In cybersecurity, knowledge is power—but staying ahead isn’t easy. We dive into IBM’s 2024 Cost of a Data Breach report, with a focus on what matters most to MSPs: balancing cost with effectiveness, navigating evolving threats, and protecting clients in an unpredictable landscape.
Kirstin Burke:
We have a special time today. We have a special topic. Probably a lot of you out there are familiar with IBM's Cost of a Data Breach research report. It's been kind of the cost of a data breach Bible for 19 years now. And Brian and I have been just having some interesting conversations about the trends that we continue to see in this survey and really what it means to the MSP community.
So the report here is all about your customers and what they're experiencing, what's growing, where new challenges are. And so we thought we'd kind of dig into this a little bit today just with that MSP lens. So talk about some of the trends we're seeing and then what opportunity you might have as an MSP to help serve your customer more thoroughly in terms of their security posture.
Brian Moody:
And I think selfishly, too, for us, how our partners can utilize the WhiteDog platform to take advantage of these opportunities.
Kirstin:
Absolutely. So I'm going to use a piece of paper because there are a lot of numbers. Research report, a lot of numbers. I will not memorize all of them. But I think tellingly, the big takeaway is the cost of data breach are continuing to expand, right? 19 years straight. Increased 10% over the previous year. So average cost of a data breach is now $4.88 million, the highest since the pandemic. So this isn't something that's going away. It's something that continues to be a struggle for organizations out there, large or small.
And so I think as an MSP, there is this opportunity to help organizations figure out what do we need to deploy, processes, people, technology, what do we need to do in order to think about these data breaches to protect our organization smarter? I think that's a big takeaway, but what we're going to do is kind of delve into a couple of different areas and, again, Brian's really going to talk to you from the perspective of all the folks you're talking to. But knowing how we architected WhiteDog to uniquely solve some problems, and I think there's a lot of relevance here.
First data point, lost business costs and post breach response costs are soaring. They've risen nearly 11% over the past year. That can be system downtime, that can be cost of lost customers, reputation damage, but that cost post breach, that's a 10% increase. And another data point that's interesting, or tangential to that, is 12% of these organizations, only 12% of them, if you've been breached, are fully recovered after a year. So what is an MSP to think about that, and what might they be able to do to help?
Brian:
Well, I think the first lens is really to think about the customer themselves is $4.8 million is the cost of recovery. If you think about the MSP community, we talk a little bit about downmarket. It's not enterprise, it's not the top 2,000 customers that are in the world. They're dealing with small and medium business customer.
Can you imagine the impact of $4.8 million on a small business? And I think the mindset is so many of these small businesses don't think that we're very interesting. And unfortunately, in the world we live in today, the hackers don't care how big you are. They don't care the size of the organization. They will still come in and attack you. And $4.8 million can take down a tremendous amount of these businesses. So that opportunity for the MSPs to address that risk is huge, number one.
Secondarily, you talk about 12% have recovered. The cost associated in getting your business back online, and the time that it takes, and we'll talk about this number, the number of days that it takes to get back online, again, can take a business down. So this is, I think in talking to our MSP partners and talking to MSPs in general is this is where their value is unprecedented. Their value comes into customers because they have the expertise, they have the people, they have the capability and they have the experience to step into these customers to really help them address this.
But not only that, if something happens, how to recover, how to recover quickly, and how do we do that cost effectively, but then bring the business back with an architecture and an infrastructure that will protect us moving forward. Because I think there also is a false sense of hope for some companies that have been hit and they recover. They say, okay, it's happened to us. It's kind of like, okay, we've got that skinned knee, now we're good. And, you're not good. And, again, from IBM and Ponymon and other organizations, we've seen two thirds, or up to 80% of businesses are re-attacked, and oftentimes re-attacked within 48 hours.
Kirstin:
So those vulnerabilities are known, they're out there, they're published, more people know and then they go back in.
