Channel-Sec 2023: A Security Event for the European IT Channel
Channel-Sec 2023 was a high-level conference and networking event aimed at managed service providers (MSPs) and managed security service providers (MSSPs), IT resellers and systems integrators.
The event featured several keynote speakers, panels and workshops covering a range of different security-related subjects. Including: security trends, security-as-a-service, endpoint security, and education & training.
Channel-Sec 2023 took place on Thursday 18th May in London, at the Royal Lancaster Hotel, which also hosted the IT Europa Channel Awards in the evening.
It was a very busy itinerary this year, but it attracted a good mix of delegates, vendors and experts. There were well over 100 MSPs in attendance.
New for this year was the addition of the workshop sessions. This allowed for much smaller groups to get more involved in the discussions.
There were also some great guest speakers on the day, and we’ve picked out a couple of them here that we were most impressed with.
Keynote: Will Greenwood: from Good to Great!
Will Greenwood MBE played international rugby for England, earning 55 caps for his country and was active from 1997 to 2004. In recent years, Will has been the Chief Customer Officer at Afiniti Ltd, which develops artificial intelligence (AI) for customer call centres.
Will talked about how some of his experiences as a player have led to success through leadership and determination.
He talked about how to be a better leader by asking your people how they are, and not just taking the first automatic answer they give. For example, when you ask someone, “How are you?” And the reply comes back, “Fine thanks.” You ask again, “No, how are you, really?”
And this is something that also extends to empathy. He said: “Don’t treat people how you’d like to be treated. Treat them how they’d like to be treated.”
We should also look for inspiration outside of the IT industry from time to time. Changing your perspective and applying it back into your business is an opportunity that many miss out on.
How Our Values Define Us
He said we should be true to our values in life and in business. He listed his four values as:
- Courage – the ability to go against the grain, and speak out when it’s important
- Humility – don’t assume that your knowledge or experience trumps that of others
- Honesty – be true to yourself and hold yourself to account when necessary
- Empathy – being able to sense how others might feel about actions and your message
Other key themes of his talk were culture over strategy, believing in the people around you and reiterating the good ideas that come into your business so that they stick.
Overall, his keynote was full of amusing real-life examples, and it set the tone for the day. It was a strong way to open the event.
Panel Discussion: Business Growth and Opportunities in Security
Following on from the opening keynote came a discussion on current opportunities for security-focused MSPs.
Question: Where should the focus of the channel be, and where is there money to be made?
Dan Scott said we should be assessing the concerns, needs and risk of the businesses we serve, and don’t put new tools first.
Whereas Paul Fuge said there needs to be a greater onus on end-user training.
James Baker admitted that security is a complex topic in today’s market. Which horse should you back? It really depends on what is best for your customer’s businesses.
Question: Where does AI factor into today’s solutions?
Mostyn Thomas said that AI and ML (machine learning) is already being used by security services to qualify where cyber attacks are coming from. Both criminals and protectors are in an arms race over AI at the moment.
Paul Fuge suggested that at over-reliance on AI was a bad thing, but as an augmentation, it’s a good thing.
Dan Scott said that while AI is great for helping you do things smarter and faster, we should not forget the value of human interaction.
Keynote: Graham Cluley – 30 Years of Cybercrime in 30 Minutes
Graham Cluley is a well-respected security blogger and an expert in the industry for over three decades.
As the keynote title suggests, at Channel-Sec 2023, Graham took us through the last 30 years of cyber crime. From the early nineties when most virus writers fit the stereotype of the the young male anarchist who wrote the virus on his home computer in his bedroom. It was seen as a form of electronic graffiti, and the results, while annoying, were mostly harmless.
Then the virus coders began to evolve more aggressive methods of attack. This included things like spamming someone’s email or creating botnets worldwide, which would cause distributed denial-of-service (DDoS) attacks.
As the hackers got together to form gangs, the malware became more sophisticated, and they saw this as a way to make money.
However, intelligence services also discovered malware could also be used to spy on people. A group of Israeli Mossad agents were able to track a known Hamas agent after uploading a trojan horse virus onto his computer. This allowed them to access his calendar and email to find out exactly where he’d be staying where and when he went on holiday.
Cyber Incidents in the Press
Reporting cybercrime in the press has been seen as a double-edged sword. While we want to be informed if businesses we depend on have been compromised, Graham suggested that when they report details of breaches, journalists can in fact, be doing the cyber criminals’ job for them when it comes to reputational damage.
