Reflections on Right of Boom

“Can you actually sustain operations in the face of a disruption of your cyber systems? That’s what the country needs from you.”

This is what was asked of a room full of top Managed Service Providers (MSPs) last week. Among the crowd was a group of Blackpoint team members, reunited in Grapevine, TX, for Right of Boom February 22-24. Our CEO, Jon Murchison, CFO, Mike Yang, VP of Threat Operations, Wil Santiago, and more joined forces to meet with the MSP community in person.

The event, founded by Andrew Morgan, our partner in Blackpoint Command, was purpose-built for these top-notch IT and cybersecurity providers. Time was devoted to pre-breach structural awareness and post-breach situational awareness — both of which the Blackpoint Cyber ecosystem is integral in ensuring.

The week began with Blackpoint’s pre-day event featuring Beau Bullock, red teamer and Senior Security Analyst at Black Hills Information. Together, we looked at top, real-world vulnerabilities being exploited in the cloud today and discussed how to better defend against them.

Attendees walked away with the understanding that although threat actors’ goals haven’t changed in decades, how they achieve that goal–gaining income by maliciously accessing information–has drastically changed. While defending against end user device-type attack vectors is important, it is increasingly critical to identify and combat emerging threats within cloud infrastructures. In fact, Beau said, “The security industry is very far behind on protecting these emerging attacks.” As the pre-day event came to an end, these topics drove our conversations over beer, booth time, and a private hosted dinner alongside Quickpass and CyberFox.

On Thursday, the Right of Boom attendees heard from speakers such as Brian Blakely, Chris Loehr, Phyllis Lee, and our very own Jon Murchison. Sharing the stage with these people was an honor, as we’ve worked with them in the past and are proud to combat global cybercrime alongside them. Jon’s keynote focused on BlackCat’s advanced TTPs, with a thrilling finale featuring surprise special guest, Brandon Wales, Executive Director of CISA.

His conversation with us focused on three key topics:

1. The dangers of cloud migration

When much of corporate American shifted to hybrid or remote work, the usage of cloud environments skyrocketed. With this reactive transfer of data came a massive increase in vulnerable attack surfaces. In order to produce proactive, resilient results, radical rethinking is mandatory when we partner with and create new technology and security solutions.

2. The pervasive nature of cyber incidents, and their impact on us all

With extended attack surfaces comes an expanded blast radius. All businesses, industries, and levels of government are connected. When a cyberattack occurs, it impacts the daily lives of American companies, communities, and citizens. Therefore, corporate America, alongside their MSPs and IT departments, must join in the shared responsibility of cyber protection with the U.S. government. Instead of being viewed as a secondary matter, mature IT standards and robust cybersecurity need to be a core business interest.

3. Lessons learned from attacks that made headlines

“Cyber Pearl Harbor isn’t one big event, it’s death by a thousand cuts.” – Executive Director Wales

When reflecting on the series of cyberattacks in 2020-2021, including Colonial Pipeline, Executive Director Wales shared three key lessons learned.

• First, know what’s on your network so you can properly secure it. The basics must be covered so your team can focus on more sophisticated defensive matters. “There are a lot of things that are set up for convenience, that…with a little bit of additional effort, could make these networks more secure.” For example, only 30% of Microsoft Enterprise customers have multi-factor authentication (MFA) enabled. Get the basics, albeit inconvenient, solidified so you can focus on tactics that’ll withstand even the most advanced attacks.
• Second, truly understand the interconnectedness of your cyber and physical systems so you’re able to effectively respond if a breach occurs. Being able to precisely locate the vulnerable source, as opposed to reacting in a widescale manner, is crucial. Then, think through the downstream effects your post-breach responses will have on your team, customers, and community. Build out your Incident Response Plan (IRP) with these considerations in mind.
• Lastly, make security the standard. For many of our partners, that looks like making Blackpoint Cyber a non-negotiable in their security stack. When it’s built in, your customers will use it. Additionally, make sure your security solutions are easy to use and configure. Those without IT expertise need to be able to properly respond to threats just as well as you.

“[Currently] listening to Brandon Wales, the Executive Director of CISA, … [explain] how they lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. He gave the whole conference, a room full of the top Managed Service Providers in the world, some deep insights on ransomware gangs and nation states and how we are the front-line security protection for Small and Medium Businesses [SMBs],” said a Blackpoint partner and Right of Boom attendee, Andy Larin, CEO at allCare IT.

Of course, what we loved most was our one-on-one interactions with attendees at our booth. Whether discussions were had with our CFO or one of the Sales representatives, we hope everyone saw just how passionate we are about providing a robust, streamlined, and effective security ecosystem for our partners. Seeing some of our partners face to face was incredible since our protection and operations are virtual. One partner said we are their number one security stack vendor, while another said, “We like how you’re able to actually respond to our endpoints and Microsoft [environments].” Although we are confident in the services we provide, it still means a lot to hear from the people whose businesses and livelihoods we are positively impacting!

The week wrapped up with killer content from industry experts such as Sounil Yu and Eric Tilds. One thing was clear this week—Right of Boom successfully went back to the root of what a cybersecurity conference should entail. Instead of thinly veiled sales pitches, all of the speakers focused on detailed, actionable, and valuable content that MSPs need.

As Executive Director Wales said, all our companies, clients, and industries are connected. In order to build cyber resilience, we need to pay close attention to how they impact one another and address these issues head-on with a holistic strategy in place.

We are proud to have sponsored Right of Boom, as we are passionate about educating the MSP community about emerging threats. It is a fine line to walk, as we understand sharing too much intel can aid the adversary, but we know awareness is mission critical. Sharing actionable intelligence allows our partners, and the greater community, to stay one step ahead of adversaries. Together, we can combat cybercrime every day.

Receive real-time threat intel directly to your mailbox each month. Sign up for the Blackpoint Brief today.

Want to learn more from the Right of Boom speakers?

Tune in to our conversations with them here:

• Blackpoint Command session #5 with Sounil Yu
• Blackpoint Command session #6 with Brian Blakely
• Blackpoint Command session #9 with Eric Tilds
• Blackpoint Command session #12 with Chris Loehr
• The Unfair Fight episode #8 with Phyllis Lee