Brian:
Well, not only that, but you've been attacked. So now you're in a state of response. You're not in a state of awareness and protection. You're not ready because you've been attacked and now you're responding. So all your resources, all your folks, all your attention is over here. What happens over here? And how many times, and we've seen it out of our own security operations center, we've seen this 24 - 48 hours customers being re-attacked in a different area of the organization. And the hackers don't care. That's a strategy.
Kirstin:
Well, and I think we see this convergence of cybersecurity and IT. That these are complementary and cooperative when it comes to security, when it comes to breaches, when it comes to breach recovery. And so, it isn't just about the security team. It isn't just about an IT team. And these MSPs, we find, are often doing a lot of some of the IT, help desk, you know, they--
Brian:
They are providing those functions.
Kirstin:
So much of that, right? And so if they're able to parlay more security expertise and layer that on, and integrate those systems, then that recovery time, you know, we talked about that recovery time being so long and so severe that if these teams and these processes are working together, that we're able to reduce what that recovery looks like, what that impact is for the customer.
Brian:
Well, the other thing that I see from our MSPs and the owners that I'm talking to is I've had multiple MSPs, not an MSSP, but an MSP, they're providing these IT services, they're providing these infrastructure services to our customers. And, they're not providing the security services today. And what I see is, they see the ability of partnering with WhiteDog, utilizing our platform, as a methodology to net new customers, new markets, but not only that, but to become more sticky in their current customer. Because now I'm providing those IT services, and now I can expand that to include that convergence of the IT that I'm doing now and I can bring the WhiteDog platform in, and I can provide, in a sense, the whole picture now.
And we've seen great success with several of our partners who haven't had the security offering before, and have now contracted with us and are bringing that to their customers. And it's opening net new customers, it's opening more business for them in their current customers and it's opening the markets.
Kirstin:
Yeah, so let's move on. So, other relevant data point that we're seeing, you've had to have your head under a rock in the last 12 to 18 months if you've not heard about AI. AI is everywhere. It's the new cloud, it means everything. But very specifically, AI within the security landscape is very relevant and very meaningful, right? You've got millions of alerts, you've got all of this noise coming at you. And so, being able to adopt AI in the right ways can be very relevant to your security strategy. The cost of a data breach survey reflects that.
The number of organizations that are using AI and automation extensively has grown. It's grown 10%, from 28% to 31%. If you reverse that math, though, from an MSP standpoint, your opportunity, there's still two thirds of organizations out there that don't have it figured out yet, but that absolutely positively will benefit from it. Why? Well, you reduce dwell time, you lower the breach costs, there are all sorts of things. You are able to focus your resources on those things that are most important rather than looking for the needles in the haystack. So, absolutely, AI automation makes sense, but there's a reason why 2/3 of organizations aren't deploying it.
Brian:
Well, and I think, too, that you see that the folks that are deploying the AI component are seeing a reduction in breach response, and in some cases a reduction of breach. But the net there still, I think is, is AI is another tool. And you've heard us many, many times here at WhiteDog talk about that toolset mindset is that it's another tool in your arsenal, and it's something else that you're deploying, it's something else that needs managing.
Now, the automatic capabilities of AI and discovery are key. But the technology debt that we talk about often with respect to it's another tool, it's something else that you have to put in place that you now have to manage. But implementing these tools is helping with this autonomous response, is helping us discover things quickly. So you talk about cutting down dwell time and I think the number in there is, so in the AI companies that are deploying this now, we're reducing from 270 something days to 258. So we have now reduced, you know, 20 days. Seven year low, but we're still 258 days.
Kirstin:
And that's about 200 and 57 days and 12 hours too long.
Brian:
Too long. And so I think that's the piece. So back to where I think our MSPs, where there's just huge opportunities, two thirds of these companies aren't utilizing this. So that's two thirds of the market that is open for discussion. That's two thirds of the market that they have the ability now to step into, have these discussions with these customers with respect to how they can now bring this portfolio to that customer to help them defend against these.
Kirstin:
Well, and I think the meaningful thing about WhiteDog, too, is it isn't an AI tool.
