MSP Update: What Do the New FinCEN Reporting Requirements Mean for MSPs?

Every MSP is involved in cybersecurity or should be involved in cybersecurity. But the world of managed services involves many other technologies, tools and trends as well.

With that in mind each week MSSP Alert brings you the top headlines from our affiliate site ChannelE2E which focuses on MSP tools, M&A, AI, and other topics of importance to service providers.

This week, we examine the impact of the Corporate Transparency Act reporting procedures on MSPs, and cover increasing email spoofing threats perpetrated by North Korea.

We also hear from Broadcom CEO Hock Tan about how organizations are now wrestling with what he called the three Cs of public cloud PTSD: costs, complexity and compliance. Finally, we cover Safe Security’s appointment of Michael Nagao as the company's new channel.

What the New FinCEN Reporting Requirements Mean for MSPs

In late 2022, the Financial Crimes Enforcement Network (FinCEN) implemented the Corporate Transparency Act’s (CTA) beneficial ownership information (BOI) reporting provisions.

The rule was put in place to address a malicious practice: Illicit actors using shell and front companies to mask their identities and launder money through the United States. This is a national security issue, yes, but it's also detrimental to U.S. economic prosperity because it allows criminals to illegally access and transact in the U.S. economy, while disadvantaging small U.S. businesses who are playing by the rules.

FinCEN's BOI reporting requirements make it harder for illicit actors — like drug traffickers, fraudsters, corrupt actors such as oligarchs and proliferators — to use shell companies to launder their money or hide assets.

To prevent this, all companies with companies with fewer than 20 full time employees or under $5 million in gross receipts or sales that have a physical operating presence in U.S. must submit beneficial owner information by January 1, 2025, said Gib Olander, chief product officer, Northwest Registered Agent.

Read the full story on Channel E2E.

DMARC is a Start, But Email Security Needs Layers of Protection

One of the greatest threats to cybersecurity could be sitting in an email inbox right now in the form of a spoofed email. And traditional email security solutions may not be enough to mitigate the threat.

In May, the National Security Agency (NSA) joined the Federal Bureau of Investigation (FBI) and the U.S. Department of State in releasing a Cybersecurity Advisory (CSA) that stated, "North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts,’ warning organizations about the threat posed by Democratic People’s Republic of Korea (DPRK, aka North Korea) techniques that allow emails to appear to be from legitimate journalists, academics, or other experts in East Asian affairs…”

And in early August, Reddit users noted that Apple Intelligence, a beta feature in the upcoming iOS 18 release that bakes native AI features into the OS including AI summaries in the Mail app, was marking phishing emails as a priority in the Mail app on iOS 18.1 developer beta 1. The AI-powered filter seemingly disregards the sender’s address and only determines an email’s importance by scanning its text. This could be a significant problem if not fixed by the time it's released.

Whether from North Korea or closer to home, if you're an MSP or MSSP and want to decrease the chances that spoofed email makes its way into your — or your customers’ — inboxes in the first place, DMARC can help you do so.

Read the full story on Channel E2E.

VMware Explore: ‘The Future of the Enterprise is Private Cloud and AI’

No, that's not a typo — it really says private cloud. VMware Explore kicked off in Las Vegas this week, and during the opening keynote, Broadcom CEO Hock Tan noted that, a decade ago, organizations "fell in love with the notion of the public cloud." But 10 years later, he said, organizations are now wrestling with what he called the three Cs of public cloud PTSD: costs, complexity and compliance.

"Public Cloud is much more expensive, more so than you ever expected. Complexity — another platform means another extra layer for you to manage. And compliance; you have regulatory policy requirements. It's more complex, it's more expensive and compliance is hard," Tan told attendees.

He said many CIOs are now moving their workloads back on-premises to deal with these three Cs, which represents a huge change, but also a huge opportunity.

"Here's my view," Tan said. "The future of the enterprise is private. Private cloud, private AI fueled by your own private data. It's about staying on-premises and in control. Of course, you'll continue using the public cloud for elastic demand and bursting workloads, but in this hybrid world, the private cloud is now the platform to drive your business and your innovation, and we have work to do to make that happen."

Read the full story on Channel E2E.

Safe Security Names Channel Chief to Pursue $4B TPRM Opportunity

There's a big market opportunity around third-party risk management (TPRM) — $4 billion big, in fact. And earlier this month, Safe Security appointed Michael Nagao as the company's new channel chief to take advantage of that big opportunity.

Nagao, SVP of worldwide channel sales and alliances for Safe Security, told ChannelE2E that his goal for the next 24 months will be to keep the company's channel super simple and make it very easy for partners to go to market with the Safe Security solutions.

"We want to make the go-to-market for partners very easy from an enablement standpoint, and focus on driving strong margins with partners," Nagao said. "We really just want to create an attractive, profitable business line for our partners."

The company's portfolio reflects the shift in industry conversations from technology-focused to identifying, managing and mitigating risk, which also plays a role in helping Safe partners start conversations with customers, Nagao said.

Read the full story on Channel E2E.