Our MSP business readers at ChannelE2E know the importance of selling cybersecurity, particularly in 2024 as SMBs look to their providers for help with cybersecurity insurance, compliance, and protection against a changing threat landscape and ransomware. With that in mind, each week ChannelE2E brings you a wrap up of the best stories from our affiliate site, MSSP Alert.
This week we’ve got some big stories to share with you, including news about the big AT&T breach/data leak of last week that seems to be linked to the Snowflake breach. Perhaps it’s timely then that Stellar Cyber’s cofounder explains the company’s security extension to cover data clouds such as Snowflake and others in one of our other stories.
We’ve also got coverage of a big story that looks to become even bigger this year – election security. CISA has released a new guide for election officials and a Splunk exec who previously served in two presidential administrations weighs in on the agency’s election security efforts. Plus, you’ve probably heard that CISA advises against paying ransoms in ransomware attacks. Here’s why the director just stepped out and ruled out a complete ban.
Here's this week’s roundup.
MDR Provider Says Snowflake-linked AT&T Breach Shows Even Giant Companies at Risk
AT&T suffered a massive breach that affected tens of millions of its mobile customers in a cyber incident caused by an illegal download from a third party cloud provider, allegedly, data cloud giant Snowflake. AT&T disclosed the data breach in a filing with the Securities and Exchange Commission.
The wireless carrier serves more than 100 million customers in the United States, and it acknowledged in a July 12 statement that the compromised data includes files containing AT&T records of calls and texts of “nearly all” of AT&T’s cellular customers.
AT&T also said the breach affected customers of mobile virtual network operators using AT&T’s wireless network, and AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022, and Oct. 31, 2022.
“There’s no business too big or security environment too advanced for threat actors to target,” Dan Schiappa, Artic Wolf chief product and services officer told MSSP Alert in an email. “Attacks on mega-corporations like AT&T and Ticketmaster provide attackers with the opportunity to command a large ransom sum with the stolen data, whether they sell it on the dark web or to American adversaries.”
Splunk Exec Weighs in on CISA Election Security Efforts as Agency Releases Guide
As more MSSPs, MSPs and other cybersecurity organizations get into the election security business, new guidance from the Cybersecurity and Infrastructure Security Agency (CISA) will help them maintain and restore confidence in the reliability of voting systems and mitigate voter misinformation.
In cooperation with the U.S. Election Assistance Commission (EAC), CISA has released “Enhancing Election Security Through Public Communications,” a guide for state, local, tribal and territorial election officials who are the primary sources of official information about elections.
The guide offers useful information and tactics to help election officials address risk to election infrastructure and operations by developing a public communications plan that conveys accurate information about how they administer and secure elections and by preparing their teams to communicate effectively.
CISA asserts that open communication with citizens is crucial to maintaining public trust in the security and integrity of the election process.
Mick Baccio, who leads Splunk’s research efforts as a member of its SURGe team and who served as White House Threat Intelligence Branch Chief in both the Obama and Trump administrations, emphasized that imperative during an interview with MSSP Alert at Splunk .conf24 in June.
“I think CISA has done a great job since 2020 when Chris Krebs (former CISA director) was fired by tweet (by President Donald Trump), and what the Director (Jen Easterly) has reasonably done since then,” said Baccio. “I think CISA has made a tremendous effort to convince people exactly that, that the elections are fair and free and secure.”
MSSPs as Acquisition Targets: Software Vendor Snaps Up Nuspire
When it comes to technology service provider (TSP) mergers and acquisitions, many deals seem to have a PE firm or another managed service provider as the acquirer. But that wasn't quite the case with PDI Technologies’ acquisition of MSSP Nuspire, an MSSP Top 250 company.
Software and services vendor PDI Technologies provides ERP, data analytics, payment processing, cybersecurity and other solutions to the vertical markets of convenience retailers and petroleum wholesalers. The company does offer some managed services and professional services to support those solutions, too.
But to gain cybersecurity talent, services and capabilities, PDI acquired Nuspire, announcing the deal in June 2024. That's not such a big surprise, according to Rick Murphy, founding CEO and managing partner of buy-side M&A advisory firm Cogent Growth Partners and an expert in IT service company M&A.
Murphy told MSSP Alert that although MSSPs are expensive to buy, plenty of companies may be looking to acquire them. That's because the acquirers can quickly gain cybersecurity capabilities and talent for their own companies when they buy an MSSP.
CISA Advises Against Paying Ransom, But Rules Out a Ban
While the Cybersecurity & Infrastructure Security Agency (CISA) has come out against paying ransoms, the director of the organization stopped short of saying that the government should ban such payments.
CISA Director Jen Easterly recently made her position on ransomware payments known at the Oxford Cyber Forum, as reported by Security Intelligence. However, Easterly didn’t go so far as calling for a ban on paying ransomware demands.
“I think within our system in the U.S. — just from a practical perspective — I don’t see it happening,” she said.
Backing up that assertion, the Ransomware Task Force for the Institute for Security and Technology does not support a ban on paying ransom, according to Security Intelligence. The task force reasoned that small businesses typically cannot withstand a lengthy business disruption and might go out of business after a ransomware attack, and this could disrupt the wider response to ransomware threats.
Stellar Cyber Founder Explains New Data Lake Security Extension
Stellar Cyber has expanded its Open XDR platform to secure data where it lives, in data lakes, something the company is calling "bring your own data lake." Data lakes and cloud data storage is essential as organizations embrace artificial intelligence. Data is the fuel for AI.
Stellar Cyber's integration allows organizations that have standardized their data storage framework on Splunk, Snowflake, Elastic or AWS security data lake to incorporate the Stellar Cyber Open XDR platform into their security framework.
Explaining the inspiration behind BYODL, Aimei Wei, Stellar Cyber founder and chief technology officer, told MSSP Alert that customers want the flexibility to seamlessly integrate their existing data lakes with advanced security platforms and without the cost and hassle of data migrations.
“Without the ‘bring your own data lake’ capability, customers often face high costs and disruptions from migrating data to new platforms,” Wei said. “They deal with complex integration challenges, increased storage expenses and inefficiencies in their security workflows. Additionally, the lack of seamless data integration can lead to lower data quality, resulting in more false positives and less accurate threat detection.”
