Podcast: Play in new window | Download
Be prepared to listen to this one more that once as John Ford CISO at ConnectWise has a very frank discussion with Brian on Risk Assessments and where the majority of SMBs fall short in today's threat landscape.
There are no short cuts in cyber security. A risk assessment is a holistic approach and drives next steps. Contrary to what some believe, vulnerability assessments support the risk assessment, they don’t replace them.
Based on real time anonymous aggregate data from the ConnectWise Identify assessment tool for MSPs the top 3 vulnerabilities are:
1. Neither MSP or their customers are doing adequate security awareness training
2. There is a lack in sufficient risk management practices
3. Inadequate monitoring or protection of client environments
When looking at enterprise security deployment vs. MSPs securing SMBs, John refers to it as bolting it on rather than baking it in and that service to SMB is somewhat transactional in nature rather than being process driven.
Transparency is your best approach with clients and prospects. Move the conversation to risk and determine how much your clients are willing to endure. Start by really understanding your client’s business before you can suggest the best and most adequate cyber security protections.
Links discussed in this Podcast:
1. https://www.connectwise.com/software/identify
2. https://www.sans.org/
3. https://misti.com/
4. https://www.nist.gov/cyberframework
5. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
#connectwiseidentify #Securityrisk #cybersecurity #securityassessments #SecureConnections #IoTSSA
[…] Risk & Vulnerabilities, John Ford, CISO of ConnectWise, May 8th episode […]