Human error remains a prevalent catalyst for security breaches. In fact, 74% of incidents include some human element, such as clicking on a phishing link, according to Verizon’s 2023 Data Breach Investigations Report (DBIR).
That is why it is important to raise cyber security awareness through training. Cyber security awareness training serves as a shield against a myriad of cyber threats that continuously morph and adapt to exploit vulnerabilities. By educating individuals on the diverse tactics employed by cybercriminals—ranging from phishing scams and malware infiltration to social engineering schemes — such training gives them the knowledge to recognize, thwart and respond effectively to potential attacks.
Compliology believes continuous education is crucial for reducing human error, a common weak point in cybersecurity defenses. And we had a chance to speak with Reesë Tuttle, co-founder and chief technology officer at Compliology, who will be a keynoter with her father, Chief Hacking Officer Jesse Tuttle, and will do a solo session in the MSP Expo Cybersecurity Theatre, along with presenting at IDEA Showcase.
Reesë discusses trends in the MSP space, what Compliology offers for MSPs – which includes cyber security awareness training and a simulated phishing service – as well as what she is looking forward to at MSP Expo 2024 , taking place February 13-15 in Fort Lauderdale, Florida.
Here is what Reesë had to say:
What recent innovations in your products or services are particularly relevant for MSPs?
We have developed a data indexing process that allows for more precise tracking and management of data across various systems, enhancing data governance and data compliance for the clients of MSPs. By refining the data indexing process, we enable MSPs to offer their clients a superior approach to managing data lifecycle, ensuring security and compliance without the complexity of manual management.
Describe your company's role in the MSP ecosystem and how your company supports MSPs?
We support MSPs through advanced tools for cyber security awareness, simulated phishing, and our data inventory tool, which are essential for enhancing data security and compliance to FTC Safeguard, IRS Publication 4557 and various state level data protection regulations. By providing these tools and services, Compliology helps MSPs become indispensable advisors to their clients, capable of addressing the complexities of today's digital threats and regulatory landscapes, thereby solidifying their role as trusted partners in their clients' success.
What are the top 2-3 trends you are seeing in the MSP space and why they are important to MSPs?
Compliance and data protection. With the tightening of data protection regulations across the U.S., the clients of MSPs are placing a greater emphasis on data compliance services. This is crucial for helping clients navigate the complex landscape of data compliance requirements, such as the FTC Safeguards, IRS 4557, and various state level law, ensuring they meet legal obligations and protect sensitive data effectively.
Increased focus on phishing services. As cyber threats such as ransomware continue to evolve in complexity and frequency, MSPs clients are urgently seeking a better solution to the human aspect of cyber security training. This trend is critical as it enables MSPs to meet the growing demand for robust training and phishing simulation solutions, training their clients staff against the latest threats and ensuring business continuity.
Reesë Tuttle
How are these trends impacting your business?
These trends are significantly shaping our business strategy and service development at Compliology. The growing emphasis on compliance and data protection has led us to further refine our data inventory tool, ensuring it aligns with the latest regulations like the FTC Safeguards and IRS 4557, providing our MSP clients with the means to offer comprehensive compliance solutions. Meanwhile, the heightened focus on phishing and cybersecurity training reflects directly on our efforts to enhance our cyber security awareness and simulated phishing services. We're innovating in these areas to offer more effective, real-time solutions that tackle the human aspect of cybersecurity, keeping our offerings at the forefront of what MSPs need to protect their clients in an ever-evolving threat landscape. This alignment with industry trends not only impacts our product roadmap but also reinforces our commitment to supporting MSPs in these critical areas, driving the evolution of our services to meet the current and future needs of the market.
How do your services/products integrate into the MSP landscape, creating symbiotic relationships rather than a mere vendor-client dynamic?
Our services and products are intricately designed to fit into the MSP ecosystem, acting as enhancements to MSPs' existing portfolios with our plug-and-play solutions focused on cybersecurity awareness, phishing simulation, and data management. Emphasizing a symbiotic relationship, we actively continue to develop our offerings, valuing feedback from MSPs to craft tailored solutions and custom integrations. This approach not only fosters mutual growth but also ensures our tools are finely tuned to meet the specific needs of MSPs and their clients, further deepening our partnership beyond the traditional vendor-client dynamic.
What emerging technologies (e.g., IoT, 5G, AI, generative AI, etc.) should MSPs be considering and incorporating into their service offerings to help their clients stay ahead in their respective industries?
MSPs should particularly focus on incorporating data compliance and protection services into their offerings. This focus is crucial as it directly addresses the proliferation of data compliance laws being developed across nearly every US state, ensuring that MSPs can help their clients navigate and stay ahead in the complex and evolving regulatory environment.
