Dave Sobel engages in a thought-provoking conversation with Jon Murchison, CEO of BlackPoint Cyber, about the current state of cybersecurity policies and practices. They discuss the initiatives surrounding "secure by design" and "secure by default," emphasizing the challenges faced by managed IT service providers in implementing these ideals. Jon expresses skepticism about the immediate impact of these policies on the ground level, noting that while they are well-intentioned, they often fall short of practical application in real-world scenarios.The discussion shifts to the dynamics of responsibility and liability within the cybersecurity landscape. Jon highlights the disparity between software vendors and service providers regarding accountability when security breaches occur. He argues that while security providers should be held liable for secure code design and regular penetration testing, the complexities of cybersecurity make it difficult to assign blame definitively. This nuanced perspective underscores the need for a balanced approach to liability that encourages innovation without stifling progress.As the conversation progresses, Jon shares his insights on the Cybersecurity Maturity Model Certification (CMMC) and its potential as a broader standard. He acknowledges the foundational value of existing frameworks like NIST and ISO but critiques their lack of practical guidance for organizations. Jon advocates for a more prescriptive approach that focuses on actionable steps for hardening security measures, rather than vague compliance requirements that can lead to checkbox exercises.Finally, Jon emphasizes the critical importance of identity management in cybersecurity. He explains how threat actors have evolved their tactics, often exploiting legitimate credentials to navigate networks undetected. The episode concludes with Jon discussing the future of posture management and the need for improved security measures around automation, highlighting the ongoing challenges and opportunities in the ever-evolving cybersecurity landscape. Supported by: https://www.coreview.com/msp/
 All our Sponsors:   https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech