Manage episode 297155919 series 1107025
You might've heard me talk about this already, or you heard about it elsewhere. This US technology firm is called Kaseya. They're headquartered in Miami and they are used by businesses and governments around the world. And they're spreading ransom.
A week ago on Friday, a flood of ransomware hit hundreds of companies around the world.
[00:00:25] We're thinking now it may have been thousands. We don't have good numbers yet, but we're talking about grocery stores, public broadcasting schools, national railway system. They were all here. With ransomware. Now this is the modern ransomware, we think which encrypts your files, but also poles your data. So that later on, it can extort money from you.
[00:00:55] Okay. Very bad stuff. It really caused disruption in Sweden. They was incredible and forced hundreds of businesses to close. Now, every one of these victims had something in common. They had network management and remote controls, software developed by casinos. Now cause say it is used by, I think their their counters like a hundred thousand customers.
[00:01:25] So it's used by a lot of companies worldwide and they make software that allows other companies. So a third party there's yet another company here allows them to monitor that third party companies computer. So let me just lay this out for you. Here's how this works. You're a small business. You have it people, but they're busy just trying to keep windows up to date.
[00:01:55] And they're also trying to help your people understand how best to use computers, evaluate new software. Doing things, the, it, people should be doing, cyber security is a major specialty nowadays. It's something that you have to focus heavily on. And as you focus, you're still getting behind.
[00:02:16] So as that small business with a couple of people, maybe there's one person that has to deal with computers, right? It's often the office manager, that person. Now needs help when it comes to cyber security. In fact, that person needs help when it comes to keeping these computers up to date, because there's patches from Microsoft, for the operating system, for all of the Microsoft 365 stuff, there's patches for all of the Adobe software there's patches for you.
[00:02:49] You've probably gotten QuickBooks or some other accounting software that needs patches. It's just difficult. If not impossible, to keep up with all of this. And then, your users are probably using Google Chrome. They might be using safari or some other browser, those off to be kept up to date. So one that small business person does is they go to a managed services provider and they say, Mr managed services provider would you take care of all of my computer problems for me?
[00:03:20]And off they go, right? The managed services provider, maybe they have a few different ways of working, but maybe they go ahead and they say here's what we'll do for a fixed amount per month per computer or per employee. We will take care of your computers for you. So we'll go ahead and patch them, keep them up to date.
[00:03:40] If they fail, we'll fix them. We'll replace parts in them, all of that sort of stuff. That makes sense to you. So they contact this managed services provider who takes over their network. How does that manage services provider? Run the network. They don't do it the same way that small business used to do it.
[00:04:01] They can't afford to, if they're going to charge you cheap money, they are using what's called an RMS. And the RMM in this case, we'll go ahead and it will remotely manage all of these computers for the managed services provider for that it outsourcing company. So it'll check the releases of software to let them know, okay, here's what we need to upgrade, et cetera.
[00:04:31] In fact, it'll even do the upgrades most of the time. And then when you call in or you file a ticket, that also goes into the RMM. So they have a full history of what's happened. What's going on over there and they can hire cheap people that don't understand computers. And for most businesses, they think that's just fine, by the way, this is my nemesis.
[00:04:52]We don't use Kaseya, but that MSP is using cassette. It might be using solar winds for some of this stuff. It might be using some of these other products. Now, the reason we don't use them is because all of them have failed our security test. So my company is called mainstream and we. Are a managed services provider, a managed security services provider to be more exact.
[00:05:22] And we've been doing managed services work since the early 1990s for other companies. And so we've tried every major player in the game out there. We've used them. We tried them. We tried to figure out, okay, is this going to work? And we've looked for flaws in their design, major flaws, major security flaws.
[00:05:44] And every one that we have found major flaws with, obviously we canceled. So we done basically a 30 day trial and we canceled them. Connect wise you name it. Okay. Major flaws and this company, cause also has major flaws, but you, the small business owner, you, the small business office manager, you did not choose.
[00:06:10] You had nothing to do that you hired an it outsourcing firm and, seemed to make sense at the time. And it probably does make sense, but that it outsourcing firm is in what we in the industry call a race to the bottom. They have to get their costs down to a couple of bucks a month per person.
[00:06:30] That works for you. Do you think they can really do a good job for a couple of bucks a month? No, obviously they can't. So you get companies like mine that we use people that are well-educated that all have. All of our people have major cybersecurity training. All of our people know. How to fix the problems.
[00:06:53] And we run scans daily on all of our customers to check and see what's up, what needs to be upgraded or what needs to be fixed, what needs to be changed. Does that make sense to you guys? So that's what we do. And that's why there are nemesis, right? It costs us. Or what we charge basically is $125 a month per.
[00:07:15] Person and we'll keep the computers secure. Nothing's perfect. But we have yet to be breached in those 30 years. So we'll keep them up-to-date and we'll have the special advanced malware protection stuff on them and every yeah. Thing else. But these other guys that are out there, our nemesis, they're not charging 125 bucks per person.
[00:07:37] Or per computer or it's more for server? No. They're charging 25 bucks or 50 bucks a person there. And they can do that because they can afford to do that. They don't have what's necessary in the backend to keep their customers secure. So these probably thousands of companies we know of at least hundreds have been hacked.
[00:08:05] With ransomware because of a decision they made about a company, this it outsource provider that they just didn't know enough about to be able to even evaluate that in a nutshell is the problem with cyber security today. Even if you were to try and hire people to work for you and build out your cyber security infrastructure at your business and running it.
[00:08:35] How could you evaluate those people or the tools they use in 10 real quick. And Casia told all of their direct customers to immediately turn off all of the systems that had anything to do with Kaseya. Okay. This is going to happen again, people, and it's going to happen again and again, and I get it.
[00:08:58] A lot of small businesses can't afford people like me. I don't know what the best answer is, but we're going to talk about Microsoft and their answer.