Listen to the podcast
Read Transcript
Erick and Rich discuss ConnectWise’s new AI-native platform, the fate of its earlier Asio platform, and why today’s most successful MSPs solve business problems, not technology problems. Then they’re joined by Tony Anscombe of ESET for an insightful conversation about ESET’s 2026 SMB Cyber Readiness Index. And finally, one last thing: how a single recent incident proves both that a memory stick could save your life and that dogs are more dangerous than you think.
Discussed in this episode:
Gaming PC saves owner from bullet fired by neighbor’s dog
Some guests on this podcast are clients of Channel Mastered. Compensation plays no part in their appearance or the content of the discussion unless the episode they appear on is a “bonus episode” explicitly labeled as sponsored.
Transcript:
Rich: [00:00:00] This episode of MSP Chat is brought to you by MSP Mastered. If you like co-host Erick Simpson’s tip of the week, you’ll love the comprehensive growth advice Erick and his team provide at MSP Mastered, your go-to resource for overcoming business challenges, improving service efficiencies, selling more profitable MRR agreements, and increasing the value of your MSP business.
From sales and marketing, to service delivery, to hiring and retaining high-performing talent, MSP Mastered offers access to over 90 online Mastered classes, 150 on-demand webinars, and 250 advanced MSP tools and resources, along with regular group coaching sessions and unlimited strategic email support, all for one all-inclusive membership fee.
Unlock your true MSP [00:01:00] potential by joining MSP Mastered today. And three, two, one, blast off. Ladies and gentlemen, welcome to another episode of the MSP Chat Podcast, your weekly visit with two talking heads talking with you about the services, strategies, and success tips you need to make it big in managed services.
My name is Rich Freeman. I’m chief analyst at Channel Mastered, the organization responsible for this show. I am joined this time virtually as I am every week, by your other co-host, our CEO and chief strategist at Channel Mastered. His name is Erick Simpson. Erick, you back home?
Erick: Back home for a short week, Rich, before we once again add more miles to our airline loyalty programs, you and I
Rich: They do love me so at Delta for all the flying that I’m doing.
Yes, and in fact next week’s episode, it, I don’t know if it’ll air next week or the week after, but Erick and I are going to be at Ruth’s upcoming event, Flow, and we will be recording for the podcast an interview there with one of their executives, Charlie Tamayo, [00:02:00] and that will be on the show either a week from now or two weeks from now.
So we’re looking forward to that. But for now let’s in a way we’re still transitioning out of the Pax8 Beyond event that we attended last week, Erick, because we were there at the show. Pax8 had a lot of news to announce. We talked about it on the last episode of the show. But right there in the middle of the show, and physically in the middle of the show because multiple very senior ConnectWise executives were at that conference talking to the media, ConnectWise made a major announcement.
They introduced what they are calling the ConnectWise Platform. And if you wanna know why they chose such a colorful name at some point I can explain that to you. But the thing that sort of struck me about it when I first read about it is this is a new platform from ConnectWise, and I thought they had a platform already called Asio.
Took them a couple of years to build it. They introduced it in 2021. They’ve been working on it ever since. They only just recently finished getting their [00:03:00] PSA product 100% ported onto it. And so are they getting rid of Asio? A question that people have been asking basically since this announcement.
The other thing that struck me is that as we will see, the ConnectWise Platform, this new platform, is AI-enabled. That is by virtue of the technology that ConnectWise acquired along with Zophic, an AI native service desk automation startup back in January. And to get from buying Zophic in January to all new platform in June I– that’s something for a company that took as long as it did to get PSA onto ASIO, right?
That’s moving fast. And yes, they’ve built a new and very talented technical team over there. You can do a lot with AI coding tools. But part of what’s going on here is A-ASIO isn’t gone exactly. When Manny Rivelo, the CEO of the company came in to that position about 18 months ago, he also brought in this [00:04:00] new tech– new chief product and technology officer who assembled this new technical team.
They’ve been working for that 18 months basically to, I would say, re-architect and upgrade ASIO. Some of this involved stuff, I remember Manny telling me once upon a time that when he joined the company, there was, like, RMM stuff in the platform and platform stuff in the RMM. They had to rationalize some of that.
They wanted to rebuild the core of the product to be more sca-scalable and a little bit more unified. So they did a lot of work to ASIO. And then, i- particularly in the last five, six months they have added this AI native automation capability to it as well. Manny has described this to me in various ways as next gen ASIO 2.0.
A lot of the code, I couldn’t tell you if it’s more than 50%, but a lot of the code is new. There are a lot of attributes and capabilities built into the platform that sort of future-proof it to a much greater degree than was true when Manny and his team inherited ASIO. ASIO is [00:05:00] not 100% gone.
In terms of the importance of this for Connectwise and its partners, obviously, we came into 2026, Erick knowing that Connectwise is this major brand, tons of partners, huge name recognition, and that PSA product, among others, really is a system of record for a lot of MSPs. But they were at risk of disintermediation by some of these AI native system of action startups.
