HITT Series Videos

HITT- Mobile Device Management and Cybersecurity Vulnerabilities- July 2, 2024

July 2, 2024

Introduction
Today’s HIT training is focused on mobile device management and specifically on addressing cybersecurity vulnerabilities associated with those devices.

Our featured presenters today are Telarus VP of cybersecurity, Jason Stein, along with Telarus VP of advanced networking for IoT and mobility, Graham Scott, with special guest, Chaz Chockley, VP of channel and strategic partnerships at Data Prize. This is one powerhouse lineup. Guys, welcome to the Tuesday call.

Morning.

Thanks, Doug. How are you?

Very, very well. It’s good to be back.

And, boy, we’ve got a hot topic today. Always enjoy, anything to do with cyber security. It’s kind of my own personal hot button. Today, we combine it with mobility.

Yeah. We’re very excited to have Graham and Chaz with us. We thought we’d shake it up a little bit, make it a panel, talk a little bit about how security’s being disruptive and impacting both the Internet of things as well as the mob the mobile device all the mobile devices that we have for our clients today and give you some ideas on how to go into your clients with that strategic conversation with some knowledge, some statistics, and then some things that we’re seeing being done to help protect organizations.

Statistics on IoT
So what I wanted to do is, typically, I like to share a lot of statistics. So I wanted to first start off with some of the the overwhelming stats that we’re seeing first with IoT.

You know, as we see the number of devices continue to rise in this space, last year, we saw the market actually reach over a trillion dollars when it came to cybersecurity, so massively growing. And then, you know, the devices last year were somewhere in the twenty, twenty billion range. Now this year, not only has it doubled to almost forty billion, but we’re seeing the industry become a eight hundred and seventy five billion dollar industry just for IoT alone.

Here in the next year, it’s just gonna continue to grow. What we’re trying to do is help everybody get their arms around the all the devices that are touching their networks, anything with an IP address, and then how do you secure it? You know, so not only do we worry about the workplace, but then we think about what are all the devices that we have at home?

You know, our refrigerators, our washer and dryers, our ovens, and, even my Traeger has an IP address. And, you know, then we have all the listening devices, of course, at home. But, you know, Bitdefender actually has an interesting stat that says they typically block on average of two point five million threats every day. That comes out to about seventeen hundred threats per minute, and that’s just at our home.

So think about all the people that are visiting your house, connecting to your Wi Fi. You know, there’s a if you have children, they’re connecting your Wi Fi. They’re bringing their friends over. There’s so many things that are constantly touching not only our work network, but also our home network, which then could impact our work, computers.

Mobile Device Breakdown
And then if you think about some of the the breakdown of those devices, seven billion devices are smartphones across the world.

Seventeen point five billion are actually other mobile devices that we have.

And then, you know, something that’s kind of in interesting to see that the number of mobile device attacks has increased to thirty three million, which is over fifty two percent of what we saw in the past. So we’re continuing to see a massive spike when it comes to strategically going after mobile devices. And I’m sure if you’re like me, most of us get those spam texts, especially from your CEO, wanting you to go to buy gift cards or click on the link to, figure out that there’s some bit Bitcoin offering that we’ve never heard of before in our entire life, so it’s gonna make us a ton of money.

IoT Malware Attacks
So, Chandler, next slide for me. So, continuing on in some of these statistics going back into the IoT, we’re seeing the Internet of Things malware attacks increased by thirty seven percent globally, which is over seventy eight million attacks.

You know, the interesting breakdown of that, though, is most of them are routers.

Routers make up seventy five percent of the infected IoT devices.

Every time I go and sit down with an IT decision maker and talk to them about their Wi Fi and their network, and I I say, when’s the last time you changed your Wi Fi password? A lot of them say it’s been over six years, which is super staggering. Chaz I’m watching Chaz’s face because I’m sure he’ll, talk a little bit about that. But, you know, most companies think about all the turnover they’ve had in their staff, in their IT department, and yet nobody’s changed their their, router passwords, their wi fi passwords.

Now here’s the crazy thing, Thirty four of the thirty nine most common Internet of Things exploits over the have been basically three years old on average, showing that most organizations haven’t even addressed all the bad actors that are over three years old. There’s new ones coming out every day, but the ones that seem to be impacting routers, devices, getting into networks, are still three years old on average. So getting our arms around that IoT, putting security around those measures, You know, you’ve definitely heard us talk about in the past exploits around, IoT devices.

They’re putting sensors in porta potties. They’re putting sensors in health care devices, crash carts in hospitals to make sure that, you know, the right prescription gets medicated for prescribed for our our loved ones, and then heart monitors for our loved ones. Everything has an IP address now.

