HacWare CEO: Economic Uncertainty ‘A Breeding Ground For Cybercriminals’
‘We saw 3.4 billion phishing emails getting sent a day in 2022,’ says Tiffany Ricks, CEO of HacWare. ‘When we think about managed service providers, three out of five of them have already been involved in a ransomware attack. They’re managing one of the most targeted groups, which is the small-and-midsized market. It’s going to be critical for them to know how to sell cybersecurity services and have a practice to make sure that they’re protecting one of the most vulnerable segments in the business world.’
In 2022, cybersecurity training vendor HacWare saw 3.4 billion phishing emails sent each day. Tiffany Ricks, CEO of the New York-based company, believes that number will increase in 2023.
“Cybercriminals love when there is chaos and uncertainty,” Ricks told CRN. “This year there has been a lot of uncertainty in a couple areas. There has been uncertainty with inflation, there has been uncertainty on the recession and, in recent news, there has been uncertainty in the banking industry.”
That’s why cybersecurity awareness training is important, she said.
Today the company has about 500 global MSP partners but expects to double that by year’s end due to its recent integration with Tampa, Florida-based software vendor ConnectWise. The integration will put HacWare onto ConnectWise’s Manage and Asio platforms.
“We’re excited about this because we’re trying to enhance the partner’s workflow around security awareness,” she said. “We don’t want to disrupt their workflow and try to get them to use a tool outside of their normal workflow. We are integrated within the ConnectWise manage platform.”
The integration will allow MSPs to see how their customers are doing with regards to security awareness. From onboarding, HacWare is giving MSPs one place, where they’re already working, to protect, enhance and empower their employees and customers with training on how to identify phishing.
HacWare’s automated security awareness platform eradicates repeated tasks like creating and scheduling phishing simulations and planning training schedules. Instead of manual scheduling, its phishing technology leverages behavioral psychology best practices to improve cyber posture and awareness.
CRN spoke with Ricks about expanding awareness training, helping MSPs sell that training and why cybercriminals love economic uncertainty.
HacWare is also offering a partner enablement program. Tell me more about that.
One of the things that’s super important for us is we don’t want to be a vendor that is just about, ‘Here’s the product. We’re going to let you figure out how you can really use this to grow your cybersecurity practice.’ We’re trying to give you a roadmap and show you because there are so many solution providers who are trying to figure out how they can be successful in cybersecurity. We’re trying to give you the keys to success based off of Juan Fernandez, our global channel chief– his experience, my experience in owning a managed service company and many of the individuals in this industry…we’re trying to show you the best practices in this space. We have a growth plan which is more community based. We’re trying to help our partners learn from each other, give them playbooks on sales and have a one-on-one plan. This allows our sales team to ride along with our partners and really tackle this cybersecurity problem together.
We have cybersecurity masterclasses which is giving you the details on how to sell, because a lot of us are technical, like me. We know how to tinker, we know how to fix, we know how to solve problems but it is sometimes a challenge to evolve and understand how do I get a sales motion and process a playbook in play. [It’s asking], ‘What are some things that I can do to handle rejection and then help turn that around so we can make sure that our partners are successful.’ So long story short, we’re trying to make sure that our partners are successful. We just don’t want to be a vendor that is about, ‘Here’s the product.’ And asking, ‘Have you done a sale?’ No, we want to make sure that we are supporting you along the journey with what you need so your practice can be successful.
HacWare also started bi-weekly sales training seminars. How’s that going?
Yes, they’re LinkedIn Lives. The next one that’s coming up on March 28 is about how do we help the MSP add that S and become a MSSP, which will be super critical in 2023. Every year cybersecurity attacks are evolving. We saw 3.4 billion phishing emails getting sent a day in 2022. When we think about managed service providers, three out of five of them have already been involved in a ransomware attack. They’re managing one of the most targeted groups, which is the small-and-midsized market. It’s going to be critical for them to know how to sell cybersecurity services and have a practice to make sure that they’re protecting one of the most vulnerable segments in the business world. That’s why it’s super important for us to make sure that we are creating this community approach to help them target a need but also figure out a way where they’re not always at a loss. It’s about how do we get them grow and build a practice around that.
Do you think we'll see a rise in phishing emails in 2023?
Absolutely. Cybercriminals love when there is chaos and uncertainty. This year, there has been a lot of uncertainty in a couple areas. There has been uncertainty with inflation, there has been uncertainty on the recession and, in recent news, there has been uncertainty in the banking industry.
Some of the trends that I’m already seeing is cybercriminals are impersonating banks. They’re sending text messages to users saying that your bank is going to be blocked or your funds are going to be held. They’re impersonating these banks that have been in the news and they’re trying to get users to click on those links that is going to download some malicious software on their device and take it over. Or they’re sending a link to a page that looks like their banking page and they get them to enter in their credentials. They’re trying to take those credentials to use them to potentially get into the real bank and get those funds. It’s a lot of uncertainty and that is a breeding ground for phishing attacks.
Is that because our minds are elsewhere?
Yes. We’re distracted, which is a key way for them to be successful. When there’s chaos, people are moving fast. They’re not thinking things through all the way. When we think about a cybercriminal, all they need is someone to urgently click on that link and enter in those credentials without thinking. If the process in the company is before they wire funds they have to call the company and verify the wire transfers, that’s the normal process. But if there is chaos, people are trying to move funds from one bank to another, they’re trying to send emails to their contacts and tell them, ‘Don’t use this bank account. Use this other bank account.’ Cybercriminals know that all of this activity is happening. This is a great opportunity for cybercriminal to slip in and do the same thing without being noticed because those typical processes of checks and balances sometimes are thrown out the window. When there’s chaos, people are just trying to move fast.
When I spoke with you a few months ago, you were talking about releasing these hack assessments. Are those helping with that?
We’re trying to give our partners a tool where they can open up their customers’ eyes and see that they don’t have everything together with regard to cybersecurity. What we’re trying to do is make their customer take some of those defenses down and allow the partner to come in and have a conversation around, ‘This is the problem, but we can create a solution around it.’
We released in January a hack assessment and it goes through a series of questions and gives the customer a score. They can see how they are doing compared to best practices. [The MSP can then tell them], ‘This is where you should be if you were following all the best practices, if you had password management setup for all of your employees and if you had security awareness training.’ This allows our partners to come in in a consultative approach.
We’re trying to help partners give their customers the right solution for their organizations on what the customer needs.
What will we see from HacWare the rest of this year?
We’re going to make sure that the platform is from a learning management system. It’s going to be an easier system to use. Right now we have bite-sized videos, three minutes or less, on a cybersecurity topic. We’re building out a recommendation engine where it’s going to recommend the best videos for the employees to watch so they can nerd out on cybersecurity content if they want to. You’re also going to see more integrations of online compliance. We’re looking forward to helping our customers who need security awareness for compliance reasons. We’re going to integrate with platforms to allow them to take those reports out for auditors and make that training experience easier with regard to compliance and other HR management systems.