Kaseya CEO weighs in on growing cyber threat

Small businesses are now the number one target of cybercriminals who view them as easy targets. That’s according to Kaseya CEO Fred Voccola who weighed into the threats facing businesses during Kaseya DattoCon Europe in Dublin Wednesday (pictured).

Voccola said cybercriminals perceive small to midsize businesses (SMBs) as an easier target due to a having fewer protections in place, and law enforcement resources being limited.

“They just can’t do it; there’s not enough resources,” he said. “And those are the target amounts that are coming in the hundreds of millions of attacks per week going after small to midsize businesses. It’s very scary. The attack vectors are continuing to increase, and more ways and more techniques that the ransomware gangs are using to commercially attack our businesses.”

Meanwhile, Voccola said SMB customers are still hesitant to invest in cybersecurity as they don’t fully understand their exposure to risks, or they deem cyber solutions as too expensive.

Kaseya suffered its own cyber incident in 2021 when it was hit by a ransomware attack that targeted its managed service provider (MSPs) customers.

“We had our cyber event several years ago,” he explained. “I would say to people, you never truly know what it’s like to experience a cyber event until you go through it. It’s horrifying. It’s scary. And it’s very, very challenging.”

Cyber regulations on the horizon

The CEO also told Think Digital Partners that governments are increasingly concerned about the impact of cyberattacks. As such, there will be more regulatory requirements on business. Here, MSPs can step up and ensure their customers are compliant, he said.

“I don’t know if it’s going to be with the carrot or a stick. But there’s going to be cybersecurity standards that must be complied with. Customers will have to demonstrate that [they comply] to those standards, and MSPs are going to going to deliver that.”

However, MSPs themselves are increasingly a target of supply chain attacks, due to their access to customers’ assets and data. The current UK government wants to strengthen the Network and Information Systems (NIS) Regulations so that MSPs will be treated as critical service providers – such as those that provide water, energy, transport, healthcare and digital infrastructure. Organisations which fail to put in place effective cybersecurity measures can be fined as much as £17 million for non-compliance.

“The fastest growing business for us is our compliance business, providing solutions for MSPs to demonstrate compliance of various standards, whatever they may be,” said Voccola. “It’s going to come like a tidal wave, because this ransomware problem is taking multiple points of GDP off the economy. It’s not a little problem anymore.”