Can your IT consultant stop these top cyber security threats?

The Jason Clause Show

Contenuto fornito da Jason Clause. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Jason Clause o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

4y ago 35:34

MP3•Pagina principale dell'episodio

Serie archiviate ("Feed non attivo" status)

When? This feed was archived on August 21, 2023 05:24 (8M ago). Last successful fetch was on July 20, 2020 08:04 (3+ y ago)

Why? Feed non attivo status. I nostri server non sono riusciti a recuperare un feed valido per un periodo prolungato.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Top cyber security threats to your business may be your IT provider themselves.

Most IT consultants use some kind of remote monitoring and management software to look after their client’s computing environment. These technologies are quite powerful and helpful, and also rank as some of the top cyber security threats out there.

In this episode, Joel Jacobs, one of my favorite people at Endsight, and it talk about these top cyber security threats and offer some things to look out for when talking about cyber security with your current IT consultant.

In this episode I talk about:

What is an advanced persistent threat (APT)
What are the threats generally to an IT consultant and specifically to a managed service provider
What can you look for to when talking to your current provider to get a sense of how prepared they might be against this kind of attack.

About Joel Jacobs:

Joel Jacobs
VP of engineering & owner at Endsight
Joel’s LinkedIn profile

Show notes:

Transcript:

Jason Clause: Welcome to the Jason Clause Show. I’m Jason Clause, your host. Today, we’ve got to do it, I’m sorry, we’ve got to talk a little bit more about cybersecurity.

Jason Clause: Welcome, welcome, welcome everybody, my name is Jason Clause. This is the Jason Clause Show. My experience is that the best leaders out there, they are idea collectors. They are always on the lookout for great ways to help their team achieve more, whether that’s good process, good technology, just good leadership tactics and techniques. This show is dedicated to finding those ideas, and trying to share them with a growing community of leaders, here in the Bay Area.

Jason Clause: Like I said, I’ve got a great show for us today. We’re going to be talk about something that’s real specific, relating to cybersecurity. Ordinarily, I want to make sure that I’m measured in what we’re talking about. Cybersecurity is a real thing, taking measured steps to protect yourself is an important thing. I try really hard to stay away from the fluff, or the “Ah, the sky is falling!” In this instance, it might not be unwarranted to be overly concerned about this.

Jason Clause: Today, my topic is, is your current IT provider able to protect you from these top cybersecurity threats? The note here is, probably not, because they may very well the top threat. So, I’m bringing in some heavy armor, here, to help me. My guest today is one of the Co-Founders at Endsight, his name is Joel Jacobs, and he’s one of my favorite people. He leads our Network Operations Center. We will start up with his interview, right after this.

Jason Clause: Are you frustrated with your current outsourced IT provider? There can be a lot of reasons why. Typically, they’re really just symptoms of a deeper root cause issue. We created a video that describes this root cause, in great detail. It’s the single biggest reason we see companies not getting it done out there in the marketplace. If you’d like to check it out, head on over to our website, www.Endsight.net/RootCause.

Jason Clause: All right. Welcome back from the break. Like I said, today we’re going to be talking about … It’s kind of a scary topic, and I try really hard, in other podcasts, to put a measured message out there. Cybersecurity is something that you should be concerned about, and aware of, and be working on. Not always, ah, everything’s bad. This is one of these things that’s kind of nasty, and my guest is here because I thought we needed a little bit of help.

Jason Clause: The topic we’re talking about is, can your current provider, can your current IT consultant, stop these top cybersecurity threats? Unfortunately, it may very well be that the top cybersecurity threat to your business right now is the provider themselves, because of what is going on out there. Like I said, we’re having a good friend of mine, Joel Jacobs join us. Joel is one of the Co-Founders here at Endsight, a very good person, one of my favorite people. I know I say that a lot, I’m blessed to have the opportunity to work with a lot of my favorite people. Joel, in his role right now, leads our Network Operations Center, and a lot of the work that we’re doing, from a cybersecurity perspective, rolls up under work that he and his team does.

Jason Clause: Now, this is really important. Cybersecurity is not something you offload to one group, no matter what your business is. Cybersecurity is a layered thing that you do. We’ll talk about that a little bit, as we get into the topic.

Jason Clause: Joel, thanks so much for making time to join us, I’m really glad you’re here, man.