Then now if you switch back over to mobile devices, there’s three billion SMS scam messages sent out every week. That’s over four hundred million per day, nearly three hundred thousand per minute. This is also known as SMishing. So if you’re getting SMS, scam texts and you go to click on them, typically, it it more prevalent in, some of the the WhatsApp type of devices, but, you know, they’re getting through. And then mobile adware is the number one threat accounting for forty percent of all detected threats.

So a lot of us are trying to download all different types of things, and we don’t realize that there’s adware that’s associated with some of those. So we need to make sure that we’re doing our due diligence there.

So what are some questions that you can think about of asking your customers?

Security Measures for IoT and Mobile Devices
So when we first start to think about IoT, Chas, go ahead and go to the next slide. So first, you know, what are you doing to get your arms around all the devices that are hitting your network? How are you securing those devices? What security measures do you have in place to make sure that we’re protecting everything with an IP address? And a lot of that comes with EDR, endpoint detection response, which then you need MDR, which is managed detection response, which is that SOC, that human element.

So we wanna make sure that we have everything looking at anomalies that are hitting our network, anything that’s an IP address that may be trying to do something malicious, and we wanna make sure we’re looking for those anomalies using humans to do that. Now when you look at mobile devices, how are you protecting all the mobile users that are coming in contact or have access to your organization? They could be remote. They could be actually in your building.

They could be visiting your building. We need to make sure that we’re protecting those. So I’d like to pass the baton over to Graham. Graham, tell us a little bit about what you’re seeing not only from an IoT and a mobility standpoint, but MDM.

MDM and its Role
How does that come into play in your world? And are we seeing a big uptick in the adoption of this? And then are you hearing when this comes up, customers saying, how do we secure it?

Yeah. No. Thanks, so much for having me on with you today, Jason. I think, you know, I always like to say that none of these technologies exist in a vacuum. Right? All of these, you know, lend into one another, and they all have to work together.

So with the world going mobile, and I think the most recent stat I saw is that forty two percent of new business are are going exclusively mobile. So that’s almost half, and that number continues to grow year over year. With businesses going mobile, there’s a whole new threat vector in the cybersecurity space. Right?

That people don’t often think of. I think we tend to think of our mobile devices as separate and distinct from all the other stuff that’s going on with our work. But, of course, they’re totally related when we use them for business, use them to get on to the networks, use them to access data. So, Chandler, if you wanna go ahead and forward to the next slide.

Mobile Device Management Software
The solution that is most commonly deployed in the mobile device world is what’s called MDM or mobile device management. And essentially, what it is is it’s software, and there’s a number of different kinds of software that you install on the device to monitor, manage, and secure the devices.

So the goals of the MDM are typically to just ensure that devices are complying with company policy, and that we can remotely manage them and contain them if we find that they’ve been, you know, the subject the victim of a threat or malware or some kind of devices to protect that data protect that, our network from the device. So lots of things going on there. As I said, there are a number of different types of software. For example, if you have a Microsoft e five or e six license, it comes with Intune, which is one.

So that’s a very popular one. But what we’re finding is companies have access to these services, but they’re not using them. They’re not deploying them on the devices, and they’re not managing them effectively. Just like any effective cybersecurity program needs to be updated, it needs to be monitored, and it needs to be maintained.

So why should we care? Right? Like, our mobile devices do everything for us. Right? We manage applications.

We have access to all kinds of company data on there. We need to protect that. We need to protect the company data. So MDM strategy also make sure that we’re configuring devices properly.

We’re adding the right types of applications. We’re adding the right types of solutions and preventing other applications from being added to the phone. So we wanna be able to control what goes on and what goes off. Also, obviously, preventing security breaches and being aware of security breaches when they happen.

These are some of the elements of an MDM software. And then I think big part of that also is the employee experience. Right? We want our employees to still have access to use these devices efficiently and effectively for what they were intended without, you know, compromising the company’s security and the company’s, positioning.

So next slide there, Chandler.

Implementing MDM Policy
So where does an organization start? Okay? Well, the first thing when they’re having a conversation about MDM, it starts with policy. Policy, policy, policy.

That is the key of an MDM strategy. Do you have a policy, and are you implementing it effectively? Now this is something that we see, you know, most large businesses will have a policy, will have things in place for mobile devices. It’s small businesses typically where you don’t see an effective policy in place, and it’s just as important because those small issues can become massive issues as the company grows.

So as company scale, this is more and more important, but just because you’re a small business, you cannot ignore this. This is, again, as Jason laid out in his stats, one of the most common threat vectors we’re seeing is mobile devices, and small businesses use them just like big ones do. So here’s some questions to ask. If you’re engaging with a customer, you wanna find out, hey, what is going on with your with MDM?