Basically, Connectwise was not in that game at all. They buy Zofik in January, and now five short months later, they are in the system of action game. And that is strategically important for Connectwise and its long-term future. It’s also important for Connectwise partners because you are no longer in the position of having to acquire and layer a system of action on top of the tool set that you’re using right now.
You have the option of getting that kind of automation functionality along with [00:06:00] other functionality that you rely on from Connectwise itself. And there are tool stack complexity and tool spending implications to that. A lot of what Connectwise partners choose to do is gonna depend heavily obviously on how well the AI components of the ConnectWise platform perform.
But this is a big move forward for ConnectWise and a move that, as the company has been outlining, sets it up for more moves to come. They basically say they are at phase two of a five-phase AI journey that ends with re-recursively self-improving, fully autonomous AI that has predictive intelligence capabilities, anticipating and fixing problems before they even happen without humans really needing to be in, in the loop at all.
That’s a couple years down the road, but they are now on that road for the first time.
Erick: Well, Rich, it is, it is no easy feat to take, something [00:07:00] that has been in, various stages of evolution from a platform perspective and all of a sudden, acquire another organization, integrate them as quickly and efficiently enough to…
And write tons and tons of new code and segment things out and deliver something in such a short period of time. It’s mind-boggling this achievement. So I’ll just tip my hat to the ConnectWise team for, getting this done in such a rapid amount of time. And it’s a testament to, I think, the vision and the moves that they’ve made in the last 18 to 24 months.
Because, as we’ve talked about on the show, the journey of AZO and and been tracking its evolution over time. Tip of the hat there. Very interesting. I guess the second thought that I have is what a horse race the channel is in with all of this, AI forward strategy integration.
And I really [00:08:00] like the thought that these companies are thinking about, creating not only a system of record, but a system of action. That’s what MSPs need, right? I don’t wanna be jumping into, different platforms to do things or creating connectors and API and MCP server connections and all this to try to get…
And then writing prompts and all that. We’re like we- MSPs are like the business owners that we serve. We just want things to work so that we can do the things that matter, so that we can deliver business outcomes for ourselves and for our clients. I don’t know if it’ll take five years, Rich to, for ConnectWise to get through the next three phases of this.
We are… we al- we always say, we’re working at internet speed. We’re working at AI speed now. The next 18 months will be very telling, I think. And it’s just an interesting time to to be in the technology industry and in the channel, and in the [00:09:00] MSP channel specifically.
Rich: An, an interesting time and a very complex time, and for MSPs, a very challenging time. We’ve been kinda talking about the challenges of transitioning to being more of a managed intelligence provider as Pax8 would put it. And yet at the same time, I would just say from certain in certain ways it’s a great time to be an MSP.
We, we’ve talked before about the fact that you have more options to consider in terms of an exit if you’re contemplating one that you ever had before. PE backed roll-ups and non… If you… There are all sorts of people you could potentially sell to or merge with. That’s great. And similarly on the AI front, as you were saying, you- you’ve got options now.
You can get that kind of system of action functionality that you want from the same company that you get your PSA from, and that’s gonna have certain advantages. Or if you like the… If you think that the companies like ThreatENp have a head start, you’ve got that option open in front of you too.
And yeah, a lot going on, and that creates a lot of [00:10:00] flexibility for MSPs.
Erick: Yeah. I never could have dreamed of what’s happening today, when I was running my MSP, almost a couple of decades ago, right? It’s so much has changed. But I think the transformation and the evolution is not only, it’s not only expected evolution, but it’s the rapidity and the velocity that this change has been happening.
Just in the last five… Since COVID Rich? We’re talking about tr- com- completely upending what we thought we knew about technology and services and service delivery, and what our end customers want. They want AI now. That is the pressing thing that, MSPs are scrambling to try to figure out how to address that pressing need and add value and additional advisory services attached to that opportunity.
And you… And we’ve talked on the show as well, Rich, about organizations that aren’t even MSPs that will come [00:11:00] in and just do the AI advisory and the consulting and the workshops and the training and things like that. And that’s a threat to MSPs, I think
Rich: Yeah. And in fact Elliot Hyman, one of our guests of, from, elliot from Lyra Technology Group, a very large MSP, one of our interview guests on the last episode of the show said those AI consultants are in fact calling into Lyra end user accounts. And so that’s not a theoretical danger, that’s a very real one. The AI challenges and the AI opportunities that you were talking about there, Erick, might actually be a good transition, good segue into your tip of the week.
Most of the MSPs I know consider themselves pretty good at dealing with technology problems. The great MSPs you believe, Erick, might be really good at something else.
Erick: Yes. Yes. Let’s not kid ourselves, Rich. To be valuable to an organization as an MSP, we’ve gotta have our technology on point.