Joel Jacobs: Cool. No problem, Jason. Thanks for having me. I’m excited to talk about this. Excited, and nervous, too. Every time I get on this whole topic, I always get a little bit of a stomach ache, because there’s a lot going on in the world these days.

Jason Clause: Yeah.

Joel Jacobs: I’m happy to talk to you. Jason, you’ve always been one of my favorite people, too. We’ve worked together, going back for almost two decades, now.

Jason Clause: Yeah, a long time, hard to believe.

Joel Jacobs: Happy to help, and get the word out.

Jason Clause: Well, I appreciate that.

Jason Clause: Well, I want to let folks get to know you just a little bit. I promise, we won’t get too personal. I’m always curious, I talk a lot about favorite people, I’m glad I’m one of your favorite people. But, who is your most favorite person? I would imagine at this point, you don’t have much of a choice, here. It’s got to be Heather, don’t you think?

Joel Jacobs: Yeah. I mean, I’d be in a lot of trouble if I didn’t.

Jason Clause: I’m going to send her a link to the show, so I think it’s got to be Heather.

Joel Jacobs: Yeah. Definitely Heather, my wife, is my favorite person. In fact, interestingly enough, Jason doesn’t even know this, while she’s my favorite person, to loop it into this very topic, her work is down right now.

Jason Clause: Oh, really? Oh my goodness.

Joel Jacobs: Due to a cybersecurity attack.

Jason Clause: Wow.

Joel Jacobs: And has been since, I guess, Sunday. I’ve gotten lots of wide, technical expertise about it, but now I’m getting a firsthand, employee’s perspective on it, of what it’s like to experience one of these. We don’t do their IT support, so nothing there.

Jason Clause: Make sure that we point that out. Maybe we should be? Heather, if you’re listening, you should point somebody towards us, maybe we can help.

Joel Jacobs: Yeah. It continues to just get the information, the exposure from us, different directions on this topic, and what it involves.

Joel Jacobs: Jason, you already said it earlier in regard to it, it’s not just outsource this and be done with it type of thing, it requires everybody’s involvement, everybody’s support, even when they don’t like what they have to deal with.

Jason Clause: Yeah.

Joel Jacobs: I took us off course.

Jason Clause: That’s okay.

Joel Jacobs: My favorite person is definitely my wife. She keeps me grounded, she keeps me in line, and I enjoy spending time with her.

Jason Clause: Yeah.

Joel Jacobs: And being married to her for, oh jeez … I should know this. It’ll be 17 years, this year.

Jason Clause: That’s awesome, congratulations. Well, cool.

Jason Clause: Why don’t we keep moving, here? I want to get into exactly what we’re talking about. Again, one of the top cybersecurity threats out there to the business community that we serve, here in the Bay Area, in Northern California, it’s actually the managed service provider themselves, or the IT consultant themselves. We’ve been tracking … We, the community, the cybersecurity community has been tracking what’s called an APT, or an Advanced Persistent Threat, against service providers for some time.

Jason Clause: We’re starting to get into jargon. Joel, could you unwind what exactly is an Advanced Persistent Threat, and why is it that something like that … This is fairly sophisticated. Why would somebody go to the trouble to launch one of these against an IT consulting company, or a managed service provider?

Joel Jacobs: Cool. Okay, I’ll answer that in a couple different steps.

Joel Jacobs: At it’s core, an Advanced Persistent Threat is not any more technical than the words themselves. Meaning, advanced is that somebody has decided, some bad guy out there in the world has decided that you are interesting to them. So, it’s not just a blast email, blast scare tactic type of spam, phishing thing, that they don’t even really know. They bought a list of a million names, or a million email address, and sent it out. This is, you’ve been selected. Congratulations, Ed McMann is at your house, and you’ve won the target of a cyber attack award, here, which is not something you actually want to win.

Joel Jacobs: You’ve been identified, and it is advanced because somebody else in the world has got your name, and is targeting you directly. It’s got real attention by bad guys on it.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: It’s persistent because they’re putting time into it, not just a one-shot, let me just see if I can bust into this environment and do something bad. It’s like, let me find some other ways to do it. There’s real attention and effort being put into it, over periods of time, by bad guys. It’s a threat, because they’re trying to get into your environment.