What is your policy as it pertains to mobile devices? So question to ask, do you have an onboarding and offboarding process for new and leaving employees? Right? What’s that look like when somebody starts with the company?

How are you issuing devices to them? When somebody leaves, how are you securing those devices that they are leaving with? What is your policy surrounding procurement of new devices? Do you allow employees to bring their own?

Do you hook or go and acquire those for the employees? And speaking of bring your own, what is your policies that as it relates to bring your own device? So, you know, a lot of companies just let employees bring their own devices. Well, hey.

You don’t know where that device has been. You don’t know what’s been on that device. You don’t know what that employee’s been using it for. So there’s a lot of concerns there if you have a BYOD policy, and some, things need to be in place.

Very common among small businesses to to just say, hey. We just let the employees use their own. And, obviously, as as I’ve laid out and Jason’s laid out, still a big threat there. So what is your security, policy surrounding unsupported repositories?

Big, big question there too. Right? And what is your policy surrounding decommissioning of devices? So if a device gets broken, lost, or, and recovery and e waste.

So these are some great questions to ask just to kinda get you in the door. And one of the things we find with MDM is it’s an awesome gateway drug. You know, as I talk about in my Ascend events, everybody is using mobile devices, and everybody needs to think about securing them. So you can ask the questions about MDM, get you in the door, have a discussion, and it can lead to a discussion on a bunch of other things, including full life cycle management or wireless expense management.

We’ve got a number of suppliers in the portfolio that do that, including wireless watch dogs, Spectra Tel, MetTel. There’s a bunch of them that do that for you. So coming in there and managing the entire life cycle of advice, great opportunity. MDM is a great entry there.

And then other managed services. Right? Conversations about MDM lead to conversations about other managed services. So, Chas, I think this is where you wanna come in here and talk about what you guys are doing in that space.

MDM as a Gateway to Managed Services
What does it look like when you actually deploy an MDM solution, and how does that potentially lead to other opportunities?

Of course. And and thank you again for, allowing me to be here with the the ghosts of security and and mobility and IoT. So, appreciate it. You know, Graham, first, I’ll start off with sticking to that mobile device trend and that last bullet point that I have here. And oftentimes, trusted advisers, suppliers, when we have these conversations with customers around security, especially in that SMB space, will say, oh, we’re not we’re not a target. We’re too small. You know, we’re we’re we’re not a threat.

Physical Vulnerabilities of Mobile Devices
First off, wrong. But but second, they they look at that as someone trying to proactively attack them remotely or digitally. Right? But what Verizon just put out in their their DBIR was that mobile devices are, vulnerable not necessarily because of a remote hacking or or infiltration, which they they still are, but it’s more common that their the users are going to lose them.

They’re going to lose those mobile devices or wearables or tablets. Right? Anytime I’m at an Ascend, how many people are are working off of their phone, off of their, their, their their wearable, their, iPad Pro. Right?

All of those things that will get left behind, and that is where those vulnerabilities can come in. It’s actually a physical concern. So having an MDM policy or a lesser version called a mobile application management policy, which just focuses on the application, not necessarily the device itself. Having that in place helps kind of protect that that against that threat that is really caused by the user, just by leaving their device around.

So more data, obviously, here. Jason and Graham highlighted the the increase, in in cyberattacks on IoT and mobile devices.

Impact of IoT Attacks
The the the hardware turnover cycle that we’re seeing, isn’t just with workstations and servers. We’re seeing that in manufacturing industry, in health care industry, where those devices now need to be refreshed. Right? And as those devices get replaced, you’re seeing them become IP capable or or a part of the IoT world.

Right? So they’re getting IP address. They’re getting access to a network, which makes them vulnerable. So you’re seeing this rise of organizations report, incidents from those devices just because there’s more and more coming onto the scene.

Right? So, and then what they’re finding with those devices is that a good portion of the enterprises that have IoT devices in their system are experiencing a more costly recovery event on from those IoT attack vectors than from your typical workstation or server attack. Right? So it just shows how critical it is to to protect those IoT devices.

The Importance of Protecting IoT Devices
If we move on to the next one, Graham, I can kind of highlight how how Dataprise and and our wireless watchdogs division, which is managed mobility and and mobile device management, how we can protect these things. So, obviously, with IoT and those devices, what you’ll hear, operational technology, or industrial control systems, so OT and and ICS, which I think I’ll define here in just a little bit.

