scw95

Security and Compliance Weekly Episode #95 – November 16, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. CISA Guidance for MSPs and SMBs, Part 1 – 12:00 PM-12:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista! Keynotes from Alyssa Miller, John Strand, Lesley Carhart, Dave Kennedy, & Maril Vernon! Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us for our next live webcast on December 2nd to see what’s under the XDR hood. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.

Segment Resources:
https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf

Guest(s)

Chris Loehr

Chris Loehr – EVP, CTO at Solis Security

Chris currently serves as Executive Vice President and CTO of CFC Response/Solis Security, a division of CFC Underwriting, overseeing the day-to-day operations of the firm’s Incident Response and Proactive Cybersecurity teams. Chris has spearheaded numerous improvement and optimization efforts for CFC Response. Chris is passionate about assisting small and medium-sized organizations through difficult cyber-attacks. He takes the approach that the response efforts are more than technical. They require an incident response firm that can understand the business and respond to ensure the business’s needs are met and the business is restored as quickly as possible.

Hosts

Fredrick

Fredrick “Flee” Lee

@fredrickl

CSO at Gusto

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

KatValentine

Kat Valentine

Compliance Free Agent (Consultant) at Osmosis Security

LiamDownward

Liam Downward

CEO at CYRISMA

2. CISA Guidance for MSPs and SMBs, Part 2 – 12:30 PM-01:00 PM

Announcements

  • Throughout 2022, CRA’s Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.

Segment Resources:
https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf

Guest(s)

Chris Loehr

Chris Loehr – EVP, CTO at Solis Security

Chris currently serves as Executive Vice President and CTO of CFC Response/Solis Security, a division of CFC Underwriting, overseeing the day-to-day operations of the firm’s Incident Response and Proactive Cybersecurity teams. Chris has spearheaded numerous improvement and optimization efforts for CFC Response. Chris is passionate about assisting small and medium-sized organizations through difficult cyber-attacks. He takes the approach that the response efforts are more than technical. They require an incident response firm that can understand the business and respond to ensure the business’s needs are met and the business is restored as quickly as possible.

Hosts

Fredrick

Fredrick “Flee” Lee

@fredrickl

CSO at Gusto

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

KatValentine

Kat Valentine

Compliance Free Agent (Consultant) at Osmosis Security

LiamDownward

Liam Downward

CEO at CYRISMA