Our technology chops our, our [00:12:00] solution design, our architecture the things that, that power the organization. Back in the OG days, right? We were managing infrastructure, we were managing devices, we were managing users’ expectations and tickets, and we were selling technology outcomes.
And as you and I have spoken many times on the program, Rich We have to shift ourselves outside of the server room and into the boardroom, and this is all about delivering those business outcomes. So it is a perfect segue. And I was thinking about it as we were talking because MSPs have a unique opportunity, not only in having, options to strengthen their stack and positioning with AI tools and system of record, system of action, and things like that, or options for exit, but we have options now in incorporating a unique and differentiated service line, which is around AI.
And so this is something, like I mentioned we know [00:13:00] that, a very high double-digit percentage of business owners say they want to adopt AI, and they want it now. We want it now. So technology isn’t their ultimate goal. Running their business efficiently for growth and security and risk reduction is their goal.
They want to grow, and they want things to work. So how can MSPs adopt this AI opportunity and just as an overall framework and an umbrella, Rich, m- a- adapt their messaging, their sales process or unique value proposition to reflect that they are in tune with the, what their customers want from a business outcome perspective, and aligning their entire focus around that?
Of course, we take care of security and infrastructure and business continuity, Mr. or Mrs. Client. But what we [00:14:00] really specialize in, our expertise is aligning The solutions that we deliver and the support that we provide you, both technically and strategically, to align with your business vision and your business outcomes.
Let’s do a quick assessment. Tell me about how you’re how you’re thinking about leveraging AI. Tell me about your security needs. So I wanna have a very strategic high-level conversation that is reflected in the messaging that, that is reflected on our website and all of our marketing materials, Rich.
I wanna ask better questions during the sales process from a qualifying perspective. Business challenge questions, not technology ch- questions. Remember, we’ve got to switch it up. We’ve got to change our thinking. Instead of asking… And this was typical, right? And I know there are some MSPs in our audience that probably still do this.
How many users do you have? How many desktops do you have? How many servers do you have? Get to that, but don’t lead with that, right? That is just helping [00:15:00] you determine what, what components of service delivery you have to manage from an infrastructure perspective. But asking those business challenge questions is the lead go-to.
For the win, ask about their business challenges, and do your prep and your homework before you get on prospecting calls, and you better spend the time, Rich, understanding your client’s business if they’ve been a client of yours for, any period of time. So prospecting and preparation is step one of the sales process, and social media and the internet has gifted us with, that positive thing, among other negative things, where now we can go out and we can search and we can learn about an organization, and we can learn about, the stakeholders and the shareholders and the C-level executives by checking out their business profiles and get an idea of what their business is about and what challenges they may be facing.
And, dare I say, Rich, drop all that stuff in your favorite LM- LLM and [00:16:00] help it prepare you, excuse me, for that prospecting discovery meeting or for your QBRs and your strategic business meetings, focusing your intent around business outcomes and business challenges. And let it guide you.
Don’t just take it as written because, AI is trust but verify, can hallucinate. Use it for research and do your job, and sit down and translate the technical work that you deliver into the business value that aligns with what your clients are trying to achieve in their business.
You’ll be better off for
Rich: it. You’re reminding me of two conversations during the Pax8 conference last week, one of which was the interview we did with Elliot Hyman on the show, in which he said “There are SMBs calling into Lyra’s MSPs every day asking for help with AI.” I met as well during the show with the chief growth officer of Treeline, the Andreessen Horowitz-backed MSP.
Name of the company is [00:17:00] Treeline. The URL is treeline.ai. And because they’ve got AI in the name, they are getting calls every day from SMBs looking for help with AI. Most of their pipeline right now is inbound calls from SMBs asking for AI help. And none of these companies calling into Treeline or Lyra are talking about a technology problem.
They’re interested in a business opportunity, and they are bringing this business to you. “Help us realize this business opportunity that we know is out there somehow, somewhere with AI.” And so you absolutely if you want to take advantage of where this market demand is going right now, you’ve got to be able to have the kind of conversation that you’re ta- and cultivate the kind of messaging of all the stuff that you were talking about there, Erick.
It really is important for MSPs right now.
Erick: Yeah. I wonder who owns msp.ai, the domain name. ‘Cause, if that’s, if that helps create inbound, I’m not saying just tack AI [00:18:00] onto the end of every domain name, ’cause we’ve seen that backfire spectacularly Rich when things are unpacked.
But, you’re optimizing your messaging, you’re optimizing your SEO for that. Think about the messaging that n- that can be adjusted to attract business owners that want to adopt AI and want to leverage AI and optimize for that business outcome. I think, on the website, on your outbound messaging, on your social media posts in your marketing materials, in your sales leave behinds and in your sales conversations, identifying the business outcomes that cl- that clients want to achieve and what they’re…
where they sit from an AI readiness perspective. So that first s- the questionnaire or the talk track, your discovery meeting is all about business outcomes, AI, security. And of course, the commoditized services that every MSP, delivers, don’t lead with that stuff.