You’re you’re with them being IP capable, Internet capable, or network available, you can apply some of the same features that you get from MDM or MAM, right, to these IoT devices. So Graham listed the benefits of of MDM. Some of the things across MDM I have here listed on the screen. I won’t read them for you. I’m sure everybody can read. But you’ll see a lot of them carry over into IoT, right, specifically the enrollment and unenrollment, the security updates, and especially the monitoring and reporting, and that’s where the security comes into play that Jason alluded to, right, or directly mentioned, is having some sort of EDR toolset that’s reporting into a SOC or a SIM, so that you can have a a greater visibility, not just across your IT information technology network, but your OT and IoT network. So the all of the modern players, Defender, CrowdStrike, they have IoT flavors that can address, kind of that EDR toolset need for those IoT devices.

To define OT really quick, operational technology, I’m gonna go ahead and read it because it it came from at least NIST, which Datafryze being a a DC metro area HQed organization, we see a lot of NIST, a lot of CNMC, a lot of regulatory compliance needs, which again are going to drive and mandate, IoT and MDM policy enforcement.

Defining Operational Technology (OT)
So OT, or operational technology is programmable systems or devices that interact with the physical environment or manage devices that interact with the physical environment. These systems devices, they detect or cause direct change through the monitoring and or control of devices, processes, and events. So, Jason mentioned some of them before. Think physical security. Think, environmental controls like HVAC systems, which, everybody probably knows about the target, infestation of a a while back.

Think, fire control systems, building management systems in the health care space, MRIs, IV drip machines. All of these things are becoming Internet aware or network aware. So all of those fall into that operational technology category.

I think we move on to the next one.

And and, Jason, I don’t know if we wanna talk about this now or or keep going on it, but, the one one big aspect that that Dataprise works closely with, with the help of Telarus is this cybersecurity insurance messaging. Right? And the the the play there, the need there is that if if if you have, mobile devices, if you have IoT devices and they’re not protected, right, they’re not managed via MDM or through some sort of IoT device management, if an attack comes in through one of those vectors, your cybersecurity insurance may not cover the incident.

Cybersecurity Insurance and IoT Devices
So you could be paying out of pocket, which kind of led to that stat on my my first screen, which was talking about the cost of an incident originating from an IoT device. So it’s critical to have an MDM, have an EDR policy in place or solution in place to protect those, mobile devices and and IoT devices.

Yeah. This is great, Chez. You know, we’ve had a previous hit series that we did around cyber insurance and risk and and how they overlap. And then we’re gonna have a cyber insurance blog and a cyber insurance white paper coming out shortly. You know, so when you think about, you know, Chas, how many times do you get inquiries around the protection of these devices?

Engagement with Cyber Insurance Carriers and Brokers
You know, are are people usually not aware to some of the security measures? Are they kind of oblivious to thinking that that’s one of the things that they need to focus on? Or are you getting more and more requests because of things like cyber insurance requiring more security and the fact that they won’t pay if they don’t have certain security aspects in place?

So we work with cyber insurance carriers and brokers, and they help us define kind of the controls list that are required in an application for that. So as we’re working with trusted advisers and their customers, we’re, empowering them, giving them the resources for these control lists that help them with those questions. Right? So it’s it’s I gotta say it’s fifty fifty. Right? So half of it is us bringing it up to the customer, in that, are you aware that you have this regulatory compliance?

Shift in Awareness and Demand for MDM and IoT Security
Do you, you know, do you have cybersecurity insurance, period? End of story.

And the other half is from a more informed trust advisor, or their direct customer that is actively looking for a solution to meet those controls. So I’ll say it’s fifty fifty, currently.

Six months ago, it was a very different story. I think Telarus and others are doing a great job of messaging the need for MDM, and IoT security, especially around the cybersecurity insurance space. So it it was, probably seventy thirty in that we were doing it proactively, six months ago. But now we’re seeing more of a trend where trusted advisers are really understanding, to to Graham’s point, right, using it as a as a gateway drug into other managed services. Right? So you start with the cybersecurity insurance conversation.

Using Cyber Insurance as a Gateway to Managed Services
That leads you to mobile device management and EDR. That can lead you into managed mobility. That can lead you into other managed services. Right? The IT managed services. So, using cyber insurance as a a foot in the door has been a a great plan for a lot of trust advisers.

I wanted to point out real something real quick that Chaz just said. So I’ve been talking to partners consistently around going and aligning with brokers. You just heard Chaz say that brokers are calling them now. If we don’t go reach out to brokers and see if we can be that resource that they go lean on, then they’re gonna go make these calls to all the suppliers in our portfolio. So we can be that resource. We can help create a marketplace for them and help clients with with all their cyber insurance needs, especially when it comes to IoT and mobile mobility.

Evolution of Mobile Devices and Security Concerns
Yeah. And just to build on what Chad said, I think, you know, if we think of the evolution of our mobile devices. Right? When we first got them, we used them to make phone calls.

