As cyberthreats continue to evolve—and intensify—MSPs are continuing to update and adapt the security training that they facilitate for customers. This week, CRN’s reporting team spoke with executives from numerous solution and service providers at XChange August 2024 about how they’re handling security training amid increased phishing, ransomware and AI-powered attacks. Six MSP executives shared details on how they’re helping customers to stay secure through education and awareness training for their teams.
[Related: MSPs Are Driving GenAI Adoption But Security, Data Hurdles Persist For Customers: Panel]
XChange August 2024, which was hosted in San Antonio by CRN parent The Channel Company, brought a major focus on cybersecurity with numerous keynotes and sessions focused on the topic.
What follows are comments from six MSPs on how they are evolving security education and awareness training for their clients.
Advertisement
Dennis Cockrell
Founder, CEO
EIT Networks & Cybersecurity
Greenville, S.C.
“It’s our job to educate them and to help them understand [AI security] risk. We’ve already integrated it into our end user cyber security awareness training. So our clients are already starting to hear about AI security and proper hygiene around AI. We’ve actually bolted in AI now, getting out in advance of our actual push into AI. … One of our core things for this year was, just focus on doing the simple things consistently well — doing the basics consistently well. Training is one of those things.”
Kelli Frederick
Catalyst Technology Group
Director of Productivity Solutions
Indianapolis
“I think a lot of the [original training] solutions that emerged in the market were very reactive. We use Weiser [Security] with our customers, and it’s more proactive. It’s able to show someone in real-time, ‘Hey, this was malicious and you clicked on it. And here’s why you shouldn’t have, and here’s what you look for next time.’ Versus, some of the original solutions that seemed to be pushing out canned things — ‘This is what we think you’re going to see.’”
Ross Jordan
Director of Business Development
SkyTerra Technologies
Nashua, N.H.
“Awareness and education is critical in getting the information to them. It’s making it applicable, that’s the challenge. It’s making them use common sense. It’s making them think just for a quick second to say, ‘This doesn’t look right. Why am I getting this?’ What we’re finding is a lot of people have gotten so used to the rat race of reading emails to just go and click. We have to make them stop, make them apply common sense and make them think about it for just a moment.”
Joshua Liberman
President
Net Sciences Inc.
Albuquerque, N.M.
“We’re doing our best to gamify the response with our clientele. We found very low engagement with several different vendors so we’re trying to find a way to incent them, get them excited and to compete with each other within the company. We then provide scores across our client base so they compete with each other as well.”
Tina McQuiston
Senior Account Executive
Infinit Technology Solutions
East Syracuse, N.Y.
There’s two parts. First of all, we really haven’t changed or adopted anything new over the past few years when talking about security or cyber security. We’re a trusted advisor with the companies that we’ve been working with for 30 years or so. There’s been constant education along this entire journey. One of the things we do is incorporate the manufacturer as well as the end user into our conversations to wrap our arms around the end user and educate our organization as well as the client so we’re all in it together. It’s a big team approach.
Things like Kaseya or ConnectWise or CrowdStrike are all part of that conversation. It’s a conversation, one-on-one with each client just to give them that comfortability hug, letting them know they’re in safe hands. We look at all of these things every day in our business, and that’s what we bring you. I personally use social media a lot, typically through LinkedIn, to educate companies.
Patrick Dugan
CEO
Reverus
Clifton Park, N.Y.
The conversation always starts based on the vertical that we’re walking into. Let’s say we walk into a healthcare facility. The conversation usually starts around compliance and where they are in their journey, if they understand the requirements of their vertical. And then, based on the response, I can talk and walk them down through the different cyber security offerings based on the actual need. The way we come to market is very much not trying to reinvent the wheel for them. It’s trying to figure out where they’ve succeeded in their IT infrastructure, where they’ve succeeded in their IT journey, and then trying to dovetail into it as perfectly as we can so we minimize their cost and get the best value for both parties. So we know where we exactly fit in.
Our security stack evolves along with the threats. We’ve modified our stack. We’ve been doing this 18 years, so our stacks are always changing. So we’ll educate clients on the choices we we’re making based on the threats and what we feel is right.