97% of MSPs Still Use Excel. Here’s the Risk – With Kevin Lancaster – Source: heimdalsecurity.com

Too many vendors, too little time, and more logins than you can count. Sound familiar? Our guest today is Kevin Lancaster, an advisor, investor, and founder of Channel Program, a platform that gives MSPs and vendors the data they need to make smarter, faster decisions.

Kevin’s been on every side of this industry, from building one of the fastest-growing cybersecurity companies to now tracking real-time product trends across thousands of MSPs.

It’s a practical, no-fluff conversation packed with insights. That could save your business serious time and money. But first, let’s kick things off with today’s Threat Briefing. Adam, take it away.

Threat briefing with Adam Pilton

Adam Pilton: Thanks, Jacob.

Imagine this scenario. Your client is on a packed train. An innocent-looking iCloud photo link is delivered to their phone. Your client never even taps it. The preview engine fires. A zero-click exploit lands, spyware installs, and suddenly their phone is a gift route for an attacker. In this week’s threat brief, I’ll show you exactly how that happens.

Here’s this episode’s threat brief.

Paragon’s Graphite spyware

Cyber criminals are shipping Paragon’s Graphite spyware. They target any Apple device that hasn’t installed the latest patches.

CVE-2025-43200 is a zero click message floor triggered the moment an iCloud link preview is rendered. Apple admits it’s been exploited in the wild.

CISA has published it into the Known Exploited Vulnerabilities catalog and federal agencies must pass by the 7th of July.

So, how does the attack unfold?

Well, attackers send an iCloud photo link to the victim. Because Apple devices auto generate previews, the target never needs to click the link. The message framework processes the media and hits the logic floor, and this opens the door.

This achieves the delivery of the spyware without any interaction from the target in what is called a zero click attack, and crucially, without producing any visible signs to alert the victim. Once active, the spyware contacts a command-and-control server to receive further instructions. Analysis of forensic evidence by Citizen Lab confirms with high confidence that two journalists were targeted with Paragon’s Graphite spyware.

Apple have confirmed this issue was addressed in a security update in iOS 18.3.1. So, here’s what you need to do

• Force update every supervised iOS, iPad OS, watch OS and MAC OS device to Apple’s latest version.
• Quarantine any stragglers by stripping corporate mail and VPN profiles until they patch.
• Monitor network traffic and look for devices fetching iCloud photo link previews.

Those normally resolve to big ever changing apple IP ranges, but any single IP virtual private server hosts should raise a red flag and disable messages on shared or kiosk iPads through MDM.

Those devices don’t need chat, so remove the risk entirely. Cyber criminals aren’t hacking in, they’re being previewed in.

Lock the US version floor and tighten your mobile trust controls. Stay sharp. Catch you in the next brief. Back to you, Jacob.

Jacob Hazelbaker: Kevin Lancaster. Thank you for your time today, sir.

Kevin Lancaster: Oh, no. Thank you. I appreciate it. Thanks for the invite.

H: So, we have something in common, our focus on helping MSPs, and that seems to be one of the things you’re really, really good at over the many years of your professional experience.

I’ve just been really impressed by your journey in the MSP and cybersecurity space. From building and exiting companies, to launching channel program. What problems were you solving when you started channel program?

L: Think about it from an MSP standpoint. You know, most of them are small, less than $2 million in revenue operator owners.

They’re looking for new solutions. They’re trying to run their business. And at the same time, all these vendors that have great, amazing technologies, find it extremely challenging to get in front of these business owners and market to them, because it is so large and fragmented. And so, I think the initial kind of concept was “Is there a way to build a kind of a home base for both sides of the marketplace where MSPs could come in, find technologies, share their experience with some of the vendors, good, bad, or indifferent and then visualize their technology stack?

And at the same time, we create a home or a hub for the vendors that have something innovative and great to say but who are having a hard time getting out to the marketplace. That was kind of the initial premise. It’s like, let’s build this kind of two-sided marketplace and just try to take some of the friction out of this market.

H: It’s hard for people to know what to look for. If they don’t even know the name of it or if they don’t even know they need it. It was really interesting you said you helped them identify pieces of their cybersecurity stack, for example, they might need to look into.

L: Yeah. It’s funny just how wide the tool set is. I think if you look on the platform, we have product reviews that cover roughly 300 core products and services that an MSP would use. I mean, it’s just, it’s staggering, right? I mean, 300 different types of solutions.

And we know from the data that roughly 30% of an MSP stack is cybersecurity. And that’s growing, you know, probably by a percent or two every quarter just because of how pervasive and how serious the threats are these days.

H: So now you got me curious, ’cause I’ve heard you speak a little bit in the past about the concept of tool sprawl and MSPs having dozens of cybersecurity tools. From your experience and what you’ve seen, why has this become such a big issue and what risk does it pose to MSPs?

L: Yeah, that’s another great question. When we talk about tool sprawl and fatigue to your point, right? I mean, most of this marketplace, by a lot of estimates it’s 80% or less than $2 million in revenue of their owner operators. They’re overwhelmed, right?

