Managed services News
Kaseya CEO: MSPs Are ‘Playing With Fire’ If They Can’t Get Their Customers To Pay For Security
Joseph F. Kovar
‘For example, let‘s assume a dental practice of 25 employees as a standard MSP customer. How many of those dental practices are willing to pay every three months to certify every employee on security awareness training, like don’t click on links? …The bad guys know the dental practice is the one that‘s probably going to bite,’ says Kasey CEO Fred Voccola in an interview with CRN.
What’s the latest on the Kaseya VSA REvil cyberattack in July and August. Any recent updates?
Nothing that hasn‘t already been put out there.
Is Kaseya reimbursing MSPs that were impacted by the event?
We don‘t disclose what we do financially.
What has Kaseya done to make sure that that a breach like this doesn't happen again?
Well, considering we‘re one of, what, 800 software vendors that have had security issues in the last two years, we’re doing the best practices that everybody does. And I don’t say that lightly at all. We’ve doubled down on our existing security practices. We’ve increased the investments for [our] product security organization. I think the biggest piece to that is just following the protocols that all the experts in the world give us and everyone to do. It’s same things that ConnectWise probably did after their attack, and SolarWinds after theirs, and Microsoft after theirs. We’re dealing with a global—I hate the word ’pandemic’ because people use that with COVID—a global phenomenon. Here’s the reality: [Society has] created a perfect storm for crime. One, if someone were to go into a Citibank branch with a gun and point the gun and do a stick-up and walk away with $10,000, they get a much harsher punishment than if someone behind a computer stole $1 million from Citibank, or $10 million. Second, the amount of money and resources that we in the Western world like the U.S. and EU [European Union] spend combating cybercrime is like one one-thousandth or one three-thousandth of what we spend on combating illicit narcotics and illicit drugs. So that means the investigation rate of cybercrime is less than one out of every 5,000 cyber incidents. If you have a $100,000 ransomware attack, no one investigates. There’s not enough resources.