That’s not the unique [00:19:00] differentiator. That will come up and you’ll say, “Of course, we manage all these other things, but we really are experts at aligning business outcomes with our technology deliverables and AI.” Something like that.
Rich: Okay. Folks, we’re gonna take a quick break. About five weeks ago, Erick and I recorded a very interesting interview with Tony Anscombe of ESET.
It was about ESET’s 2026 SMB Cyber Readiness Index. I then got very sick and then went on vacation, so the show went dark on you for two weeks. Then we did some interviews at events, ’cause Erick and I go to a lot of conferences, and so this interview has been sitting in the can for five y- weeks, and we can finally bring it to you.
Trust me, this was worth the wait. Tony is one of my favorite people in the security world to talk to. I make a a practice to meet with him every time I go to the RSA Conference. It is great to have him finally on the show here, and he will join us moments from now on the other side of this break.
Stick around[00:20:00]
Very pleased to be joined by Tony Anscombe. He is the Chief Security Evangelist of ESET. Tony, welcome to the show.
Tony: Hey, great to be here. My inaugural visit, which is great.
Rich: We, we cross paths pretty much once a year at least, but a- almost always at the RSA Conference, and that’s the last time we saw each other in the flesh, just a few weeks ago.
And one of the things I learned during that conversation is that you folks at ESET had a research study, the… your 2026 SMB Cyber Readiness Index was not quite finished, but it was almost finished then. It was coming out soon. And I got very interested because I a lot of security research studies find their way into my inbox, but most of them are not SMB-specific the way this one is.
So we’re really looking forward to diving into some [00:21:00] of the numbers with you. Before we do that, though for folks who are not familiar with you, for the maybe two people in our audience who are not familiar with ESET tell folks a little bit about what you do and what ESET does.
Tony: Okay. I, as you said, I’m the Chief Security Evangelist for ESET.
I I… One, I go around making sure that our customers, our channel, and anybody who wants to listen is aware of the current threat landscape and some of the trends going on in the industry. What do we do as a company? We are a long-standing cybersecurity company. We’ve been in business for well over 30 years now.
We originally started out very much protecting the endpoint from what we all know as an antivirus and anti-malware standpoint. Today it’s a little bit more sophisticated. We are an MDR, EDR provider. We do a lot of threat intelligence work and we publish a lot of our research. We also do a lot of custom projects, cybersecurity custom projects where somebody’s got specific requirements about stopping [00:22:00] malicious actors in that way, and we’ll work with them about how best to protect themselves.
Rich: Okay. Let’s start out with maybe the most basic statistic from the readiness index this year. In the US, and all the data we’re gonna be talking about here is US-based. The study covers North America, so there is Canadian data as well, but just given the composition of our audience, we’re gonna kinda zero in on the US side of things.
54% of SMBs in the US experienced a cyber incident in the past 12 months, and my very first response, my gut reaction to that is that actually sounds kinda good. Just based on some of the numbers that I see in terms of, the percentage of businesses that get hit in a 12-month period, it’s like that might be progress, but maybe not.
I’m curious to get your take on that 54% number.
Tony: I think I think I’d agree with you actually from if you look at it just [00:23:00] purely statistically in that way, then I would’ve expected maybe that to be a little higher. I think what it also might show though is that people understand what a, what I’d define as a material incident is as opposed to an incident.
So sometimes we hear, of companies coming out with huge numbers of saying, “We, we have five incidents a day.” And they can class a phishing email as an incident. Yeah. And I think in M- in that MSP number, it’s a little bit more serious than that. I think what they’re actually that, that number looking so good means somebody has understood how to answer the question about what is a material incident not just somebody kind of poking the front door, it’s actually somebody trying the handle, so to speak.
Erick: Yeah, that’s a little bit more than a glass half full kind of perspective, Rich, on, oh, that’s that, that might be better than we had hoped for.
Rich: 80%, yeah.
Erick: Tony, you’re quoted in the [00:24:00] press release stating that SMBs in the US and Canada are entering a new phase of cybersecurity where attacks are becoming the new norm and an expected part of business operations, which kind of seems how did we get here?
Does that reflect a, healthy realism or just unhealthy fatalism?
Tony: I think I th- I think that’s healthy realism. I don’t think it’s a failure. The failure is if you’re actually having, incidents continually, actual incidents that unfold into something malicious, then we would be failing.
Seeing attacks somebody probing every day, I, is expected. And I think that’s what you’re seeing in some of that data. So I don’t think it’s a failure, I think it’s normality. The one thing for me in here that… and in fact, the survey doesn’t really go into this, but, what, why is [00:25:00] somebody continually probing?