The technology landscape and business needs are constantly evolving. How does your company's strategy actively encourage MSPs to embrace change and turn it into a strategic advantage?
Our platform is purpose-built to adapt to the ever-changing data compliance landscape, including state-level laws, FTC Safeguards, and IRS 4557, enabling MSPs to seamlessly embrace regulatory shifts as a strategic advantage. By designing our services with flexibility and foresight, we empower MSPs to offer their clients cutting-edge solutions that not only comply with current regulations but are also poised to adapt to future changes, ensuring continuous compliance and security.
What key challenges do MSPs commonly face and how are you helping solve them?
MSPs are often stretched thin, tasked with mastering a broad spectrum of services for their clients, making the evolving and complex landscape of data compliance particularly daunting. We alleviate this challenge by equipping MSPs with tools that simplify compliance management, offering solutions that enable their clients to easily assess and enhance their alignment with various data compliance laws, thereby streamlining the process and reducing the burden on MSPs to stay abreast of every regulatory change.
What sets your solution apart from competitors in the market?
Our product offering distinguishes itself through a unique combination of features: our data inventory tool is meticulously crafted to align with FTC guidelines for data management, setting a new standard for compliance. Additionally, our cybersecurity awareness training utilizes concise, engaging animated videos to maximize learning retention for end-users. Moreover, our simulated phishing platform is innovatively designed to leverage Open-Source Intelligence (OSINT) and engage targets through email, SMS, and phone calls, providing a comprehensive and realistic training experience. This holistic approach ensures that we offer unparalleled value to MSPs and their clients in navigating the complexities of data compliance and cybersecurity education.
Please share a success story or two about how your strategies helped MSPs navigate the growth minefield, turning challenges into opportunities.
One success story that stands out involves a recent phishing campaign conducted on an MSP's client. This particular client had previously utilized various services and boasted a consistently low open rate for phishing campaigns, yet inexplicably suffered regular ransomware attacks from phishing. When the MSP implemented our phishing tools for this client, initial reactions were mixed as the client was dismayed by their staff's nearly 100% open rate.
Our proactive, nearly daily, advance and persistent threat campaign approach yielded tangible results as the frequency of ransomware attacks decreased significantly within an extremely short time. Leveraging an advanced yet familiar phishing attack strategy, we observed a stark improvement in the client's staff awareness. During subsequent real phishing attempts, most of the employees avoided falling victim.
How do you see the MSP industry evolving in the next several years and how is your company preparing for these changes?
We anticipate the MSP industry will increasingly focus on cybersecurity and data compliance services as digital threats and regulatory requirements evolve. In preparation, our company is continuously enhancing our platform's capabilities in data compliance management and cybersecurity training, ensuring MSPs are equipped with forward-looking tools that address both present and future challenges, keeping them ahead in a rapidly changing landscape.
What technological changes/evolution do you expect to see in the coming year and how will those changes impact your business and/or the MSP market?
As we look to the future, our focus is on leveraging custom AI models to enhance our insights into emerging trends, ensuring our offerings remain at the cutting edge of data compliance and cybersecurity. Despite our technological advancements, the human element remains central to our development process, drawing on the unique backgrounds and expertise of our team. Notably, our Co-Founder and Chief Technology Officer brings in-depth research experience from university capstone projects in data compliance, cyber security awareness training, and phishing. Additionally, our Chief Hacking Officer, with a history as one of the world's most wanted hackers, offers unparalleled insights into our focus areas. This blend of innovative technology and exceptional human expertise uniquely positions us to adapt and thrive in the evolving MSP market.
What are you most looking forward to at MSP Expo 2024?
At MSP Expo 2024, we are most looking forward to engaging with industry peers and thought leaders to share insights and explore the latest innovations in the MSP space. It's an invaluable opportunity for us to showcase our advanced solutions in cybersecurity and data compliance, and to foster collaborations that will drive the future of managed services.
What is your session and why is it a must-attend at MSP Expo 2024?
I am involved in several talks. However, the must-see will be our keynote, “Data Compliance History - From Black Hat to Data Compliance Engineer,” at 9:30 a.m. Thursday, February 15, in the Floridian Ballroom, 3rd Floor. My father, a former world’s most wanted hacker, will speak for the first time ever about his experience as a hacker, then leading into my work as a data compliance engineer.
Why are you participating at MSP Expo 2024 and what are you highlighting at your booth?
We are excited to be involved in this vendor neutral show as an exhibitor. We are confident that it will increase our exposure as a new startup. Our booth will be used as a meet and greet location for potential industry partners to connect with us. We have had countless messages already coming in about people excited to meet with us at our booth.
Edited by
Greg Tavarez