Because they are the technicians, they’re jumping in and helping out with support. They’re trying to grow the business. They’re trying to learn how to sell and market.

And then you know, technology’s moving at warp speed. And then they’ve got that new dynamic of AI.

So, the sprawl is real. And that’s, again, one of the reasons why we launched NaviStack. It’s this basically free tool.

It was like, alright. You go in and just start to see what the redundancies are within your stacks. What are the gaps?

And then in exchange, what we’ll do is we’ll publish reports to help you, you know, make better decisions about your technology and your stack moving forward. So, yeah, this concept of sprawling fatigue is just overwhelming. It’s overwhelming on the smaller side of the market.

Speaking with a PE-backed MSP that’s rolled up 20, 22, 23 different other MSPs and their core stack, and their subscriptions, I think there were just over a thousand unique subscriptions with their vendors. And you try managing that on an Excel spreadsheet, right?

I mean, it’s just chaos.

H: That would be brutal. So, for MSPs looking to clean up their stack a little bit, simplify their lives, cut through some of the noise, what are your top three recommendations?

L: I think first thing is just you gotta get a grasp on what you have and what the redundancies are. It’s operational maturity. You look at the supply chain risk in compliance.

I think compliance is certainly an area that’s gonna start impacting just about every single MSP. Not just the ones that are with regulated customers, whether they’re law firms or financial firms or whatever. I think you’re gonna start to see a lot more top down.

At least in the States, some nationwide legislation that’s gonna put the onus on the MSP to really understand their supply chain and their stack in general.

I think those are some of the things that MSSPs should be thinking about. Operational maturity, some of the compliance risks associated with it.

Let’s face it. A lot of these services that the MSPs are offering are getting commoditized. They are significantly commoditized. And one of the ways you can combat that in near term is looking at the platforms and looking at ways to get a better grasp on your kit cost.

And then again, you’ll have that dynamic of AI coming in and really helping to automate. And I know you guys have built a lot of that stuff into your platform. I think there’s some tremendous opportunities right now for MSPs to take a pause, look at their stack, look at their costs, look at their kit, look at their internal maturity, and make some pretty serious decisions. Because the market’s gonna evolve so fast coming up.

H: Yeah, I agree. And I’m super excited to see how it does over the years.

I think you’re in a good position to have some insight into what kind of trends are starting to emerge already among MSPs since you have so many thousands of people who use your platform, who are themselves MSP owners, or work for an MSP.

So, what does the data from your side, from what you’ve seen, tell you about the average MSP stack? What kind of trends do you already see emerging among them?

L: So, I put out a little blurb about 10 months ago out on LinkedIn that said that Privileged Access Management has basically replaced the PSA in the top three products that are used by MSPs.

What’s interesting is that you’ve got BCDR right now out in front. You got Password Management, RMM Antivirus, cloud backup. And then you get into MFA email security, EDR, and down below that you got firewalls, networking, you know, phishing, security awareness training, Identity Access Management.

But yeah, if you would’ve looked at this 12 months ago, categorically different.

Your legacy tools were this kind of the top 10, if you were dominated by PSA and help desk, right? Maybe some workflow automation. I think that was in the top 10. Now it’s clearly consolidating around access control and identity.

I think because the AI attacks are becoming so sophisticated and so persistent, I think that’s why you’re seeing EDR and MDR starting to move up to stack. You know, it was moving fast and it was healthy this time last year. You’re in the top twenties.

But certainly from an EDR standpoint that’s moved up, quite a bit, to crack the top 10. So, there’s growth markets.

We had a really interesting persistent AI attack on our network about a month ago.

And in the past, you know, having been in this space, you would see folks that would test the network and then maybe they’re persistent for about 12 hours, 18 hours or whatever.

But with these new AI tools and the ability to hop attack vectors and try new things midstream and do it persistently, not just for 18 hours, but do it for like 18 days straight, that’s what this market’s up against.

That’s what everybody’s up against. And so that’s what I think one of the main reasons why security is moving so fast up the chain. I think everyone’s just waking up to a fire in a crowded theater.

The reality is that this AI paradigm is persistent, is nasty, and if you’re not on top of it with these tools, then you’re gonna be in a world of hurt.

H: I unfortunately have to agree. I love AI. It’s one of my passions in my professional life.

Given that, what are some of the most common inefficiencies MSPs overlook when building their security practice?

L: First thing first is, again, you gotta get on top of what you have. And we do this thing when we are out at events.

We ask a couple of questions. First thing we ask is “how do you manage your stack?”

And darn, if it isn’t like 97% of the MSPs that we speak with say they manage their stack in an Excel spreadsheet.

You know?

Going back to that example of that large PE-backed MSPs that are well funded and rolling up MSPs and that have you think they have a little bit more savvy sophistication. But, yeah. I mean, you know, 97% of the marketplace is managing their technologies in an Excel spreadsheet.

We kind of start out with the premise that you gotta do away with it. You gotta move beyond the spreadsheet and get a grasp of these redundancies and become more efficient where you can

H: If we were to look into our magic ball into the future and try to anticipate what’s ahead of us what technologies or approaches do you think will define the next generation of successful MSPs? The ones that would really succeed in the future? What technologies or approaches do you think will define them?