That’s what they were for. Right? But now they do everything. Right? And I think as those devices have evolved into true business tools, they thus then become, a threat a threat factor or an attack factor for, you know, bad actors.

So a big part of it is the awareness. Right? Companies don’t tend to think of their mobile devices at the same way they think about things like their servers or their laptops or their routers at the physical location. They just they don’t think about them the same way.

And I think it’s really incumbent upon us as tech advisors to have that conversation. Like, hey, are you considering your mobile devices? Do you have a policy? Let’s talk about that.

We can help you build that. And to Chaz’s point, once you kinda open the door there, there’s a whole lot of other conversations that can come out as a result of that. And I think, you know, the smart tech advisers are the ones out there taking advantage of that.

Trending Focus on IoT and OT
Yeah. Great point. Graham, where are we at today when it comes to IoT? You know, where where are we trending? You know, I I think about cybersecurity was just seven hundred thousand MRR just two short years ago, and now we’re tracking towards four million. I think smart cities are popping up. You know, IoT is a huge focus, and we wanna put more security efforts in place.

Yeah. No. You’re you’re absolutely right. I think IoT is kind of where security was three years ago.

Right? Where everybody kinda understood what it you know, hey. We gotta start talking about this. There’s something, you know, there’s something here.

And then over the last you know, when really things started to be productized and brought out with a little more kind of, rigor and discipline around them, that’s when it started taking off. Every single IoT product you look at, you look at the product predictions, it’s up into the right. I mean, I think in three years, we will be, you know, several million dollar business with Telarus. I think we’re, you know, we’re probably about three hundred thousand tracking for this year, and I think, you know, that’s kind of a similar trend to you had in security.

Right? You you were out, you know, and then you doubled the next year and doubled the next year and doubled the next year. So I think we’re gonna start you know, we’re starting to see the same thing in IoT. Tremendous growth there.

The Significance of OT in Cybersecurity
And I also wanna talk about OT. Right? Jason, I know this is one of your favorite topics because, you know, if you look at the big, attacks that have happened, Target, Caesar’s Palace, those were through unsecured devices on the network. And as every device now is becoming Internet connected and Internet enabled, just that threat vector comes in.

And and we’re talking about essential pieces of equipment when we’re talking about OT.

OT is definitely becoming one of the hot topics.

Both IoT and OT, according to Forbes, according to Gartner, are both big topics for clients this year. So if you’re not having those conversations, chances are your your customer’s having those conversations with someone else. So we need to make sure that we are ringing those up. There’s not a lot of security types of solutions around the OT experience, but it’s absolutely mandatory. And to get your cyber insurance, not only do you need MDM, you need to start looking at IoT, you need to be looking at OT, you need to have security measures in place to protecting all those little, things that have either an IP address that are software related, hardware related that could potentially be a vulnerability for your organization. So, yeah, it’s such a huge talking point.

Upselling MDM and Mobility Services
You know, both Chaz and Graham, when I think about mobility and I worry about security and not enough security and people just want the mobility aspects, but they don’t think about it, how many clients typically purchase some type of mobility from our partners through Telarus and don’t purchase MDM? Do we have an upsell conversation opportunity?

And, I mean, how much more can it add to an overall experience to the client and sale to our partners?

Yeah. Absolutely. Not only just from an MDM standpoint, but from an entire life cycle management process. I mean, wireless watchdogs, which is the data price subsidiary does that.

SpectraTel, where our good friend Chris Whitaker is, does that. Mattel, there’s a lot of other companies that do that. And so just procuring the devices and just getting those devices into hand, obviously, opportunity there. But for partners that aren’t expanding that conversation, they’re really missing out.

And I think right now, we’re probably about a twenty percent take rate on some of those services, and just, obviously, a great opportunity to to expand that conversation and bring in more revenue, because there’s a lot there. Companies are are having a hard time getting their head around how to managing it. A lot of them will tell you, oh, yeah. We’ve got, you know, Intune through our Microsoft, but they’re not doing anything with it.

Right? They’re not managing. They’re not patching it. And, Chas, I think you guys have found some some problems in that aspect.

Right?

Underutilization of MDM Solutions
Absolutely. Intune, Workspace ONE, SOTI, MobileIron, Jamf, Math three sixty, those are all some of the common applications that you’ll see, that that organizations may have acquired. They’re not taking advantage of it. They’re not utilizing it. They’re not, updating it as, best practices come to, to light each each day, each month.

So it it’s it’s having a a managed service that can provide that real time up to date, MDM, mobile device management, again, or mobile application management solution that’s going to to really help them. I agree with you, Graham, that, we’re seeing more on the managed mobility side, right, kind of the the the wireless technology management, that bleeds into MDM. Right? Especially in the SMB space.

