Welcome to the fifth blog of our “MSP Fast Track” hangout series, “Hack the Hacker: Cybersecurity Tips Every MSP Should Know.” Our panelists were three cybersecurity experts and enthusiasts discussing their strategies and tactics for hacking the hacker.

Meet Our Panelists


Focus Technology Solutions, Tim Lasonde, Senior Vice President of Managed Services
WestTek Solutions, Francis West, CEO
Continuum, Drew Sanford, Director of SOC Operations

Check out our panelists’ answers to the questions posed to them during our interactive discussion:

The State of Security Today for MSPs and their Clients

MSPs are the ones that are expected to be the "experts"

I first asked our panelists to describe how they view the state of security today for MSPs and their clients.

Tim responded, “It’s a maturing part of our business. In its infancy, even as soon as two years ago, it was the case that a lot of clients thought that it didn’t apply to them. Thought that unless you were a big company like Nike or GE, that you didn’t have to worry about things like this. I think the media has really helped raise awareness that hackers are basically targeting any information—personal, money—and even your position in a company can have an effect on how you are targeted.

Lake City, Florida just had a major breach, a ransomware attack and they are having to pay the ransom. Customers will see that and they’ll ask ‘hey did you see this? Am I protected against that?’ So, I think the maturation is starting to happen and that’s a good thing for MSPs.”

Drew added, “Absolutely true, but I also think MSPs had been focused on helping customers be as efficient as they could, helping them grow their companies. What's really changed though is when you start looking at security and what it's brought about it’s no longer just protecting a customer against themselves. It's now about us (MSPs and vendors) being educated and realizing that the customer may not even be aware of some of the attacks coming in. It's helping them have that awareness and understand the risk. So it really has changed the education role, we as MSPs have to play as we go through that.”

How to Educate Your Clients

When I asked Tim and Francis to talk a bit about how they are educating their clients about cybersecurity, they shared some helpful insights for other MSPs.

Tim said, "It's correlating what bad thing could happen and how is Focus going to stop that bad thing from happening. The education process depends on the size, on a regular cadence. Security's definitely been added to the things that we talk about during our check-in meetings and education is a huge part of that.”

Francis agreed that the case is similar for him when trying to educate his clients and fully understand the security hurdles that face them, “It's all about awareness and constant training and just giving them the facts. We've even gone to the extent now where we're saying to the client, listen, if you don't want to take our advice, it's at your risk, please can you sign this disclaimer or waiver? And that it's the only way, but then they don't even want to sign that. So you go, okay. The other thing to note, especially in the UK, I believe that until the ICO, the information commission officer, starts fining more people for losing data through GDPR related a loss, the smaller two-man, five-man shop will not take this seriously.”

Business Opportunity Within the Security Space

Next, we talked about advice we would give to MSPs looking to get into the security space:

Drew started, “As you look at MSPs that are wanting to get started, there's two groups of MSPs: the ones have a large team and are trying to figure out ‘how do I put the process and procedures in place?’ Then you've got the MSPs that are a little bit smaller, that security is hitting them as something their customers are requesting. Something they can't avoid. But as you go and look to start building, the advice I would say is first of all, find somebody you can partner with that can bring together all the pieces you need to help bring you to that first step. The problem is the hackers aren't waiting for you to figure it out. You've got to start today. It's not something that can wait six months because, trust me, it's going to come to your front door whether you want it to or not.”

Francis then shared his elevator pitch with attendees, “I'll represent the UK, but it’s similar worldwide. In the UK, there's something like 68% of small businesses have already been compromised. And the sad thing for me, it takes on average 237 days before they even figure out that they've been compromised. So why don't you share this stat with them? So, I do and I say to them, ‘Basically all of us in the room have already been compromised.’ Unless you’ve got really good software in place, like we do with Continuum, you just don't know how protected you are and what you don't know is going to give you a heart attack and you're going to die.” Francis has a fantastic flare for the dramatic, but his point is strong and valid.

Benefits of the SOC

I then asked our panelists, “What are the benefits to having a SOC?”

Tim said, “The biggest problem that we have that the SOC helps us with is the sheer volume of information that comes in on a regular basis. Because we have been generating more awareness with our clients, and educating them, we get more, ‘Hey, is this email okay?’ ‘Hey is, is this link good?’ There’s a lot more interaction with customers which creates volume, which creates tickets, which creates, so, so on and so forth. So what the SOC does that’s really helpful is sift through what's happening on the network and filtering out the garbage, the noise, the things that are not something that we need to take care of. And, to be completely honest, our help desk and our field team, they're busy, they're really busy. We’re adding users, we are doing projects, we’re adding people to Office365, we don’t have time to follow-up with every cybersecurity alert and threat that comes through.”

Francis built on this saying, “It’s the power of 10 [when you haven’t got 10 employees to work through these issues]. In the old days, if we had a ransomware attack, we had to shut down the entire network, bring one up at a time, scan it, and then hopefully by, two, three, four days later we’ve solved the issue. Whereas now we can isolate one single machine, fix it, put it back, and we didn't have any interruption to the rest of the network, which means we were potentially saving the client of small fortune. And for me, it gives me an advantage, which is even further bolstered by the thousand-dollar guarantee, that if you don’t have a SOC as part of your MSP, you can’t match our service. It’s that simple.”

A SOC is a clear differentiator in your business.

Security is Top of Mind for All

Our panelists shared what they believe is the number one security protection that an SMB should have.

Francis explained that, “They should use a SOC and SentinelOne, end of. Because without it, how do you know what’s going on? You have to have multiple layers to your programs and at WestTek we made having the SOC part of the advanced program that we offer. It’s the best one that you can have. We now pulled that apart and are selling that just as a single product because it’s the best one that you can have. If you just have one program, at least have backup with the SOC team plus the warrantee. This gets them a long way without having to spend loads of money.”

Tim confirmed this, “I agree with that 100%. We are doing the same thing. We will lead with our MSSP practice, which has multiple layers and different offerings. That gets us a foot in the door. We’ve found that SMBs are looking for that, which means that most current MSPs are not providing that to them. I’m also amazed at some of the clients that we take on that don’t have multifactor authentication. That’s a simple thing to do, that you really just have to do for all your customers. I would also suggest some advanced email scanning tools that easily parse through emails and block things that seem to be phishing or spam and then give you the information if you want to look through it more in-depth.”

And Drew agreed and added, “The other thing that’s really important is having a hold on your AD logs and things like that. You can do that with SIEM solutions and tools like that. Most MSPs aren’t used to watching that kind of data, but it’s a goldmine from a security standpoint because when somebody first tries to hack that network, that’s usually the first sign in. Monitoring those logs can help you get ahead of a breach, and let you see their attempts before they are successful.”

To learn more about how to sell cybersecurity and how to hack the hacker, watch the full recording of this hangout “Hack the Hacker: Cybersecurity Tips Every MSP Should Know.”