Unfortunately, that’s because if you’re a cyber criminal, this is a monetizing thing to do. You’re looking for that low-hanging fruit, you’re looking for that vulnerability you can exploit, you’re looking for somebody who’s got that weakness, which is why you probe. You go down the street trying every door in the street to see which one’s ajar slightly until you find one ajar, and then you can go monetize your actions.
So I think it… a lot of it is that element of people giving all the doors a push. And yeah, for me, yeah, wouldn’t it be great if somebody could take cryptocurrency off the table and remove the monetization? Because then there’s no motivation to go try all the doors.
Erick: Yeah, I love that analogy, like checking every door to see which one opens.
I remember when we were kids, remember payphones? Back when we’re aging ourselves, and when we were kids, we were always reaching in to see if anybody had any change left in the payphone, s- booth back then.
Tony: I don’t know about you, Erick, but I think when I was a kid, we had [00:26:00] that game of you go down the street and knock all the doors, and then you hide behind the hedge to see who answers.
But I… maybe I shouldn’t be admitting to playing games like that when I was a child, but it was a long time ago.
Erick: I don’t know
Rich: what
Erick: you call it when- Statute of limitations passed on that, Yeah. Yeah. Go ahead, Rich
Rich: So here’s another statistic from the survey. 87% of US SMBs s- say they feel slightly to very confident that their business is cyber resilient, and that number actually goes up from 87% to 91% among the SMBs that have had more than one cyber incident in the last year, interestingly enough.
So 54% felt like kinda low to me. That number, those numbers feel a little high. Do they reflect overconfidence to you or are those probably realistic?
Tony: I th- I think that feels a little overconfident to me, and let me explain why. I think when we talk about the word cyber incident, we automatically assume an attack by [00:27:00] somebody malicious.
For a business to be cyber resilient means you need actually to be cyber resilient in all in all ways. A great example I use actually is Heathrow Airport last year in 2025 closed down for a day because they had a substation that provided their power had a fault. It had a fire. In fact, more than a fault, it had a fire.
Now they have three substations, each one with multiple transformers, each one with multiple cables onto the airport, so you’d assume resilience. But however, this particular substation run the safety equipment on one side of the airport, and of course that, when that goes down, the airport goes down as a full because they can’t guarantee safety.
Now, the reason I bring this up as an example is now let’s… Now if we think about SMBs and you ask the question about cyber resilience, they’re thinking about, are we protected are we protecting us, our infrastructure correct? Would we withstand an attack, and would we be able to continue to do business?
[00:28:00] Cyber resilience is more than that. Cyber resilience goes way beyond, and actually it should go back to resources in your power supply, into, redundancy in your internet connection, et cetera, et cetera. So it goes much broader than just the attack. However, if they are feeling that confident that they can withstand an attack, that’s awesome, but a cyber resilience plan must and should go much broader.
So I, I would’ve expected that number to be a little lower than maybe it is. So a little overconfidence in there, but maybe that’s because they limited the, how, the q- the scope of the question.
Erick: Yeah. So interestingly cybersecurity confidence doesn’t correlate always with company size. So SMBs with, let’s say, 500 to 1,000 endpoints are significantly less likely to use advanced measures like [00:29:00] threat detection and response than smaller SMBs.
I’d like to think that MSPs, have a hand in that, but what do you think really accounts for that?
Tony: I think you just hit the nail in the hea- n- nail on the head there. I think some of that is MSP, the MSPs. So maybe the bigger companies don’t outsource in the same way or don’t have the same willingness to outsource.
So if you were a smaller company i- in one of those sm- one to 250 employees, moving to an MDR service or actually using an MSP maybe is an easier decision because you don’t have the cybersecurity skill sets within your own organization, so therefore outsourcing makes far more economical and business resilient sense.
Whereas if you’ve got 500 people in your business, then you might see it as more costly. You might have one or two cybersecurity people, which maybe isn’t enough to actually deploy the advanced security [00:30:00] solutions, et cetera. I- it was an interesting statistic. I would having… If you’d asked me before we’d done this survey, maybe that was something in the survey that I wouldn’t have expected.
Erick: So MSPs, listen up. There might be an opportunity for more co-managed cybersecurity services than you may have, anticipated prior to this. This is a really interesting statistic, Tony.
Tony: It is. And yeah, you’re right. I think there’s an opportunity, and actually, i- if it’s pointing to the people in the lower end are more likely to actually run one of those outsourced services they’re businesses that you might not have considered as being a good prospect.
So yeah, absolutely, good opportunity
Rich: We’ve managed to make it 12 minutes into the interview without discussing AI, but I’m gonna break the streak here right now ’cause 81% of the SMBs you guys surveyed said that they are integrating AI applications of some kind into the [00:31:00] organization.
32% said that AI-powered malware was a major concern, their top concern, excuse me, for the year ahead. And yet when you guys actually dug into where are the actual cyber issues coming from, it was all the usual suspects. It was phishing lack of security monitoring, unpatched vulnerabilities.