Right? We’ll we’ll we’ll start with management, which is security. You’re talking about cybersecurity insurance because that ties into it. You’re talking about, general, endpoint detection and response.

And then to Jason’s point, the next level up from there is is manage detection and response where you’re adding in a broader SIM solution with a SOC that’s managing the, entire environment across mobile devices and the rest of the endpoints, servers, workstations, switches, firewalls.

That’s great. Doug, why don’t we open it up to some of the participants that are joined have joined us? What kind of questions do we have for the panel?

Importance of MDM in Small Businesses
Absolutely. You can tell it’s the feel good call of the year. Every time we discuss cybersecurity, everybody’s minds start rolling a little bit. We get some great questions out there. I I appreciated right at the start that you talked about the devices getting lost. This is an area of cybersecurity that we don’t often talk about because everything is fixed, watched, inventoried, and whatever else, but those devices are out there everywhere.

And, when we this kind of MDM management, that is a very important part of all of this. Some of the questions that are coming in from the, partners that are listening have to do with the ability of of designing an MDM policy for the very smallest of businesses in addition to larger concerns.

What sort of things are involved with that? Are we looking at cost? Are there specific regulations and, qualifications that are involved in order to remain compliant?

Absolutely. I I can take this one, guys.

So in the SMB space, they’re still beholden to regulatory compliances, right, depending on what vertical they’re in. So it’s not just the small it’s not just the large players that are vulnerable to attacks.

So the small players are definitely there.

Oftentimes, those smaller players are either born in the cloud or have heavily migrated to the cloud, in many cases, taking advantage of of Microsoft’s, o three sixty five solution. To Graham’s point, many of the licensing packages include Intune, which is that mobile device management, mobile application management solution. So they either already have the ability to layer in MDM, or it’s a very small uplift in their operational expense to, to to provide that service, to layer in that service.

Yeah. I think just to build on that, just like small businesses need a cybersecurity sol solution or or plan, you need an MDM plan as well. It’s part of it’s part of the process. It’s part of it.

So policy policy policy, the small businesses, the big businesses, it starts with a policy. What do you do when a device gets lost? How do you lock it down? All those kinds of things.

I mean, those are questions that every business needs to be asking. And to Chaz’s point, the small businesses are just as much are threatened just as much as the big ones. Right? In fact, more so because a lot of times they have more vulnerabilities.

Yeah. Typically, they have less IT resources, one to five, and typically, one of them has multiple hats and is the head of their security, or they outsource it to an organization who only does fractional pieces of security.

So, you know, there’s thirty one million companies that identify as being SMB headquartered in the United States.

And, that’s two fifty employees or less for that statistic. There’s just so many companies out there that will be susceptible and not have enough security resources to be able to fend off bad actors.

Yeah. I will add to that that typically where you see a lot of value delivered to the client as far as managing entire life cycles of mobile devices is somewhere between fifty and a hundred. Like, typically, that’s where you’re gonna deliver a lot of cost savings in addition to, of course, tackling so many of these types of issues, policies, etcetera.

Impact of MDM on Cybersecurity Insurance
There were a couple of questions that came in around cybersecurity insurance as there always are, but specifically re in regard to mobile devices, are there requirements in most current cybersecurity policies that require the existence of an MDM policy or other compliance type of, situations in order to obtain the insurance necessary? Bit of a chicken and egg situation.

Josh, you wanna start?

Sure.

In short, I don’t know about required, but there are all sorts of caveats that will prevent them from paying out on an incident if the MDM is not there. So you may be able to get your cybersecurity insurance, but you may not be paid out on an incident if it comes in through a mobile device or an IoT device. That’s more that’s most of what we’re seeing. Now, a lot of the more mature carriers, insurance carriers, have a pretty rigid, controls list that helps them define what the cost to their customer is.

So we’ve worked with a few of those insurance carriers to, make sure that our solutions meet all those controls that help them, have that complete coverage so that they’re not surprised if and when an incident does occur. So, I think you’ll see more and more as people utilize their mobile devices as their primary device, as they become more capable, that cyber insurance will start to mandate that those devices are covered. For now, at least, what I’ve seen is that it’s just a caveat that, your incident may not be covered if it does come in there, but you could still get the the insurance.

So I’ll add that a lot of the things haven’t specifically called out mobility or mobile devices yet, but they really pertain to it. So policies and procedures used to be policies and procedures on how to restore your backups and your disaster recovery. Now they’re so vague because they want policies and procedures on how you’re gonna handle your mobile devices. They want stronger passwords for every IP that touches your network. They want, passwords that are not repeatable, that don’t use the same characters.

