As traditionally print-centric office technology companies pivot to the digital reality, their cybersecurity services are moving to the forefront alongside hardware and managed print services. While artificial intelligence has become the latest and greatest threat to customer systems, often requiring that AI itself be deployed on the defensive side to combat breaches, human intelligence is needed to prevent age-old phishing schemes from taking root, dealers say.
ConnectWise has two primary offerings in the cybersecurity space: SIEM, which handles security information and event management, and Managed EDR, which handles endpoint detection and response, said Jim Peterson, product marketing manager. These are designed to come together and create a larger protective blanket while leveraging agentic AI enhancements, and they can be managed 24-7 through expert incident response out of ConnectWise’s security operations center (SOC), he said.
Peterson sees three primary motivations for bad actors who attempt to infiltrate the office technology space: encryption and ransomware, attempts to steal and sell data, and disruption of operations. “How they get in continues to change over time,” he said. In the past, this often involved phishing attempts through email and its attachments, but now it’s more likely to happen due to identity or credential abuse. “They login as me or you,” he added. “That does not look suspicious.”
While bad actors have been using artificial intelligence for a while, AI defenses have begun to catch up, Peterson believes. “AI can go in and prove out whether it’s a true or false positive, give us the next steps, look at the timeline, and get the specific course of action that either the ConnectWise SOC or the office technology company needs to execute,” he said. “It can do that extremely quickly, with clarity in what actually needs to happen.”
That speedy response time is critical given how quickly threats propagate, and AI has helped to lower industry-wide mean time to respond (MTTR) to about eight minutes, Peterson said, adding that ConnectWise writes a 15-minute service guarantee into its contracts. But threats continue to shift, he noted, and when bad actors enter via identity abuse, they can stay in the environment without being noticed and then strike, otherwise known as “living off the land.”
Don’t forget network threats from equipment
While most office technology firms think endpoints first when they think of cybersecurity, and possibly email security next, Peterson suggested this approach often overlooks network threats revolving around office technology equipment that isn’t Windows-based or patchable. And addressing vulnerabilities in that space is critical, especially for small to midsized businesses, he said.
“They’re so focused on the endpoints and email, they forget the identity, network, and SAAS side,” he said. “Office technology companies can put specific security in place to monitor and alert for threats in their specific environments and even do mitigation when vulnerabilities arise, whether it’s simple things like segmentation, or decommission and patching, trying to maintain that equipment so that it doesn’t add to their risks.”
While identifying, protecting, detecting, and responding to cybersecurity threats are all important, office technology companies also need a recovery piece, Peterson said, adding that his company offers ConnectWise X360 Recovery for that purpose. “Good offensive protection requires good defensive recovery,” he said. “We want to fight the fight, but we also want to be able to recover businesses when we have to.”
All Covered, the managed services division of Konica Minolta, has an extensive portfolio of solutions to prevent and protect against threats, although bad actors’ leveraging of AI has required a reevaluation of the threat landscape and redoubling of efforts, said Tara Swart, director of defensive security solutions. “That has upped efforts to design solutions that are attacking vulnerability management in a slightly different way,” she said. “Overall, the velocity of threats powered by AI has seen an exponential increase.”
To fight AI with AI, All Covered has been incorporating automated analysis of threat alerts through its SOC software, using a combination of tooling such as Google SecOps and SentinelOne for managed detection and response. This approach decreases the mean time to detect (MTTD) and MTTR, and thus “gives less time to allow hackers to get a foothold into the organization,” she added. The company also offers endpoint detection and response to roll back infections that attack from that vantage point. “We have great, talented people manning those tools,” Swart said. “We operate 24/7.”
Swart interacts with another division of All Covered called depth security “on a monthly basis to find out how they’re leveraging the hackers’ toolset,” she said. “We’re trying to get ahead of where we think the next breakthrough is going to be, from an AI perspective, and how it’s influencing the threat landscape.”
Another important piece of the company’s portfolio is its holistic approach to managing continuous threat exposure that brings together patching, scanning, consulting, and remediation work from expert engineers who are used to addressing cyber threats, which has also become especially important in the age of AI, Swart said. “Vulnerabilities in all software can be exploited easily by AI,” she said. “The special sauce that leads that effort is a risk group. They’re accustomed to taking those results and being able to consult with customers around what’s the most important thing to address now, on down the line.”
All Covered also offers its clients managed security training, given that many breach incidents still come through phishing attacks via emails, and the company has a team that mans the KnowBe4 platform to prevent phishing emails and offer a proof point for email detection, Swart said.
Overall, Swart said the service providers that All Covered has selected have done well in embracing and leveraging AI, and she opined that those who don’t will not survive. “AI is ramping up so quickly on the offensive side, on the hacker side, [and] all these platform companies are still trying to catch up,” she said. “As recently as eight months ago, we were still using AI primarily to help us with research and report writing. It really wasn’t until three months ago that we saw some real, actionable changes in MTTR. … The pace of everything is going to change quickly.”
Phishing emails and ransomware have recently impacted two large customers of dealer JD Young Technologies (Tulsa and Oklahoma City, OK) with 100-plus installations apiece, said Mike Milburn, vice president of information technology. “In both cases [the employee] thought it was legitimate, clicked on it and installed ransomware onto their PC,” he said. “The ransomware sat there, incubated, waited, and, at the predetermined time, at 2:30 or 3 in the morning, it hatches, goes across the network, and locks up files and software. That experience is not a new experience for anybody in the managed service provider space.”
One office technology dealer’s story
Office technology companies can mitigate such possibilities, but they cannot entirely foreclose upon them, no matter how much other cybersecurity protection they provide, Milburn said. And when an employee slips up, “they’re going to get something,” he said of the hackers. “It’s a matter of how you recover.”
When a breach occurs, the cyber-insurance provider sends its adjuster team to look at the network, figure out where it happened, whether the managed service provider or the client caused the problem—and then asks what needs to happen to prevent it in the future, Milburn said. After doing mitigation work for two or three weeks around the clock, they depart.
“They impose rules on us,” he said. “You have two groups in a disaster scenario both calling themselves the cybersecurity provider. One is the mitigation team, [asking], ‘How bad is it? How much money are we going to pay you?’ Then you’ve got us sitting over here. We’re managing the network.”
Most managed service IT providers, like JD Young, provide services that tend to be labeled as “our cybersecurity suite,” such as email or endpoint protection, Milburn said. “Is your computer doing something bizarre at 2:30 in the morning that it shouldn’t be doing?” he asked. “Is somebody from Bulgaria logging into your network?”
But many clients can’t be talked into paying for the full suite, aside from some larger customers, and Milburn wishes others would. “I don’t like it. I want them to step up,” he said. “They pay for the bare basics at most.”