What does this kind of tell you about, what is top of mind maybe for SMBs right now versus where they really should be first and foremost concentrating their attention?
Tony: For me the one of the top things that S- SMB should be looking at actually is supply chain. Because if we look at lots of the attacks that get publ– talked about and published you’ll notice there’s a common theme, that it’s something in the supply chain.
And bear in mind that supply chain can be quite broad. Supply chain doesn’t just mean the vendors that you deal with. It can be components within those vendors. It can be software libraries that some [00:32:00] of those vendors use. It could, we already talked about power, yet power is part of your supply chain.
There’s such a broad segment of supply chain. The reason I think everybody answers this as AI is because, as you said, it’s very prevalent in the press, where lots have been talked about. And sure phishing emails have got good, haven’t they? When they land in your inbox now, it’s tough to actually understand which ones are phishing and which ones aren’t now.
Even I have to read some of them more than once. Or in fact, sometimes I read them and admire how good they are. Yeah. Which is maybe a bad thing to say, but they are becoming good. They look good, and they feel very legitimate. But I think the one that concerns me the most is when you put AI at the top of that list, if I had the conversation and I have lots of conversations when I go around talking to people, they turn and say, “AI is attacking us.”
AI is not attacking you. AI is a tool set being used by cyber criminals to [00:33:00] aid their craft. AI is not actually attacking you, per se, on its own at the moment. Maybe in three to five years’ time, it will. Yeah. And actually, we haven’t seen AI malware in the wild in any number. We’ve published a couple of bits of research about AI malware but most of those are academic proof of concepts, et cetera, that have been put into the w- into the public domain, and we found.
So AI is not… I think a lot of that is a fear factor around
Rich: AI. And I’ll just very quickly say, Erick, it it fits together in a way that you haven’t seen more AI malware out there because the attackers don’t need to resort to something that sophisticated when phishing attacks still work
Tony: And if you yeah if you want to, yeah, spend 20 minutes go- going across and looking at Shodan and looking at, for example, [00:34:00] open RDP services or open VPNs that have username and password only without MFA, you’ll find unfortunately quite a few of them.
So my point here is there is a lot of low-hanging fruit out there for somebody to go after without getting complicated about this. And all the time that low-hanging fruit exists, then yeah, they don’t need to, they don’t need to spend their resources going down this path.
Erick: Yeah. My last question focused on kind of that 500 to 1,000 endpoint prospect or target audience for MSPs.
Let’s talk a little bit about the smaller folks now the 16% of SMBs that say they outsource some or all of their cybersecurity. 16%. So what are the rest of these folks doing? Are they trying to do it themselves? Are they just putting a blind eye to the threat? What are your thoughts, Tony?
Tony: I think there were different numbers in there, wasn’t there? There was So [00:35:00] it broke it down by are you outsourcing to a vendor? Are you outsourcing to an MSP? And it broke it down a little bit further there. I think some people are trying to do it themselves, certainly.
And, there, there is a number of people out there that clearly feel that. In fact, I think when we talked about how cybersecurity was managed in organizations, I think we found that 30% put it into that broader IT role. There was about a third of companies who said they’ve got dedicated specialists internally.
Interestingly, 21% of companies said they have an internal SOC. I think that’s probably a dream in that segment. I think what we define as a SOC in the cybersecurity industry probably is not the same as an SMB is thinking of a SOC because a SOC is complex, it’s difficult to manage, and typically you only find them in big enterprises or in MSPs, actually, MSSPs.
So I think there’s some terminology [00:36:00] issues there. But yeah, the out- the outsourcing was maybe lower than I considered. But what was interesting was when you delved into that number of, okay, once you’ve outsourced, then who’s it going to? And I think that’s one of the numbers that somewhat shocked me, whi- which is a fair number of these were actually off over a third were outsourcing directly to a cyber insurer.
Erick: Really?
Tony: And bypassing the channel, as you and I know it, and MSPs and MSSPs.
Erick: And Rich, we’ve talked about cyber insurers getting into MSP’s business in the past, right? So that’s a threat.
Rich: For sure. Yeah. No I first learned that the insurance companies were starting to set up their own MDR business and do business with SMBs probably about a year and a half ago now, and I wrote about it in in Channelholic.
I if you had asked me before I got to see the report to guess the percentage of SMBs who are actually working with an insurer on that basis, I would not… [00:37:00] 35% was the number that you folks turned up, and just to put that in context the percentage who are outsourcing to a, an MSP was 27%.
Now, in between there, there are people- Sure … who said, “I’m outsourcing to an MDR vendor, but not an insurance company,” or, “I’m outsourcing to an MSP or MSSP that uses MDR.” So the majority of the folks who outsource are in one way or another working with a vendor or a managed service or managed s- security service provider.
But the biggest single number on that list, 35%, was the cyber insurance companies. Is that a healthy development in this industry right now? For, from, purely from a threat reduction standpoint, it’s n- can’t be great for the MSPs, but in terms of security, is that good, not good?