They wanna have multi factor authentication.

So that secondary factor authentication, which involves your mobile device. So not only do you need to have that to have your mobile device protect the network, but in order for your computer to to protect the network, you need your mobile device to bring up that multifactor authentication. And then to Chaz’s point, there’s a lot of things that we’re doing from, security awareness training to other aspects that in order to just even qualify for a policy, you just have to address some of these measures and put them in place or that policy is gonna figure out a way not to pay. Because let’s face it, I mean, they’re not in business to pay on every breach. They’re chunking them off separately, and they’re trying to identify ways in which they can not pay when there’s a breach or limit the amount that they can pay per breach. And you’re gonna see mobility as it continues to progress probably be something that’s a requirement in two thousand twenty five.

Yeah. In the words of the great Canadian Wayne Gretzky, right, we wanna be where the puck’s going. And I think with cybersecurity policies, this is where the puck’s going. Right? This is the next iteration that we’re gonna see, so we wanna be preparing our customers for it.

Happy Canada Day yesterday and first appearance of Wayne Gretzky on the Telarus Tuesday call.

Earlier, Graham mentioned, sort of a a gateway drug analogy, and I liked it.

Mobile Device Management vs. Mobile Application Management
Can we clarify again the difference between mobile device management and mobile application management? That came up earlier. Is one sort of a gateway to the other, or do they need to be used in tandem?

So, Jason, correct me if I’m wrong or or Graham, correct me if I’m wrong. I believe mobile application management is a component of MDM Yes. In in that mobile application management focuses specifically on the applications on the device. Right?

So restricting the applications or requiring certain things to access those device. Mobile device management, yeah, mobile device management actually applies policies to the device. Right? So, you have to have some sort of encryption enabled on the device.

You have to have, a login to the device. It can’t just pop up. Right? You have to have a code or a biometric access, enabled on it.

So it it recurring password changes, things things like that, apply to mobile device management. So think actually on the device versus the applications on the device.

And I realized I talk too much with my hands.

It looks good on camera. It’s just on here.

Yeah. You’re starting to see things like chat GPT not be allowed in organizations, not just on their laptop or their desktop, but also on their mobile devices. And so locking that down, you know, you think about, still there’s so much rise in AI, especially from a mobile standpoint, and yet we don’t have ways to protect it because it’s so far ahead of the the curve right now. So we’re trying to put a lot of security measures in ways to protect things like mobility with things like AI.

Impact of Mobility and AI on Security Measures
I we’re running short on time, but there was one other great question that I wanted to be sure we brought up. And as we move down the spectrum a little bit, we’re talking about the mobile devices and whatnot. How does this, either become enhanced or complicated by, more UCaaS and CCaaS applications being performed on mobile devices?

Yeah. I I mean, I can start. So there’s we’re trying to to see where security is playing a role in mobility and the CX experience.

Security Measures for CX Experience and Mobile Devices
You know, right now, it’s EDR, MDR, so endpoint detection response, anything with an IP address to look and identify anomalies, eradicate them, get them out of the system. And a lot of that comes with MDR, which is managed detection response, which is that human element. We’re also looking at SIM, which is the, event and management platform that looks at the logs, and we’re looking at logs of mobile devices. We’re looking at SOAR, the orchestration layer, and how that comes into play. But, you know, there’s just there’s not a ton. I’ve had a lot of conversations with some of the top CX companies, and I said the first company that really invests a lot of security around that CX experience is gonna change the industry and get the lion’s share because I still don’t think there’s enough security in that space, pure security built for that CX.

Role of EDR, MDR, and MDM in UCaaS and CCaaS
Chaz, what are you seeing? How is that impacting? And then coming into play with MDM mobile devices.

Yeah. No. I I agree with you there that I think there’s some some growth needed, but having, an EDR and an MDR and an MDM solution in place is going to be a great first step to ensure the the broader aspects of UCaaS, CCaaS. Right? Because in most CCaaS environments, you’re talking about a call center that’s running off of a workstation.

So that workstation has to be protected, even though it may be a SaaS based service being being delivered.

Now a lot of the, XDR tool sets, EDR tool sets, have some capability of of SaaS based transaction management, or monitoring at a minimum. So, again, it’s going back to that EDR, MDR for the the workstation side of it, and then having MDM and even EDR, on the mobile device side of it.

Importance of Securing Mobile Devices
Yeah. Just to build on that, I mean, we really have to think start thinking of mobile devices the same way we think about things like workstation, servers, routers in a physical environment. I mean, just because the mobile devices are moving around, they’re no less vulnerable than these other devices. So just like you’d secure a workstation to your point, Chaz, you gotta be securing your mobile devices as well.