L: Ultimately, I think the platform vendors are gonna be the ones that come out ahead of everybody else.

AI is gonna make some of these product categories completely obsolete probably as soon as the next 12 – 18 months.

Again, it’s a commoditization, right? I mean, if a perfect example is when, you know, we launched Dark Web ID with 2015 2016. Nobody was talking about it.

Now it’s integrated into just about every product that’s out there, right?

So. That’s one example of commoditization.

But I think what AI’s gonna do is it’s gonna take the heavy lift off a lot of the tools, the operational tools that the MSPs are using.

And I think that’s gonna be a tremendous boon for the MSPs in the short term because it’s gonna allow them to look at their overall margins and their overall staffing structure and look how to be a lot more profitable.

I think this rapid proliferation of AI into every single product is gonna make it pretty challenging. I think the vendors that are leaning into it and thinkin not just how they integrate AI into a ticketing engine, but how do they actually operationalize AI to not let their product become obsolete, I think those are gonna be the ones that will succeede.

They’re doing it now. They’re really putting a lot of time and effort and energy into it. I think it’s gonna be pretty disruptive and I think it’s gonna force the hands of a lot of the single product companies to think

is this a long-term viable strategy for us, or do we have to kinda join forces or really think about the platform play?

And I think AI is gonna be one of the ways that you get there a heck of a lot faster.

75% of the overall value or utility of an MSP is gonna evaporate over the next 18 months because AI is just gonna automate the heck out of everything.

So, that’s a good thing in the short term, but it’s a scary thing in the long term. Right?

Because it’s like, what do we do at that point? If 75% of our value is completely automated, how do we charge the prices that we’re charging today? How do we not get fully commoditized and how do we not reduce our price points by 75%?

As the market starts to settle down and price points start to drive down. So, there’s a lot of things to think about. It’s exciting times, but it’s definitely scary.

The MSP Hotseat

H: Yeah, it’s, it’s moving very quickly.

I saved the best question for last as I like to do this question is actually from an MSP.

I’m an MSP buried in dashboards and alerts. What’s the one metric I should track daily to know if my security stack is really working?

L: I look at technician burnout.

I think that’s where we see a lot of the friction, right? It’s the human element of this. In the short term, I think that the burnout is real. Especially when you’re pushing forward with automation, having to learn automation, how to learn efficiency.

I think as much as we wanna automate and make this a complete hands off business. There still is the human element.

If you’re able to still foster a great environment, and you have people engaged and not overwhelmed and burnt out, then I think that lends to a healthy business. I know that’s not the most probably conventional response, as far as a KPI or metric, but that’s one thing that we look at.

This marketplace is moving exceptionally fast and at the end of the day, these are still people, businesses, as much as we wanna automate and trust in the powers of AI.

You know people do business with people and I think first and foremost, you gotta make sure your team is taken care of. Beyond that I dunno if anything else really matters.

H: Yeah, I agree. Agent fatigue and technician fatigue are all too real these days.

L: That’s it. Yep. You’re right.

H: Kevin Lancaster, it was really fun chatting with you. I deeply enjoyed his conversation, and thank you so much for your time today.

L: Oh, it was awesome, Jacob. Thank you so much.

Wrap up

I really enjoyed today’s conversation with Kevin Lancaster. I hope you did as well. Some of the things he said really surprised me.

For example, how many MSPs are still struggling with old manual ways of managing things, of keeping track of information.

Like working with Excel sheets to keep track of things with their customers instead of working with more modern solutions. Like channel program offers.

But I know MSPs are extremely busy and so it’s a lot to juggle. And that’s the second thing that really shocked me was I didn’t realize to what extent MSPs are having to learn about the huge plethora of different products out there. I knew it was a lot from the cybersecurity space.

What I didn’t realize was all the other things outside of cybersecurity and integrated with it that MSPs are having to learn about.

And it’s hard for them to know how does it compare and contrast, especially as vendors update their products over the years. Because products change over time.

The other piece I thought was really fascinating chatting with Kevin about was he has extremely good view of the huge array of products.

MSP’s needs all the different software as a service that they require, and from his view, one of the trends he identified was AI automation becoming increasingly used by MSPs and increasingly necessary for them to stay competitive.

Not only do MSPs need AI automation to help simplify their life, for example, with their cybersecurity stack, providing more insights, AI protecting against AI, but also helping their customers, be it a dentist office, for example.

Maybe they want their customers to know how they themselves could grow their business, grow revenue, and compete with other dentist offices by using some of these more modern technologies that have AI integrated with it.

That’s a wrap on this episode of MSP Security Playbook.

Thanks for spending part of your day with us. If you found today’s insights helpful, be sure to follow the show on your favorite podcast platform and leave us a review. It helps other MSPs find the playbook and level up their security game.

Got a question you want us to tackle in the MSP hot seat or a topic you’d like to hear more about? Drop us a line.

We’d love to hear from you. Until next time, stay sharp, stay secure, and keep building the future of your MSP business.