Tony: No, and had you asked me for a number before we had the results in I’d have put this number somewhere between maybe 10 and 15%.
That [00:38:00] would’ve been my best guess. So when it came back with such a high percentage, it’s like this is more concerning than maybe I thought it was. Now the issue is you’ve got I think three main insurers in the US that are offering MDR directly as part of an insurance package.
Now, as a small business, this might be a compelling offer. So you want cyber risk insurance, you wanna mitigate the financial cost, you know there are requirements, and if the insurer turns around and says look, we just do it all for you, and we bundle the price,” and they come in. And it’s not just the fact they’re bundling the price and taking everything away from you.
If you have an incident, it probably means you’re kinda claim guaranteed, because if they’re doing the work and protecting you and there’s an incident, they’re not gonna refuse to pay out because of something they did. So a, as a small business it may well be that compelling. Now, the [00:39:00] issue that this causes me i- is out of those three insurers, two of them use one product and one of them uses another product.
Now, if you think about this over the longer term, that means if we get to a point where a third of all a third of all SMBs that do outsource use the same product- And there’s an incident with that product, firstly, does the cyber insurer have enough incident response team resource to actually go and help all those customers?
Because all of them would be down at the same time. Yeah. And you’re creating a monoculture if everybody uses a single product. Now, one thing in security is divert… you’ll hear security people talk about layers and, I take that one step further. You actually need diversity. So you know, if there are 50 states in the US, if you don’t want all 50 states running the same cybersecurity product because if there was an [00:40:00] issue, they all go down.
Realistically, you want 10 cybersecurity products and fi- each of five states running them. And I use this as an example because then if you have an incident, it’s a minor incident. So diversity of product selection should be in there as well. So maybe the insurers will fix this over time.
Yeah. And I’ll give you an analogy give you the analogy from an insurer’s perspective. Sometimes if you go and do a comparative quote for car insurance, you’ll get, three or four top insurers turn insurance offers all s- all very similar, then you’ll get three or four that are very highly priced.
The re- the highly priced ones aren’t about you. That actually probably means that insurer doesn’t want more of your car on their books. Maybe they’ve got too many Fords or, in your case, Rich, maybe too many Lamborghinis. Yeah. But my point here is maybe it’s about they don’t w- they don’t want that product mix or that industry sector or whatever it might [00:41:00] be.
So at some stage I’d like to think the insurers are gonna sit back and go, “Oh, hang on a minute. We’ve got a single point of failure here, a single risk point,” and build in diversity. But at the moment they’re not. So I would air real caution if you’re going down this path of using an insurer in that way to provide MDR, of making sure you’re building in some diversity and resilience in that solution as well
Erick: Tony, from a big picture point of view should this report leave us all feeling optimistic, pessimistic, somewhere in between about the state of security among North American SMBs?
Tony: Do you know, that’s a really good question. One, the one of the things that came out of there was about budget.
One of the questions we asked is, do you have adequate budget? And actually if we take more than sufficient and sufficient together, that came to, I think it was 94% of [00:42:00] organizations felt they had sufficient or more than sufficient budget. So that one surprises me. Yeah. I would’ve thought a cybersecurity team would always be after more money and wanting to spend more money.
But if they feel they’ve got enough budget, that’s a really positive. It means maybe we’re at the point now where we truly have turned the corner where the business understands that cybersecurity is not something that’s a nice to have, that it’s a must have and you need to fund it. So maybe we are at that point, which is a really positive thing to take away from this survey.
Erick: We can only hope.
Rich: All right. Tony, super interesting stuff. I appreciate you making some time to talk about it with us. For folks in the audience here who would maybe like to get in touch with you, talk a little bit about some of what you shared with us here, or they just wanna take a look at the report where should they go?
Tony: So the report [00:43:00] at some stage will appear on We Live Security. It will also be in as a, in the press room, as you mentioned, there’s a press release which will have access to the report on ESET.com as well. So either welivesecurity.com at some stage when we publish the full report, or on ESET.com within that press room via the press release.
If they want to get a hold of me and have a chat with me, I would be more than open to that either through LinkedIn, Tony Anscombe on LinkedIn, or or drop me an email, [email protected].
Rich: All right. Fantastic. Tony, again, thank you very much for joining us on the show. Folks, Erick and I are going to take a break now.
We’ll come back in just a moment to share some final thoughts about this research and our conversation about it with Tony, have a little fun, wrap up the show. Stick around. We’re gonna be right back
Welcome back. Part three of this episode of the [00:44:00] MSP Chat Podcast, and I told you folks. I told you it was worth the wait to get that interview with Johnny Anscombe. Very interesting speaking with him as it always is. A lot of things we could probably call out. I… one of the things that stuck with me after this conversation is Tony trying to broaden the resilience conversation a little bit beyond backup and security to, to just think more broadly about what it means to be a resilient business.