Brian:
We are not a tool.
Kirstin:
There are AI capabilities that are built in throughout this platform. So it's not like an MSP goes to a customer and says, hey, we're going to add AI into your security, it's we've got this platform that, independent of what piece or part of it you choose, there's an AI element built into it that is going to help accelerate the information that we need to get. We meaning WhiteDog, not the MSP, because we do it for you. But it's going to accelerate that information processing and alerting to make sure that we're on it much faster, that we can respond much quicker than anyone else can. That level of deployment is much faster. If I have to go in and build AI, if I have to train it, if I have to do all of these things, it could take months, if not years.
Brian:
And they'll get the infrastructure.
Kirstin:
Right, if they're leveraging our platform, if they're consuming it, that can be rolled out in 30 days. So think of that advantage, or that unique selling proposition that an MSP can make to their customers.
Brian:
So again, back to technology debt and back to the economics associated with it. So, as you consider building out your infrastructure, we ask the question why? Why would you? If you want cloud today, you don't go build your own cloud infrastructure, right? So there are economies of scale and we've built this for you to take advantage of and it's there today.
The other aspect is the way in the methodology with which we're taking advantage of AI, and AI across the multiple tool sets that we do manage, and that's the correlation. That's really, from WhiteDog's perspective, our advantage. That is what we bring to market from that standpoint, that's our IP is that expertise. The integration of those technologies, the integration of those AIs.
Most of the tools that you deploy, they pull from a specific threat feed. We have multiple. We have many threat feeds that come in, and we're correlating and using AI across them for discovery. So that's something that our MSPs can take advantage of. It's already built, it's already ready to go. And as you said, in 30 days, you're live.
Kirstin:
Right. Well, this opens up or paves away for our third observation. And that has to do with people. And I think when you talk about security, it always comes down to people, right? Because tools without people, or tools with people that don't have the full time job or the time to do it or the training to do it, the tools lose their efficacy.
So, what we learn from this study, more than half of breached organizations face security staffing shortages. This skills gap increased by double digits from the previous year. So more than half of breached organizations are facing high levels of security staffing shortages. This is a 26% increase from the prior year. So, I may have tools, I may even have AI helping me do what I need to do, but I can't get the people, and I can't retain the people, and I can't keep them trained on what they need to be trained on. And I think that even the MSP community struggles with this a little bit, too, right? Because if maybe my business was built to offer a lot of things within the IT ecosystem, but now I need to either pivot or add people to focus on security, A, I might be pulling away from my core competency, but B, I'm having to invest more money and resources and focus. And so I think the skill staffing applies across MSP and customer landscape.
And if we go back to AI, it doesn't matter what AI does for you if someone can't be there to catch it and do something with it. So when we talk about skill shortages, what are you seeing and what's the opportunity?
Brian:
Well, I think, so you talk about the MSP struggling with that. So think about the customer. So you just brought. The customer is deploying tools. And I've got so many different examples and stories that we could tell you about customers who have AI, customers who have SIEMs, customers who have technology tools, tools that are monitor, identify, notify. That's what they do. Even AI monitors, identifies, and then notifies. Well, someone has to do something with that notification. So, your people are looking at just the massive amounts of alerts that are coming from these tools.
We had a customer who was breached, their SIEM had alerted four and a half months before the attack that they had been breached. No one was watching the SIEM. Back to the point of the people, right? So, really, that challenge now transpose this to an MSP who now is offering services to not one customer, but 20, 40, 60. So think about the challenge that MSP has now staffing to that.
Well, what if that can be pared down to such a point that what we're delivering is the strategic events that need to be addressed, prioritizing those events prioritizing the vulnerability associated with those events and feeding that.
So, an example would be a customer of ours that we had 180 billion events. It's a very large environment. We escalated 176 security bits. This is what their team dealt with. Not the 180 billion events. The 176 of which of those were 17 that needed immediate, active action in order to protect the organization. That type of, kind of paring down, and I love our website because you'll see our website pare down. Paring that strategic information down will make teams incredibly productive.
