Identity, Governance, Risk and Compliance

MSP Security Update: Fed Agencies Drive Compliance Opportunities

Cyber incident alert
  • EPA Steps Up Cybersecurity Inspections on Water Suppliers
  • SEC Requires Financial Institutions to Issue Cyber Incident Plans
  • Identity Security Deal: CyberArk Buys Venafi from Thoma Bravo
  • Lansweeper Pilots Channel-First MSSP/MSP Program
  • Staying Alert for Paris Olympics Cyber Threats

ChannelE2E’s affiliate site MSSP Alert is on top of the news and trends around cybersecurity for channel partners, specifically security service providers. With that in mind, each week we will bring a round up of news and information of interest from MSSP Alert to our MSP readers at ChannelE2E. Here’s what you need to know this week.

Government agencies are looking to implement or enforce regulations around cybersecurity, and that means opportunities for MSPs and MSSPs. Compliance is a big driver of new business for service provider companies. It’s important to stay up to date on new developments in this area, and we have them for you here.

As we enter the week of Identiverse (the premiere event for identity professionals produced by our parent company, CyberRisk Alliance) we’ve also got an interesting acquisition to report. CyberArk is building it identity security business, saying it plans to acquire Venafi, a machine identity company owned by a private equity firm Thoma Bravo.

We’ve also got news for you about Lansweeper’s new channel-first initiative. Plus we’ve got some insights on how IT service providers can help to protect against cybersecurity threats to big sporting events – in this case, the upcoming Paris Olympics.

Here’s our roundup.

EPA Steps Up Cybersecurity Inspections on Water Suppliers

 The U.S. Environmental Protection Agency (EPA) has issued an enforcement alert and will increase the number of planned inspections and, where appropriate, will take civil and criminal enforcement actions against providers of the nation's drinking water.

The EPA noted that recent EPA inspections revealed that more than 70% of water systems it inspected do not fully comply with requirements in the Safe Drinking Water Act and that some of those systems have critical cybersecurity vulnerabilities. A common issue are default passwords that have not been updated and single logins that can easily be compromised.

The EPA's move to step up inspections and compliance is in response to an increase in the frequency and severity of threats to, and attacks on, the nation’s water system. The agency said the threats have increased to such a degree that this additional action is critical.

Edward Wu, founder and CEO of Dropzone AI, a company that specializes in AI-powered SOC technology for MSSPs, said that water providers would do well to leverage MSSPs to help them comply with the EPA's cybersecurity requirements.

“Even though many smaller municipalities lack the funding to implement their own dedicated cybersecurity, they can leverage the power of MSSPs, which share the cost across multiple customers, to add monitoring and security management,” Wu said. “Many of these MSSPs use AI-powered SOC agents to increase efficiency and reduce costs, allowing them to service small yet critical organizations better.”

Read the full story here.

SEC Requires Financial Institutions to Issue Cyber Incident Plans

 The Securities and Exchange Commission (SEC) has issued new rules that direct certain types of financial institutions to have specific, written plans for how to handle cyber breaches involving customer information.

The requirements, which aim to modernize and enhance reporting regulations first adopted in 2000, apply to broker-dealers (including funding portals such as Kickstarter, Indiegogo and Fundable), investment companies, registered investment advisers and transfer agents.

Rick Borden, a partner in the law firm Frankfurt Kurnit Klein & Selz, said that the updates further signal the SEC’s intention to draw a hard line on cyber breach reporting and notification.

Read the full story here.

Identity Security Deal: CyberArk Buys Venafi from Thoma Bravo

 CyberArk is building it identity security business, saying it plans to acquire Venafi, a machine identity company owned by a private equity firm Thoma Bravo.

The deal establishes a unified platform for end-to-end machine identity security at enterprise scale, according to the companies. Additionally, the combination of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing with CyberArk’s secrets management capabilities will enable organizations to protect against misuse and compromise of machine identities.

CyberArk said it can now offer options for machine identity security all in one solution, which can be deployed as SaaS or hybrid and will enable faster risk mitigation for organizations of all sizes looking to secure modern cloud environments.

Read the full story here.

Lansweeper Pilots Channel-First MSSP/MSP Program

Lansweeper is piloting a channel-first program in seven countries in the Middle East where the IT asset and discovery provider is operating a 100% indirect sales model.

Christina Klein, Lansweeper’s vice president of global channel partners, who has helmed its channel program for about five years, is charged with influencing an internal cultural change that ultimately will lead to one umbrella sales organization, she told MSSP Alert in an exclusive interview.

“The indirect only pilot is exactly that — in a handful of countries in the Middle East: Turkey, Greece, Israel and [certain members] of the GCC (Gulf Cooperation Council),” Klein said. “We are piloting the impact of selling through the channel exclusively. That includes selling to MSSPs and MSPs. We have a couple of trusted distributors and a handful of resellers in the region that we send all leads to and support with sales and technical enablement, co-selling and co-marketing.” Will the program come to the US anytime soon?

Read the full story here.

MSSPs Should Stay Alert for Paris Olympics Cyber Threats

 As the 2024 Paris Olympic Games approach on July 26, security experts say MSSPs and MSPs should already be preparing to help their customers mitigate the risks of destructive and debilitating cyberattacks.

Attackers are already trying to disrupt businesses around the world through phishing attacks, ransomware threats and other deceptive and sneaky attacks using the lure of the Olympics themes to tease users into letting down their guard.

These threats will provide big challenges for MSSPs and MSPs, but taking precautions and developing strategies today will go a long way to minimizing or deterring these threats, experts say. Increases in these kinds of attacks are common before and during athletic events and other public events, including in 2012 when the London Olympics suffered a disruptive 40-minute DDoS attack on the Olympic Park’s power systems, and in Beijing 2008 and Tokyo 2021 when hackers targeted cyberattacks toward athletes, attendees and critical infrastructure systems. 

“MSPs and MSSPs can help organizations develop a solid understanding of their overall attack surface, ensure they have broad visibility into their environment and assets, enforce strong identity controls, encourage a zero-trust security strategy and take control of the cloud” as the Olympic games approach, Mark Manglicmot, senior vice president of security services at cybersecurity firm Arctic Wolf, told MSSP Alert.

Read the full story here.

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.