Joel Jacobs: What they do is, they get into your environment, and they don’t just immediately run a command, delete star dot star, or anything like that.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: They get in there, and they create more back doors. If you’ve closed one door, they can get in through another door.

Joel Jacobs: What they do is they hangout, and they learn. They learn about your systems, they learn about the tools you use, they learn where the good data is, they learn what information you care about. They get smart about you. This can be over the course of days, weeks, or even months.

Jason Clause: Yeah.

Joel Jacobs: They’ve already hacked in. They’re in, they’re in your house, and they’re learning about how to hurt you most effectively. That’s why it’s persistent. Then, when they’re ready to, they spring the trap.

Joel Jacobs: At a fundamental level, to use some scary stuff … I had my most recent training on this. Or, one of my most recent training, it actually was on Halloween. It was one of the more scary Halloweens I’ve had in my life, to talk to people, and talk to experts in the field, people who deal with the aftermath of these types of attacks.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: So, that’s what APT, or an Advanced Persistent Threat is. What makes these even worse is, it’s not just some kid doing this, after school.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Or, somebody with a grudge. Some of these out there, are state, Foreign State sanctioned attackers. There’s an ongoing attack that’s been around for a while. I think, Jason, you were going to mention it. Code name, or the name that we use around here is Cloud Hopper.

Joel Jacobs: It’s a concerted effort, by … I believe it is Chinese State sponsored hackers, to compromise targets in the United States. As of this week, Homeland Security put out a bulletin about Iranian State sponsored attacks on US targets. They’re not just focused on you, and they’re not just amateurs.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: These are pros, with the backing of large organizations, whether it be state sanctioned, or just organized criminal enterprises, that are finding targets, and figuring out how to make money.

Jason Clause: Yeah.

Joel Jacobs: Off of perfectly good, upstanding citizens, like you and me.

Jason Clause: Yeah. It’s an unfortunate state of affairs, and one that we’re not going to sort through anytime soon. It’s very much the Wild West out there.

Jason Clause: Putting it another way, a lot of the episodes I’ve done in the past have been more end user focused, and built on the idea that, in those one to many scenarios, like a phishing attack, or someone trying to mount and launch Ransomware within an environment, the tactics that you can use, you don’t necessarily have to be the fastest gazelle in the herd in those scenarios, you just have to be faster than the slowest gazelle, and you’re probably going to be okay. That’s not what this is. This is, the lion is looking, I want that gazelle, for that specific reason, and I’m going after him. That, I think, is what the frightening thing is.

Joel Jacobs: Yeah, you’re absolutely right. In fact, to build on your analogy, in some of those phishing attacks and stuff like that, you don’t have to be the … Potentially, you can be the slowest gazelle, and just be like, “I’m just going to ignore this email. I don’t know what this is, I’m going to not participate.”

Jason Clause: Yeah.

Joel Jacobs: By doing nothing, not clicking on a link, not logging into a website you think is legit, just by doing nothing, you actually stay safe from those types of attacks. That doesn’t work with what we’re talking about today.

Jason Clause: Yeah. As always, we’ll include a whole bunch of links in the show notes, to different episodes. Feel free to click around, and take a look at those.

Jason Clause: Joel, the second part of the question was, okay, this is a gnarly, hairy thing. Why a managed service provider, why are they looking at these consulting operations?

Joel Jacobs: Cool, thank you for bringing me back onto that question. I meant to address it, but then I got off track a little bit.

Joel Jacobs: The reality is, hey, if it’s going to be the same amount of effort for me to rob a house, or a bank, and the same amount of risk for me, which one do I want to go do?

Jason Clause: Right.

Joel Jacobs: Do I want to go rob a house, which has one person’s money in it? Or, do I want to go rob a bank, that has a lot of people’s money in it?

Jason Clause: Yeah.

Joel Jacobs: When I attack a MSP … This is true, Cloud Hopper, that I mentioned earlier, is a concerted effort to attack MSPs, or managed service providers.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Companies like ourselves. Because once they crack into the MSP, now they have the keys to many, many kingdoms. All of your clients that you support, now they can go through the MSP, and they can get into all those customers.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: And start to wreak havoc within those environments. So, once I get the keys to your house, and steal all the money in your house, now I’m done and I have to go case another joint, to rob that house. But, if I get into the bank vault, I get your money, I get your neighbor’s money, I get everybody’s money, because I’ve got a free pass into all those accounts.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: So to speak.

