Rampant cybercrime has struck the IT industry with a “crisis in confidence” that vendors and channel pros alike must work to overcome, according to speakers today at Datto’s online DattoCon NOW partner conference.
“It has been a wild few years,” said Ryan Weeks, the vendor’s chief information security officer, during a keynote address. “Attacks against you and your customers are trending towards existential risks. Results have been a broad loss of trust between MSPs and vendors, and in some instances, your clients and yourselves.”
If the channel does not evolve in response, Weeks continued, “we are on a collision course for catastrophic risk.”
Weeks spent much of his presentation outlining steps Datto has taken to ward off attacks of the kind that have impacted IT management products from SolarWinds and Kaseya in the last year. In 2019, he noted, two years after he stepped into his current role, Datto had 14 information security professionals on staff and three security experts embedded in different business units.
“In 2021, we have built the most advanced cyber resilience program in the IT channel,” Weeks asserted. “We have over 60 full-time staff that focus their daily efforts on improving cyber resilience for us, for MSPs, and for your clients.”
That number excludes Datto employees outside Weeks’s organization with security-related duties, according to CEO Tim Weller. “It’s fair to say that hundreds of people here work on security at some level,” he said today in a conversation with ChannelPro.
Weeks, who outlined various third-party assessments Datto has subjected itself to, including 17 “exception-free” SOC2 Type 2 audits since 2018, expects to spend even more on cyber protection measures in the future. “We are prepared to as much as triple our investment over the next three years in cyber resilience capabilities and tools that keep Datto, you, and your clients safe and cyber resilient,” he said.
All of that fits within what Weller called a “security-first” mindset at Datto that goes beyond spending on people and tools. “It’s resource. It’s culture,” he says. “It’s not one thing. It’s 50 things.”
Weller encouraged MSPs to place security first as well, but not by simply refusing to use RMM software out of concern it could be compromised.
“If you’re going to start removing software randomly based on rumor and fear, you’re not going to have any software left on your endpoints,” he says, adding that subjecting the companies you buy software from to closer scrutiny is a wiser course of action.
“You have to get into the weeds. You have to get into detail, ask the questions,” Weller explains. “It’s a dangerous thing to say, ‘well, everybody’s been breached, everybody’s this, everybody’s that.’ That’s not true.” Datto RMM for one, Weller insists, has not yet been breached.
Other leading managed services software makers, including ConnectWise, are investing heavily in security tools and best practices as well.
2021 has been a record year for security incidents, according to research published last week by Check Point. Weekly attacks worldwide, that study reports, are up 40% on average this year versus last, and one out of every 61 organizations is impacted by ransomware each week on average. That figure rises to an astonishing one out of 36 for internet service providers and MSPs.
According to Datto, today’s conference drew over 6,000 attendees from 69 countries. The company took advantage of that attention to introduce a new cyber protection solution for Microsoft 365.