- CrowdStrike Outage Insurance Payouts Could Top $1.5B
- CrowdStrike: Big in the Enterprise, But a Newbie Among MSSPs, MSPs
- SEC Dismisses Lawsuit Against SolarWinds
- Cyber Pros Spot Spike in Malicious Activity After CrowdStrike Outage
- SonicWall Report Channels MSSP/MSP Threat Defense Strategy
Our MSP business readers at ChannelE2E know the importance of selling cybersecurity, particularly in 2024 as SMBs look to their providers for help with cybersecurity insurance, compliance and protection against a changing threat landscape and ransomware. With that in mind, each week ChannelE2E brings you a wrap up of the best stories from our affiliate site, MSSP Alert. Here's this week’s roundup.
This week has, of course, been dominated by the remediation, restoration and recovery from last week's CrowdStrike IT outage. It's estimated that insured losses from the July 19 event could reach up to $1.5 billion to the standalone cyber insurance market. But MSPs and MSSPs should check carefully -- there's a chance their policy doesn't cover an event such as this.
There's also been a surge of cyberattack activity seeking to take advantage of the incident. Bolster, a multi-channel phishing protection provider, announced on Monday that its free CheckPhish site had detected a spike in malicious activities, with more than 40 phishing and phony lookalike domains created in the first 24 hours following the CrowdStrike incident. A federal court in New York has dismissed the SEC's lawsuit against SolarWinds and its CISO, Tim Brown, which pertained to statements he made after the attack.
Finally, SonicWall's 2024 Mid-Year Cyber Threat Report takes a deep look at supply chain attacks. It's part of a new focus, as the company has pivoted its reports to serve as a resource for actionable insights that its channel partners — MSSPs and MSPs in particular — can use in their conversations with their end customers.
CrowdStrike Outage Insurance Payouts Could Top $1.5B
The CrowdStrike outage will be extraordinarily costly to the cyber insurance market. In fact, CyberCube, a company specializing in quantifying cyber risk, estimates insured losses from the July 19 event at between $400 million and $1.5 billion to the standalone cyber insurance market. How will the CrowdStrike outage impact the cyber insurance industry? And what of its potential impact on MSSPs?
Dustin Bolander, CEO of Beltex, a cybersecurity insurance policy designed for MSPs, told MSSP Alert that there are going to be a lot of people surprised to find out that they are not covered, as most cyber insurance policies are designed around an attack.
"I do not believe that many on the insurance side considered this type of incident," he said. "I was looking at a policy for a financial services company earlier this week and it specifically excluded software design flaws. My guess is we’re going to see a lot of exclusions for the business interruption coverages this falls under."
CrowdStrike: Big in the Enterprise, But a Newbie Among MSSPs, MSPs
The CrowdStrike IT outage impacted 8.5 million endpoints, according to Microsoft, and recovery from the crisis continued throughout the weekend. As IT fixers, MSPs were called on to fix the issue which has required touching each individual machine – not a money-making proposition if you are providing a subscription-based IT service.
But how big a deal is CrowdStrike, really, when it comes to the channel?
CrowdStrike is certainly big. The company is second only to Microsoft in terms of endpoint protection market share. Gartner says Microsoft owns 40.2% of the market while CrowdStrike is second with 14.7%.
Yet CrowdStrike’s market share is concentrated with big enterprises, according to Canalys Chief Analyst Jay McBain.
“CrowdStrike has been a Fortune-sized enterprise player since the beginning,” McBain told MSSP Alert. “It was just recently that they started going down market and trying to appeal to the broader MSP audience.”
Indeed, CrowdStrike just unveiled a partner program for service providers such as MSSPs and MSPs in September 2023 – not even a year ago. The Accelerate partner program provides incentives and education for MSSPs to use the Falcon platform.
SEC Dismisses Lawsuit Against SolarWinds
SolarWinds seems to be off the hook -- a U.S. Securities and Exchange Commission (SEC) lawsuit accusing the company and its CISO of defrauding investors by way of lax cybersecurity practices was dismissed by a federal judge.
U.S. Federal Judge Paul Engelmayer dismissed most of the SEC’s lawsuit alleging Solar Winds concealed its security vulnerabilities before and after a Russia-linked cyberattack that also impacted parts of the U.S. federal government, Reuters reported.
The SEC alleged that SolarWinds hid the cybersecurity viability of its products before the attack and downplayed the attack's severity after it occurred. But the court’s 107-page decision dismissed all claims against SolarWinds and CISO Timothy Brown, which pertained to statements he made after the attack. Brown reportedly said the comments were made in “hindsight and speculation.”
It’s rare for the SEC to sue public company executives. A CISO like Brown is not closely involved in preparing financial statements. Perhaps the SEC will be more cautious in how it pursues future such cases. Regardless, how might the future of MSSPs and MSPs factor into the ruling?
Attorney Eric Tilds told MSSP Alert that the ruling is certainly a blow to the SEC’s efforts to opine of the cybersecurity practices of SEC-regulated companies.
Cyber Pros Spot Spike in Malicious Activity After CrowdStrike Outage
Predictably, it didn’t take long after the massive global IT outage from a faulty CrowdStrike Falcon update for threat actors to begin perpetrating phishing scams, deploying malware and stealing data.
The outage that hit an estimated 8.5 million Windows machines on Friday raised concern among MSSPs, MSPs and cybersecurity vendors of increased threat activity. In fact, Bolster, a multi-channel phishing protection provider, announced on Monday that its free CheckPhish site had detected a spike in malicious activities, with more than 40 phishing and phony lookalike domains created in the first 24 hours following the CrowdStrike incident.
Tony UcedaVélez, CEO and founder of VerSprite, an Atlanta, Georgia-based MSSP, told MSSP Alert that he has also noticed an uptick in threat actor activity.
“We are seeing a spike in threat campaigns in vendor perpetration mostly where CrowdStrike is being perpetrated to IT targets,” he said. “These phishing attempts look to leverage CrowdStrike-related remediation efforts that may pertain to their computing endpoints or product systems in the environment.”
SonicWall Report Channels MSSP/MSP Threat Defense Strategy
One of the key focuses of SonicWall's 2024 Mid-Year Cyber Threat Report is a deep look at supply chain attacks. It's part of a new focus as the company has pivoted its reports to serve as a resource of actionable insights that its channel partners — MSSPs and MSPs in particular — can use in their conversations with their end customers.
For the first time, the report ties attacks to tangible business impact, including potential revenue risk, SonicWall said. The report has evolved in how it measures critical cyber threat data to include time as a factor.
“In previous years, we would have highlighted and dug deep on topics like malware, ransomware and IoT threats,” Douglas McKee, SonicWall executive director of threat research, told MSSP Alert. “This year, while those numbers are still included, we focused on actual threats we’re seeing and what MSPs/MSSPs can do to build solid defensive strategies to help prevent these types of attacks.”
For MSPs/MSSPs, leveraging timely trends and actionable intelligence from the report will help them offer more effective and proactive cybersecurity services to their clients, according to McKee.
