cybersecurity landscape is always changing and ever evolving. Do you think we will ever get ahead of it or do you think we’ll always be playing the catch-up game?

We have access to so much data, we have access to so much innovation and we have so many people trying to solve this problem. If we can figure out how to collaborate and let the best minds focus on that one thing and do that well and let‘s collaborate and target this problem together, I think we definitely can. If we use the tools that we have and that are coming to us in a way to try to understand the problem more than we can build solutions around it. We’ve seen over time just how, with limited information, we could address the problems. We just have so much data. I was doing research and we have 94 zettabytes of data and it‘s going to keep growing. I really feel like if we let the best minds focus on this problem and we use the tools that we have, I think we can get on the side of trying to be more proactive versus on the defensive side. I think AI helps us do that.

What is a zettabyte and how is that measured?

One zettabyte is equal to 250 billion DVDs. The world has 94 zettabytes in 2022. When you look at the United States, we by far are creating the most data. There’s so much data out there that we can use to better understand the trends, like how cyberattacks are happening, and we can use that data to predict what we can do to stop them from happening in the future.

A big component to cyber risk is human error, so what are some easy steps partners can take to protect themselves and their customers?

There’s a couple of things that partners can do. The first thing that I always recommend is access control. Partners should be managing who has access to what data and only those users need to know who should have access to this data. If it’s too much information or too much access, let’s remove access to that. With phishing, if a cybercriminal was able to target a user and their access is managed, then they’re only going to get access to this small pool of data versus access to all of the company‘s information.

The other thing is email security. There’s a lot of email security by default, and that is great. There’s also further advanced tools that they can turn on that have certain capabilities to improve their email security, like filtering solutions. And then the key thing, which is where HacWare focuses, is education. Human error, like you said, is the number one cause to phishing. A lot of those solutions that I mentioned before: access management, email security, they do their job, but they’re not 100 percent. Let’s train users. We need to be training users on how to identify phishing attacks and how to avoid them and make it personalized where people have a need to preserve themselves. When you’re talking about phishing let’s relate it to the impacts in what they can lose, and then that would make the training more effective.