He went on to show us a few memorable headlines, including one from the Daily Star: “Give us your money or the Nik Naks get it!” This was when KP snacks admitted to being the victim of a cyber attack in 2022. Another one was when the WannaCry ransomware attack on the NHS, and other systems worldwide in 2017.
Why Are There So Many Attacks Now?
Cybercrime is such big business now. It’s easier than ever for cyber criminals to launch attacks simultaneously all over the world.
Phishing is just a case of asking potential victims to input their details into your website, and malware hidden in attachments can be automatically installed onto your device at a click of a button. Zero-day exploits are shared on the Dark Web faster than they can be patched, and there are plenty of unpatched or misconfigured services that are open to manipulation too.
It isn’t just the primary attack when it comes to ransomware either. Once they have your data, they can threaten to extort you to keep it private. They may even contact your clients directly and extort them as well.
Regardless, they know that the threat of reputational damage is worth money, and they’ll exploit it if they can.
That’s why now, more than ever, we need to be cautious and assume it’s not a matter of if, it’s a matter of when.
And when it does happen, we have to make sure we’re covered with a full back-up and disaster recovery plan.
It was another very interesting presentation for this year’s Channel-Sec attendees.
Panel Discussion: Security Insights
Channel-Sec 2023’s second panel discussion was around providing security as an MSP or a vendor, and there were some great questions and answers. Here’s just a few of them.
Question: What is the single biggest threat to businesses at the moment?
Steven Wood admitted that the human factor was the biggest threat. A lack of training and a susceptibility to making mistakes could cost businesses if not properly addressed.
Rob Allen said legislation was a concern too. We need to ensure that we’re meeting regulatory obligations while adapting to new legislation as it is written.
Question: If you were to start an MSP today, what advice would you give to someone in relation to cybersecurity?
Kyle Torres advised that anyone starting out today should pay close attention to what is happening in the channel. See what services are being recommended, and how vendors are helping.
Steven Wood said that he would advise cyber resiliency over cybersecurity.
Question: What powerful cyber strategies have you encountered recently?
Greg Jones said that it’s always a good strategy to enforce regular cyber security training on your staff, and make regular tests of your disaster recovery plan. Just getting your staff together to enact your plan from a hard copy, to practice the effectiveness of your strategy.
The Channel-Sec 2023 Round Table Workshops
Following the break for lunch there were a number of round table workshop sessions for delegates to attend. Each covered a particular area of interest, and were designed to educational and informative, hopefully prompting some debate and discussion. Here’s a very brief summary of two of them.
What Does Open AI Mean for the MSP Community?
Dan Scott and Sam Callaghan of Connectwise moderated this session, a look at the role of AI Chatbots in today’s industry.
They highlighted the benefits and limitations of AI and machine learning for MSPs, including some practical examples.
How Can Historical Insights Help Build a Better Cybersecurity Future?
Pax8’s Mostyn Thomas reported on the lessons learned from the cyberattack and defence trends of the past.
And the verdict? That cybersecurity needs to be multi-layered to be effective.
Plus he took a look at the constantly evolving tools and technologies we have employed over the years, and how MSPs can build a best practice framework which supports their role as their clients’ security adviser.
One of the more powerful insights shared by Mostyn, was his Five Laws of Cybersecurity:
- If there is a vulnerability, it will be exploited, no exceptions
- Everything is vulnerable in its own way
- Humans can trust when they shouldn’t
- With innovation comes opportunity for exploitation
- When in doubt see law 1
Between the breaks, we had the opportunity to talk to some of the attendees at Channel-Sec.
Theo talked about the importance of choosing the right security product for your MSP, and paying particular attention to the support agreement. It’s that support you’ll be counting on when you have questions to ask, or if things go wrong.
Michael gave us an overview of all the activities Pax8 have been undertaking recently, including:
- The Pax8 Aacademy, their on-demand resource platform
- The Cybersecurity Masterclasses, which have been a success over the past 18 months
- Their Mission Briefing events for partners
Michael also mentioned that they’ve recently onboarded more vendor partners, and are up to 30 now!
Channel-Sec 2023 – Conclusion
It was a day full of useful insights, both in terms of security trends and analysis, but also leadership and business best practice as well.
The opening keynote from Will Greenwood really started the day off well, with lots of interesting discussions throughout. And it was well-attended by MSPs and vendors alike.
Did you attend this year’s Channel-Sec conference? What was the highlight for you?
Please leave your reaction in the comments, we’d love to hear from you.