And that's what I think we really bring to the table, is the MSPs can take advantage of the people, the process, and the response capability that WhiteDog brings to the table. And you don't have to have that in your organization because we will pare it down and deliver to you, to really take a much smaller staff and make them far more productive. So addressing that 10, 20, 40 service organization will be much easier, way more cost effective, and way more productive by utilizing a WhiteDog platform.
Kirstin:
Well, and I think living in the tech and security world, you hear this word productive and you kind of like shrug. But productivity here translates to secure. Productive here translates to making sure that you're in front of an alert that you get that says, urgent, urgent, urgent, there's something going on here. Productive isn't, hey, I can do my Excel spreadsheet faster, right? Productive is I can get out in front of something that is very dangerous, very, very risky and has serious business implications. So, it's a big deal.
Brian:
So I think one of the stats that you didn't bring up that we did talk to was the spend that's associated with what customers and where are they spending their money? So, what we're seeing is that the amount of money that's being spent on discovery and identification as well as IR, incident response, the ability to respond to an event. So, you know, the big term in the industry now is the right of boom, you know, after something happens. Well, what about the left of boom? So what's interesting about this statistic is customers are spending money on both sides. So, it's not just about responding. Now, I've talked to a ton of CISOs that tell me response is everything. The quicker that you can respond, the faster that you can respond to something, the better.
But, at WhiteDog, we argue that it’s the prevention of an incident. Now, the human aspect that you just talked about is bringing in the threat hunting, bringing in the human capability to analyze the data, to be able to correlate that information, to take 26 countries and five continents, which we serve today, and take that data and be able to correlate it across our community to protect the community, is to be able to utilize that information on the left side to discover vulnerabilities, discover threats before they happen so that we don't get to the right side.
Kirstin:
Well, and I think the whole idea, I mean, again, we use this funnel analogy. It's like distilling things down. So the more prevention you do, the fewer things you're throwing over to the other side. So if we're distilling, whether it be the threats, whether it be the vulnerabilities, whether it be the gaps, whatever it is that we're able to identify and say, hey, proactively, if you can make these tweaks to your firewall, if you can do these things to your endpoints, I mean, if we're able to determine where risks are and secure those we know, for sure, it's very likely you're going to get breached. That's the world that we live in today. Hopefully you won't ever get breached, but if you get breached--
Brian:
When you get breached.
Kirstin:
When you get breached, you're going to be in a better position to respond. So, let's reduce the opportunity to get breached, and then let's prepare ourselves as best we can to reduce that dwell time to have those systems be able to be recovered quickly. Let's have that incident response fine-tuned and ready to go. An interesting thing on incident response, and I think this was something we talked about last week, there are a lot of folks out there that are kind of only now having this awakening that, hey, maybe incident response is something important to include in our service or to tease people with. Whereas, I think from WhiteDog's perspective, we know that you are going to need it. And so that is baked into what we do, no additional cost, no nickel and diming. But that's part of, hey, preventative, curative, and we'll help you everywhere. But we're seeing some of these other folks out there start to, I guess get the religion to say, hey, well, maybe we need to think about helping you a little bit, a little bit, if something happens.
Brian:
It's a little bit. So, we talk about these responses taking 258 days. Palo Alto Networks just recently came out and said we're offering 200 hours complimentary. Well, 200 hours and 258 days. Our founder and CEO Shahin Pirooz recognized this eight years ago, that response is a core component of security. It's not a tool. It's not something you put in, and certainly, customers, it's not something that you want to pay hundreds of thousands, $4.8 million to recovery.
We've included incident response in our service from day one. So, we recognized it at inception of our service for our MSP partners, and for our customers, that incident response was a critical core component of our security platform. It has been included from day one. So, 200 hours is nice, but c’mon. So, for our MSP partners, their part of bringing the WhiteDog solution to a customer is, we are doing that left side. That is an advantage that they bring to their customers that other tools, other platforms, just aren't bringing today. Now there's investment there, but it's tool by tool.