Jason Clause: Right.

Joel Jacobs: I don’t think folks from the banking industry would agree with my analogy, I think it’s a little too simple for their world.

Jason Clause: It makes a good point.

Joel Jacobs: For example, right?

Jason Clause: Yeah.

Jason Clause: To summarize, the real reason here is that it’s a worthwhile target.

Joel Jacobs: It’s a phenomenally worthwhile target.

Jason Clause: If you’re going to put all the effort to mount an advanced persistent threat against something, this is one of those things that you want to mount an attack against. The payoff could be not just that one organization, but every organization that particular provider is looking after.

Joel Jacobs: Absolutely.

Jason Clause: Potentially, right?

Joel Jacobs: It’s very fertile ground.

Jason Clause: Yeah.

Joel Jacobs: [inaudible 00:15:53]

Jason Clause: Oh, I’m sorry. Please, go ahead.

Joel Jacobs: I was just going to wrap it up, yeah. It’s very fertile ground. I figure out how to hack into one company, and now I can actually hop from there, into many companies, without doing all that work over, and over, and over again, on each of those end client companies.

Jason Clause: Yeah.

Jason Clause: You mentioned, a little earlier on, that you did your most recent training, you were in an industry event. You heard some pretty gnarly examples of how this is playing out in our industry. Do you have an example you could share with us, quickly, of how this played out? Let’s protect the names, and protect the innocent, if we can. I don’t want it to be about that, I want it to be about what the shape of the threat is.

Joel Jacobs: Good news is I don’t … Actually, I could probably look up some names, but I don’t have them top of mind.

Jason Clause: Great.

Joel Jacobs: That won’t be a problem.

Jason Clause: Yeah.

Joel Jacobs: This was a conference for MSPs, put on by one of our major vendors. There were a number of different tracks that you could go to at this multi-day conference, to continue to stay sharp, and stay up to day with what’s going on in the industry. I chose to go to quite a few cybersecurity sessions. There were some outstanding ones. Some of them were put on by cybersecurity companies. There are companies, or people from the companies, that, when an MSP gets hacked … or, when anybody gets hacked, you don’t just have to be an MSP to hire these people. They come in, to help potentially negotiate the ransom, to get your data back.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: And deal with whatever needs to be done with it. So, they have experience working with these criminals. They’ve got, to some extent, even relationships with them, because it’s the same bad guys, and the same foreign countries hitting company, after company, after company.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Once they get called in, they’re like, “Oh, hey Charlie. How are you today? Can we get this ransom down a little bit, it’s kind of high?” And, “My client doesn’t have that much money.”

Jason Clause: No way. They’re almost like attorneys, right? Like, the Prosecutor and the defense attorney, when somebody gets in trouble?

Joel Jacobs: The cybersecurity experts will tell you that the bad guys, and there’s a couple different classes of bad guys … But, the good bad guys, if you will, have amazing customer service. It’s via chat, right?

Jason Clause: Right.

Joel Jacobs: Because they want to get paid.

Jason Clause: Yeah.

Joel Jacobs: This is … They know that they need to be responsive to their unwilling, involuntary customers.

Jason Clause: Right.

Joel Jacobs: Slash victims. You can work with them a little bit, you can negotiate down the ransom. They want to be a ransom that you will pay, and not just close up shop, and go out of business.

Jason Clause: Yeah.

Joel Jacobs: They don’t make any money in that, they just put a bunch of energy into it. It’s really this weird, crazy underworld, if you will, that’s going on.

Joel Jacobs: The cybersecurity consultants were able to share information about that. I sat through one session that was almost like a murder mystery, I was really fantastic. And enough to make your skin crawl a little bit, as they walked through what sounds like a normal Monday morning, at a MSP. Then, this happens, and this happens. As it goes through the day, it turns out that this MSP had been compromised. What they had done was, through the MSP, Ransomware encrypted data at many, many of the MSP’s clients.

Jason Clause: Oh, man.

Joel Jacobs: The ransom was outrageous, when looked at against any one of their clients. It was high six figures number. These companies, that could be, for the customers, that might have been an entire year’s revenue or something like that.

Jason Clause: Wow, yeah.