Jason Graham, last question. What Telarus resources would you like to, make known to our partners that are available both, in their back offices and human resources that we have available to help them in narrowing down solutions and narrowing down potential vendors for their specific application.

I can start with cybersecurity. So, you know, we have a a deep bench of really amazing engineers.

All the engineers are are very solid. You know, we have four soon to be five CISSPs, which is the equivalent of a doctor degree in cybersecurity.

We have two that, are certified in, CISM, which is the equivalent of a doctor degree in risk and governance.

And, you know, all of those resources are available to bounce ideas off of. We have so many different suppliers are really addressing different aspects of either IoT, OT, mobility, and, you know, how do we look to secure that whether it be EDR, MDR, and most of them have something in place. And then there’s some really unique niche players that Graham can recommend. But starting with those engineers, we’ll help, Jeff Jeff Hathko is our solutions architect, and he’ll jump in and help, support from just a pure cybersecurity standpoint.

They’re they’re all really the best in the industry. Graham?

Yeah. And and just to build on that, I mean, our one one thing our engineers are really great at is taking one conversation and leading into other conversations.

The the stats we pulled on that are tremendous. You know, creating opportunity from a starting point of one discussion, and maybe it’s MDM, maybe it’s something else. But engage those engineers. Jason Kaufman is kind of our mobility, subject matter expert. He also is a CISSP.

And then, of course, Jeff Hath coat is fantastic as are the entire team. We have a lot of great suppliers in the portfolio that can do MDM and aspects of life cycle management. A lot of our MSP partners can do MDM as well. They don’t necessarily do some of the life cycle stuff, but they do that. Dataprise, obviously, uniquely positioned as having an arm in wireless watchdogs that does only mobility. So lots of great options there. And if you’ve got some opportunities, let’s talk about them.

Cybersecurity Insurance as a Service
And, guys, if I may, there there was one question kind of talking about, that insurance as a service, the cybersecurity insurance as a service.

Jason Graham, do you mind if I talk about that program with with DataBryse? Sure. So the the short version is that, there’s no easy commissionable solution to bring insurance into, the the TSD market. Jason and I have been working, aggressively on that. However, comma, the the regulations, are preventing us from from bringing that into it.

So what what Dataprise has done is we’ve partnered with a cybersecurity insurance firm, named Converge, and there’s we’re utilizing this Converge Connect, plus program.

What that is is that if one of your customers has Dataprise’s NDR service, right, a premier solution, for cybersecurity, combine that with MDM, and then I gotta give a shout out to Chris Whitaker for the peanut butter and jelly, as he and I have had many of those conversations. Peanut butter and jelly is cybersecurity plus DRAS, disaster recovery as a service. And my nine year old came up with that at the time.

So, if you have cybersecurity, you have disaster recovery as a service, and you have that mobile device management, our partnership with Converge will allow your customer to save thirty percent on their premiums.

For a large enough organization, that can put a big dent if not fund the cybersecurity program.

Right? So you you get a cybersecurity solution sold. You get a mobile device management sold. You get a disaster recovery of the service solution sold, and then you’re saving your customer, up to thirty percent off of their cybersecurity insurance premiums. All of that through a data price package.

Again, we’re not providing cybersecurity insurance.

We’re just introducing, the cybersecurity insurance through you, the trusted adviser, so that you can be an even more, valuable trusted adviser, to to introduce that cybersecurity insurance, solution.

I love that, Chaz. I’ve been trying to to do that, but it’s heavy it’s heavily regulated in the space, and I was trying to figure out what suppliers we could marry with the brokers to try and make some of that happen. You know, you saw policies a million dollar policy used to cost a hundred thousand dollars, and then it went to two hundred thousand, three hundred thousand, four hundred thousand for a million. I even talked to one customer who paid a million dollars for a million dollar policy because they didn’t put any security measures in place.

So the more security measures you can put in place, the lower that policy will become. But Chaz has done that next step, which I always wanted to do, which you said, if we can marry the providers in the Telarus ecosystem with some of these brokers and get the policy to get a discount of twenty, thirty percent because these have been stamped and approved, then I think that there’s an opportunity for us to kinda do something really strategic, in this space that no one’s ever been able to do. So take Chaz up on that offer. You know, go get wireless watchdogs in in, Data Prize involved, and then get a a policy for your, for your clients.

Business Opportunities in Cybersecurity
So lots of ways that we can engage with, your customers and really help protect them, add more value, add more revenue. And, again, it’s a business conversation. It does not need to be a technical conversation.

Great job, everybody. I gotta leave it there, but, we appreciate, Jason Stein, Graham Scott, both of Telarus, and Chaz Chokley of Data Prize for today’s presentation.