By now, you’ve read all about Russia's hack on the U.S. It's a huge deal for a variety of reasons, many of which are technical in nature, but while the technical details of Russia’s latest cyberattack are important, the hack itself should be a reminder to MSPs everywhere: assume breach.
The tool the malicious actors used to perpetrate such a widespread attack was SolarWinds Orion, a platform familiar to those of us in the IT channel. Now, in response to the breach, I heard one MSP say, “Could you imagine if this had happened to ConnectWise Automate, VSA by Kaseya or SolarWinds N-Central?" But that is simply the wrong question.
MSPs shouldn’t be asking, “What if this happens?” Instead, they should be asking, “What happens when this happens to one of our core systems?” It's when rather than if. This leads to the concept of “assume breach,” which you’re probably already familiar with, but it’s worth reviewing.
Most MSPs have evolved their security posture by starting with protection and adding detection. The assume breach approach means starting with ‘respond’ and ‘recover’. Another term for this is cyber resilience.
You may have participated in our incident response (IR) tabletop session that we had several months ago. It was an eye-opening experience for many people. What was one of the biggest takeaways? Developing your security posture with an assumed breach mentality will reduce risk for you and your customers. It is also a great way to talk to your customers and prospects as less mature MSPs focus more on protection.
If you’re interested in more of our security webinars, you can visit the TruMethods Resource Center to review our previous webinars on this topic. We are also hoping to get together with a bunch of partners in the new year to bring you some valuable content and tips on keeping your business secure in 2021.
But for now, when it comes to potential breaches, I want you to think about when not if.