Well, in this instance I would argue that the current state of affairs also completely disadvantages startups and small businesses.
Kaseya has a whole portfolio of services marketed to small, medium and startup business (as well as larger) that their customers bought in order to enable them to leverage this business model in the first place. They've since burned countless providers, torching their relationship with customers, shutting down countless businesses of all sizes all across the planet. What is the cost to them of this? Worst case scenario, they fold and change the sign. The people in charge of not screwing up will be snatched from doom by their network. I would hope they do better next time, but why would that be any more likely than just another over par round of golf?
I definitely agree that it is not easy to asses the security risk of small businesses in a cost effective way for insurance companies or to develop some kind of regulatory structure.
The alternative to not doing this is accepting this unstable chaos-monkey in perpetuity. If there is no business requirement for effective controls, there wont be any.
Kaseya's people can walk and start another tire fire and surely everyone else will sweep up and move on, but these problems are everybody's problems. There is no IT infrastructure that does not require effective controls.
If we don't improve this problem, things are gonna get weird.
Kaseya has a whole portfolio of services marketed to small, medium and startup business (as well as larger) that their customers bought in order to enable them to leverage this business model in the first place. They've since burned countless providers, torching their relationship with customers, shutting down countless businesses of all sizes all across the planet. What is the cost to them of this? Worst case scenario, they fold and change the sign. The people in charge of not screwing up will be snatched from doom by their network. I would hope they do better next time, but why would that be any more likely than just another over par round of golf?
I definitely agree that it is not easy to asses the security risk of small businesses in a cost effective way for insurance companies or to develop some kind of regulatory structure.
The alternative to not doing this is accepting this unstable chaos-monkey in perpetuity. If there is no business requirement for effective controls, there wont be any.
Kaseya's people can walk and start another tire fire and surely everyone else will sweep up and move on, but these problems are everybody's problems. There is no IT infrastructure that does not require effective controls.
If we don't improve this problem, things are gonna get weird.