Redundant internet connectivity. What are all the ways in which you can find yourself stopped by technology, and w- what are the ways that you as an MSP can help your clients avoid that? That was one thing. And then y- you always learn something sort of interest… Tony always has a really unique take on something or other in every, any conversation with him.
And it was super interesting to hear him talk about the how the cyber insurers, who we know are increasingly getting into managed detection and response to reduce the [00:45:00] claim volume and so on. So they’re starting to get into what you do. But what Tony said that I didn’t know is that the cyber insurers doing that are all using essentially the same two MDR products, and it creating this kind of what he said, monoculture, right?
Whi- which… A- and monocultures are vulnerable, and the cyber insurers in a weird way are introducing this vulnerability into the the cyber landscape right now. Just something that never occurred to me or, I was totally unaware of in the past.
Erick: And Rich, I know we’ve also spoken with other organizations that, that do cyber insurance and warranties and things like that.
And there’s, I think, two kind of, sides of the position here. Some say, “Yes, we’re gonna, we’re gonna go ahead and do this and we’re even gonna acquire MSPs, and we’re gonna compete head-on with MSPs.” And then there are the folks that, that we hear that say, th- that should never be something that, cyber insurers mess with.
Stay in your lane. Let the MSPs do their job. [00:46:00] Partner with them. You guys don’t know what you don’t know, and this is a great example. It’s like you got two products, and that creates, an opportunity for vulnerability and all kinds of things. And if you’re just tacking on some, some solutions onto a cyber insurance offering that just doesn’t seem like a great strategy to protect SMB customers to me, Rich
Rich: All right.
There’s a whole other conversation we could have about why the cyber insurance companies are getting into MDR, ’cause it’s not that they’ve decided that’s this great new revenue source. But that’s for a later episode of the show. For now folks, we’ve got time for just one last thing. And as as everyone is aware, Erick memory right now is in very short supply.
The AI companies, the hyperscalers, they’re consuming all the memory that the memory makers can manufacture right now, and it’s just getting hard for PC makers, for example, to acquire RAM right now. And [00:47:00] that inability, that difficulty in getting your hands on memory, it turns out can have life or death co- death consequences for people.
I’ve… We bring you this story here that illustrates exactly why. It concerns a young woman who was in bed when a bullet came crashing through the wall of her bedroom. Police later came on scene. They were yeah, doing the forensic investigation, checking the arc of the bullet.
Basically, that bullet was headed right to her head. The only reason it didn’t strike her and kill her was that it encountered a ra- a memory stick on her desk first. The memory stick deflected the bullet and saved her life. A memory stick could save your life, too if you can get ahold of of one Erick.
So it just kinda shows how high the stakes are in the memory shortage right now. And the other thing about this story, by the way, I’ve been hanging onto the kicker. Why was a bullet flying through the wall of this woman’s bedroom? That it was [00:48:00] fired by a neighbor, except it wasn’t actually.
The, a gun wasn’t actually fired by a neighbor. That gun was fired by the neighbor’s dog. Apparently the neighbor was not storing that handgun responsibly. A dog got in touch with it somehow. The story I’m reading here didn’t specify. Gun goes off, bullet h- goes through the wall. Could have killed a young woman if not for that heroic RAM stick.
Erick: Two things, Rich. I’m looking at the photo of the RAM stick that deflected the bullet. Let, I’m sure we’ll link to this, but it’s pretty crazy. And the other thought I had is what pissed this dog off? “I’m done with these ruh, ruh, ruh humans,”
Rich: yeah. If it g if you’ve got a gun in the house, give your dog treat ’cause apparently they know how to shoot, and yeah, you don’t wanna be on the wrong end of that. Folks, that is all the time we’ve got for you this week on the show. We’re gonna be back in another week’s time coming to you live from Nashville, Tennessee at Roots Conference.
Until then, I will simply remind you this is both a video and an audio podcast, which means that if [00:49:00] you are watching us right now, but you’re into audio podcasts, you can go to Spotify or Google or Apple, wherever you get your audio podcasts, you’ll find us there too. If you’re listening to us, but you wanna check us out on video, go to YouTube look up MSP Chat, you’ll find us there.
And wherever it is you find us, please subscribe, rate, review. It’s gonna help other people discover and enjoy the show just like you. This show is produced by the great Riley Simpson, part of the team with us here at Channel Mastered, where we help vendors build, grow, optimize thriving MSP channels.
Channel Mastered and you can learn more about all of that, all the many ways we do that, at www.channelmastered.com. Channel Mastered has a sister organization called MSP Mastered. That’s Erick and his team working with MSPs to help them grow and optimize their business. You can learn about that at www.mspMastered.com.
So once again, we thank you for joining us. We’ll see you in a week. Until then, folks, please remember, as we always ask you to, you can’t spell channel without [00:50:00] MSP.
Check out more episodes