Joel Jacobs: It was because they, the bad guys, were not expecting the endpoints, end customers, to pay this ransom. They knew they’d compromised an MSP, they knew that MSP was life or death, they were going to have to round up the money.

Joel Jacobs: So, as the day went on, and this MSP discovered a dozen or more clients that all had been encrypted, and all had the exact same amount of money for the ransom. They were able to realize, oh, they’re coming after us. It’s pay the ransom, get your decryption key, hope it works, and usually it does. Because if you pay the money, and you get a decryption key that doesn’t work, they’re out of business, right? They can’t go do this again, they don’t have a reputation as the bad guy who is actually worth paying.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: They’ve got to give you a key that works, for the most part.

Joel Jacobs: Anyway, they just walked you through this. They’re like, at the end of it, they’re like, “This whole scenario we just walked through, that seemed like it was fictitious? The names have been changed to protect the innocent and the guilty, but that’s it. Other than that, this is a real example of something that we dealt with.”

Joel Jacobs: I sat in another session, cybersecurity, and they were talking about a similar scenario. A guy in the back raises his hand and he said, “That was us. That case study you just presented was us.”

Jason Clause: Yikes.

Joel Jacobs: I had the opportunity to talk to him afterwards, and get his card. It’s not a bad day, it’s not a bad week, its bad months for the MSP after this happens, which is why the whole theme of the sessions was, MSPs need to be paranoid. There’s a target on our back, and we need to be doing everything we can, within reason, to secure ourselves. Because, we’re such a fertile ground, if we’re compromised.

Jason Clause: Right. From the client’s perspective, in a situation like that, the provider themselves are flailing about, trying to survive, right? It’s the survival of that business. How important is the client, at that point? You’re an order of magnitude removed from the core problem, so how much attention are you getting?

Joel Jacobs: Yeah.

Jason Clause: It’s not just the MSP, right? It’s the community here, listening to this show, this is something to pay attention to.

Joel Jacobs: Yeah. The clients are certainly important, because the clients are down and very unhappy.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: But, you’re not the only client whose down and unhappy.

Jason Clause: Right.

Joel Jacobs: There’s a bunch of them. It starts to be a prioritization exercise, and responding to it. How do we prioritize? Even once you get the decryption keys, it takes time to actually do the decryption.

Jason Clause: Yeah.

Joel Jacobs: Nobody’s having a good day.

Jason Clause: Scary stuff.

Jason Clause: If I’m the owner of a business and I’m listening, and I’m thinking, okay, I’m not so certain that the company … I like the guys I’m working with, but there’s nothing that leads me to believe that they’re looking after these things. What are some things I should be looking for, as the owner of the business? What are maybe some tell tale signs, or some questions that I could ask around different pieces?

Jason Clause: From a detection point of view, what should my MSP be doing to identify problems, or potential problem areas?

Joel Jacobs: Obviously, the no-brainer first question that they ought to ask is, “Hey MSP, what are you doing to secure your own environments, and by extension, access into mine?”

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Just as simple as that. Some answers they should be expecting, and really need to hear, starts with something called MFA, or multi-factor authentication.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Sometimes called Two FA, because usually the multi is two.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: You could have more, but two is the pretty standard number.

Joel Jacobs: What that is, … Passwords. We’re all pretty familiar with passwords, and that concept.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: They still have some value, although security experts are starting to waiver on how important passwords are. There’s a whole revolution in password best practice thinking going on, as well.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: We don’t want to get into all that today. But, passwords would be one factor of authentication. Then, the second one is some sort of a token, or a key. Multi-factor authentication is about, it’s something you know, like your password, and something you have, like a token. You can have a soft token, which is a piece of software that runs on your phone, and you have to interact with it in order to log in.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: First and foremost, they need to have that. Really, you want them to have that on every account that’s accessing their systems, or at least their systems that can access your environment, as the client.

Jason Clause: Mm-hmm (affirmative), yeah.

Joel Jacobs: That’s stuff like remote management and monitoring software, RMM. Throwing around a lot of acronyms, I apologize for that.

Joel Jacobs: RMM is the software that allows us to do our work, to access client environments, and automate lots of the things that need to get done, that are good, and help keep the networks healthy. However, it’s a powerful tool, and it can be used, in the wrong hands, for bad things as well.

