CISA Guidance for MSPs and SMBs, Part 1 – Chris Loehr – SCW #95
CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Chris currently serves as Executive Vice President and CTO of CFC Response/Solis Security, a division of CFC Underwriting, overseeing the day-to-day operations of the firm’s Incident Response and Proactive Cybersecurity teams. Chris has spearheaded numerous improvement and optimization efforts for CFC Response. Chris is passionate about assisting small and medium-sized organizations through difficult cyber-attacks. He takes the approach that the response efforts are more than technical. They require an incident response firm that can understand the business and respond to ensure the business’s needs are met and the business is restored as quickly as possible.