What about a comprehensive complete solution that's delivered that includes these components, and at an economic price point that frankly some of our partners are like, really? And they've been having great success. So I think that's the key part is how do you take advantage of something that's pre-built, and as I've said, why would you want to build it, when you can take advantage of something that really strategically pares things down for you to add, in a sense, the diamond to your customer and not have to deal with all the coal.
Kirstin:
Well, with that, we'll wrap up. You know, the future looks bright for MSPs in terms of security opportunities. The future looks very bright in terms of security opportunities if you want to take a look at WhiteDog. I mean, there's fast deployment, there are cost benefits, and I think from a comprehensive service level, it's not something you're going to have to really work to integrate a lot of things to make it work.
Brian:
It's something MSPs can take to market very quickly. The other aspect is customers are spending money on this. There's opportunity, and I think specifically in the mid to medium enterprise there's huge opportunity because these are very much the specific customers that don't have the staffing. They don't have the expertise. The MSP becomes incredibly important to these organizations. So there's great opportunity, there's great economics and process and procedure with WhiteDog, and they need it. I mean, everyone needs it.
Kirstin:
So, I'm an MSP and I'm thinking I'll bite. You know, let me have a conversation. What is it that you can offer an MSP? You know, they reach out to you, hey Brian, what can you do for me? How would they go about that conversation?
Brian:
So they can reach out on our website. We've got our partner site. Go ahead and click into the partner site. You can send us a note that you'd be interested in learning more about us. My team will respond back to you. We’ll bring you in, we can introduce you to the program.
But what we've done is that we have created the ability as you said, to take very quickly to market our solution. Our solution is ready to go. You don't have to have the expertise, it's a co-managed solution. So you don't have to have your staff or engineers today because we're there to support you. We're there for that constant monitoring. We're there for the incident response. But we've created a lot of enablement programs within our organization of training organizations so we can train your team.
We partnered with some companies to bring in net marketing. So our team, our marcom team, can help drive initiatives with you, and it's at no cost to you. We provide that.
And then we have a full portal capability that offers training as well as monitoring because we give access to the tools into the portal to you and your team. So you have the ability to monitor the infrastructure, monitor the tools, monitor the telemetry, and respond to your customer.
So we have built this program based around enablement, which enables our partners to ramp up very quickly. And, as we said, in net 30 days, you can be to market and have your customer up and being monitored.
Kirstin:
So, and the last thing I would add to that, something that you and your team have developed is an economic roadmap. I would imagine that from an MSP perspective, a lot of your customers have invested in something, right?
Brian:
Well, we say, no one has nothing. I mean you never walk into a customer and they say we're not doing anything.
Kirstin:
Exactly. So something your team can do that's very compelling and probably worth just a conversation and a peek, is understanding what they've already invested in, what they need, and really to show kind of this on ramp of, well, hey, we could offer this aspect of the service now. When these contracts run out, we could build this in. So there's kind of an on ramp to partial service, mid service, full service, really whatever the MSP wants to engage with or what the customer is interested in. So, it's a very flexible portfolio. It's not all or nothing. And really enables an MSP and a client to grow however it is they need to.
Brian:
The economic roadmap is a phenomenal tool that, as you said, we can evaluate what the customer has, when would be the right time to implement different tool sets, can break that out over 12, 24, 36 months. So it really gives an overall TCO, as well as a financial and an economic roadmap to determine when they might consider implementing security tools and filling gaps. And, again, that's at no cost. It's a full evaluation that we can help you and your customer evaluate. And there's no cost to you for engaging in that activity.
Kirstin:
Well, in the words of one of our MSP partners, why wouldn't you check it out? Thank you and take care.
"There’s some endpoint companies who make these big claims and nobody’s actually solving this problem. The ones that come close have zero idea how to make it easy on the MSPs,” says WhiteDog founder Shahin Pirooz.