Joel Jacobs: We’re blessed, here at Endsight, in that another one of the owners, Josh Carroll, long ago, when he managed the NOC, many, many years ago, had the foresight to implement multi-factor authentication on our RMM tool. I don’t even know how many years ago it is, now, but a lot.

Jason Clause: It was a long time ago, I remember.

Joel Jacobs: We’ve had that culture in our environment, yes.

Jason Clause: Yeah.

Joel Jacobs: It was good and bad. It was James Bond-y at the time, with its security level. Then, it gets to be a little tedious.

Jason Clause: Yeah.

Joel Jacobs: That’s item one. If that’s not happening, there’re serious concerns, you’ve got an MSP that’s not taking security seriously enough.

Jason Clause: Yeah. How about two more, real quick?

Joel Jacobs: Okay. We’ve got MFA, that’s certainly important. Strong password implement policy is certainly good.

Jason Clause: Yeah.

Joel Jacobs: Then, a few of the things that we’re doing … This is where different companies, different MSPs might have different answers, but a few of the things that we’re doing is within our RMM tool, we’ve got something called procedure signing, that we’ve implemented.

Joel Jacobs: What that boils down to is, just because you get into the tool doesn’t mean you can write a script to do bad things.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Then, deploy it across all of our clients. That procedure has to be approved, it has to be signed by someone else in the company, before it can be used. That’s actually a fairly common technique that the bad guys have been using. Once they compromise the MSP’s RMM tool, now they’ve got the keys to get all these client environments, they write a script.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: That says, run this encryption software, and they execute it across as many endpoints as they can. By having procedure signing, they could write the script, but they wouldn’t be able to execute it until such time as it got approved.

Jason Clause: Yeah.

Joel Jacobs: We’re going to look at that and be like, “Who is asking for this?” Talk to the person, it’s entirely internal folks. We’re small enough, we know everybody, and we can talk to them, and so on.

Joel Jacobs: When we’re like, “What is this thing?” No, heck no, this isn’t approved.

Jason Clause: Yeah.

Joel Jacobs: Slow them down, in that manner.

Jason Clause: That’s a great one.

Joel Jacobs: Another one that we’re doing, that’s around the detect … Obviously, logging is important. Logging isn’t as important if you don’t look at the logs.

Jason Clause: Mm-hmm (affirmative), okay.

Joel Jacobs: So, having logs that show that you were compromised months ago, but if no one is checking those logs, it’s not that helpful. After the fact, maybe you’re going to go look at the logs and go, “Geez, they got in here two months ago, and we haven’t known about it at all.” It’s not just logging, but what’s most important is that there’s some sort of log review.

Jason Clause: Mm-hmm (affirmative), okay.

Joel Jacobs: One of the things that we do, as well, is we have an audit that happens, and automated audit that happens every day. I get a report every day, in my email, that shows me whose logging into our RMM tool after hours.

Jason Clause: Ah, okay.

Joel Jacobs: If it’s our employees, and they’re doing that because they want to … I’m a little bit hesitant here, I’d give away some secrets, that our guys did this. Then, they might know a little more.

Joel Jacobs: If our project team is logging it at night to continue working on a project, there’s no issue there. I’m grateful they’re employees, and that they want to work in the evenings to help take care of our customers, that’s fantastic. But, if somebody is logging in, and I check in with them the next day and they’re like, “No, I didn’t log in last night. What are you talking about?” We’ve got a real problem here, we need to respond to this. We need to change passwords, there’s a potential for a breach.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: We need to … What do we need to do, here? We need to completely reset that person’s security account, make sure they can’t … That the old information, that was getting them in is no longer valid, and just see where we go from there, on how bad the compromise might have been.

Joel Jacobs: In general, we need to operate with the mindset, it’s not if we get compromised, it’s when we get compromised. And, what are we going to do about that?

Joel Jacobs: There’s a NIST framework for this whole thing, which talks about Identify, Protect, Detect, Respond, and Recover. Identify what’s vulnerable, what the bad guys might want to take a shot at.

Jason Clause: Mm-hmm (affirmative).

Joel Jacobs: Protect, that’s multi-factor authentication, that’s passwords. One I haven’t mentioned yet is geo-IP filtering.

Joel Jacobs: Everywhere that we have systems that we’re worried about getting compromised, or would be bad for bad guys, we’ve tried to use geo-filtering. If you’re not in the United States, you’re not logging into our server environment, in the Co-Lo, or into our Office 365 environment.

Jason Clause: Mm-hmm (affirmative), yeah. Okay.

Joel Jacobs: That has limited effectiveness, because all the bad guys have to do is compromise Grandma’s machine in Iowa, and then use that for launching their attacks.

Jason Clause: Yeah.

Joel Jacobs: [inaudible 00:30:49] inside the United States. But, it’s an extra layer, it’s an extra hop, it’s an extra effort, that they have to put forth in order to be seen as coming from the United States to try and attack us.

Joel Jacobs: I haven’t talked about any anti-virus, anti-Malware software at all, I haven’t talked about anti-Spam software.

Jason Clause: Yeah.

Joel Jacobs: Those are other layers, that I don’t want to get into today.

Jason Clause: Yeah. The thing that … As we’ve talked about this, what’s apparent … If I’m going back to where we started, if I’m the owner of a business, and I’m starting to think I’ve got concerns about this, you’ve given a number of different places to look, and I appreciate that. If I’m the owner, I’m not going to remember any of that.

Joel Jacobs: I don’t always remember them all.

Jason Clause: Yeah. We’re going to do more episodes on this, and we’re going to be writing about this a lot.

Jason Clause: I want to leave everybody with, maybe, a quick fix to try to get at … If you’re listening to this, and you’ve got some concerns about your current provider, are they doing this, or I just don’t know, one of the things that’s apparent here, Joel, is that mitigating these risks requires a lot of people, it is highly process driven. You have to be thinking about these things proactively.

Jason Clause: One thing that’s for certain, if you’re spending all your time as a provider putting out fires, you’re not doing these things. So, there’s some root cause, potential problems that are a little bit easier to diagnose, that, as an owner, you might be able to get at. If a provider is having some of these root causes issues, it is guaranteed they’re having these other problems that we’re talking about, and you have these other exposures.

Jason Clause: So, we prepared a video, you can find it on our website. It’s www.Endsight.com/RootCause, where we talk about one of the most common reasons MSPs find themselves in these situations. I encourage you to go check that out, we’ll include a link to that in the show notes for you, as well.

Jason Clause: With that, I think we’re going to close this down. Joel is, as I mentioned at the top of the show, Joel, he really knows this well, he’s been doing this a long time, and there’s a ton of detail we could get into, here. Thank you, Joel, for making time for us, and walking through some of these items. I think folks will find the information really helpful.

Joel Jacobs: Yeah, no problem. Thanks for having me on. Happy to be here, happy to share what I’ve learned. It needs to be a collective effort by everybody involved, to start making all of this stuff more trouble than it’s worth for the bad guys. It’s all about everybody hardening themselves as a target, until it becomes … Does anybody try and rob Fort Knox anymore? No, it’s just too hard.

Jason Clause: Too hard, yeah.

Joel Jacobs: There’s better ways to make a living.

Jason Clause: Wow. With that, we’ll make that the last word. Thanks, man. I appreciate you, appreciate your time.

Joel Jacobs: Thanks, Jason. Good talking to you.

Jason Clause: Joel, thanks so much for coming out and joining us, I really appreciated that.

Jason Clause: If you liked what you’re listening to, why don’t you head on over to iTunes, and leave us a review? I’ll include a link to iTunes in the show notes, you can pick it up there.

Jason Clause: Next time, I’m going to be doing another episode focused on cybersecurity. We’re going to be covering the California Consumer Protection Act, and what you, as a business owner, need to know about it right now. This is more legislation, it’s well intended, we’ll talk it through. We’ll be doing that next.

Jason Clause: The one after that, we’re going to be talking a bit about the business cycle, and business cycle planning. I did a presentation for one of my peer groups, and it was pretty well received. We’ll give it a try and see what you think. There’s a lot of consternation out there about what’s going to happen in the marketplace. There’s a way through it.

Jason Clause: All right. Until next time, I hope my good friend Jesus blesses you with peace in your heart, wisdom in your sprit, and just a lot of laughter in your belly. You take care, now.

The post Can your IT consultant stop these top cyber security threats? appeared first on Jason Clause | Microsoft 365 Consultant.

29 episodi

#Business #Jason Clause