ESET’s security experts are on a mission to make the world a better place for MSPs and their clients. That mission starts with 13 global research and development locations that collect and parse massive amounts of data.
As a result, ESET protects over 100 million devices in 200 countries and identifies hundreds of thousands of suspicious files daily. Machine learning models are updated every eight days, driven by vast telemetry.
But ironically, some of the worst downtime events in history have been caused by something as simple as a typo. In his opening keynote, ESET CEO Richard Marko pointed to two recent incidents: a botched config file in 2021 that brought down a huge portion of the internet — including Amazon — and the 2024 CrowdStrike bug that crashed millions of Windows machines worldwide.
“These are just two examples. They weren’t intentional; they happened because of human error [or] negligence. But unfortunately, we face even bigger challenges,” he said.
AI Is Essential but People Still Matter
Jonathan Browning (Left) and Tony Anscombe (Right)
Of the challenges Marko mentioned, AI topped the list. Featured speakers throughout the conference described a new wave of AI-enabled threat tools: deepfake kits, phishing generators, and open-source packages that help attackers profile users, create fake content, and distribute it at scale. These tools are powerful enough to damage trust, confuse populations, and extract money or secrets.
As far as the defensive role of AI in cybersecurity, Marko compared it to a common technology used by mathematicians and scientists: the calculator.
“AI is exceptionally good at dealing with huge amounts of data. That’s something human being just aren’t good at,” he admitted. “We cannot process a million samples, for example, and remember what happened in the first one. We have almost 30 years of experience with it.”
But no matter how great AI is, human expertise is imperative to understand the context of a potential attack and make intelligent remediation steps. “There’s a thin line between malicious code and legitimate code,” he said.
ESET Chief Security Evangelist, Tony Anscombe, echoed that sentiment. “Cybersecurity today is AI-assisted technology, not AI technology. It’s a subtle difference. AI helps, but humans curate and check the models. That’s the important part.”
How ESET Security Helps
Steve Smith, information systems manager of Emerald Coast Utilities Authority in Florida, gave the conference some real-world perspective. His team has relied on ESET for years. Like many event attendees, he has collaborated with MSPs in the past.
From left: Ryan Grant, Jonathan Browning, and Richard Marko
“It’s been the most rock-solid product I’ve worked with for the money,” Smith shared. “I can’t think of another company that delivers what ESET does at this price point.”
Mike Bush agreed. The principal product manager of Microsoft attended the conference because of Microsoft’s key strategic relationship with ESET. In fact, ESET helps scan the content that Microsoft produces or hosts in its marketplaces.
“I’m impressed the event,” Bush shared. “[ESET is] focusing on what the industry is seeing and what we’re all interested in, different technologies that they support, plus what other companies are showcasing.”
Practical Strategies for MSPs
A significant message from the event was that cybersecurity needs to be practical, not theatrical. Just because a particular kind of breach gets significant media coverage, that doesn’t mean it represents the majority of the risk.
“Many of the existing attacks are still quite ordinary. They may use a phishing email, an attachment, a script,” Marko said. “So we need to distinguish between mass-market cyber threats and targeted attacks. If you are one of the many small businesses, you are part of the mass market for malicious code.
“You will want to have some reasonable measures in place; some kind of plan — ideally, a partner you can turn to if something goes wrong. That’s why we are focusing more on the service part, whether through MSP partners or the services we provide directly to clients.”
8 Key Points for MSPs
Here are some key points that MSPs need to focus on:
🔑 Start with Research
“If an MSP really wants to get into security, understanding the current threat landscape is a great starting point. We put out regular threat reports, and our sales engineers show up with summaries MSPs can use to educate clients. It’s about building credibility in your own environment, then extending that trust to the customer.” — Ryan Grant, vice president, NA sales & marketing, ESET
🔑 Address Common Threats
Phishing, BEC, and credential theft are far more frequent than exotic exploits. Focus on the low-hanging fruit like patching, email filtering, and security awareness training. Unpatched systems are a massive risk factor. Yet according to ESET research, 85% of vulnerabilities are unpatched for over 30 days. Nearly half are left unpatched for more than 60 days.
🔑 Deploy Data Backup & Recovery
“If you have a good solution — like ESET — properly deployed, the risk of becoming a ransomware victim is slim. Nothing is perfect, but it’s unlikely. And even if something happens, you need fundamental measures like backups,” — Marko
🔑 Post-execution Defenses
Many companies are seeking products like LiveGuard, which blocks malware after it bypasses traditional defenses. ESET’s team also demonstrated its Ransomware Remediation feature, which was a big hit at the conference. It can auto-restore encrypted files without admin input.
🔑 Managed MDR
According to ESET’s research, companies can only afford about 1 hour per 1,000 endpoints per day to address security incidents. For MSPs short on manpower, ESET’s new MDR service can shoulder the rest of the burden.
🔑 Cyber Insurers May Inadvertently Increase Risk
As insurers move deeper into cybersecurity, some are bypassing MSPs and offering their own MDR services. MSPs should highlight how this kind of consolidation reduces cybersecurity vendor diversity and increases risk. “You build a street with 100 houses using the same alarm. Great. The burglar just keeps coming back night after night. Now, imagine 10 million endpoints.” — Anscombe
🔑 Cybersecurity Awareness is Critical
“Cybersecurity awareness shouldn’t be once a year. It should be continuous, like teaching a kid to use a knife and fork. You do it every meal, not once a year. If a phishing campaign is targeting your industry, you should be pushing training in real time. Tell people what to look for.” — Anscombe
🔑 Reward Good Behavior
MSPs should recognize and celebrate their clients’ cybersecurity efforts to encourage similar good behavior. “One Dutch bank rewards the first person who reports a new phishing email with a box of chocolates. I love that idea.” — Anscombe
A Call to Action for the Channel
Although ESET World is an annual, this year’s event was the first to be held in the U.S. To create a great technology conference, Marko said ESET focused on planning, passion, and human connection. He also emphasized the importance of MSPs in the technology community.
“The MSP concept is very compatible with the way we try to create relationships with our customers,” Marko shared. “You don’t need to be an expert. You need to have a partner you trust because the partner can provide that peace of mind. We cannot be everywhere, so we value our relationships with our MSP partners who relay that trust.”
His comments tied into the event’s central themes. While tools are evolving fast, attackers are too. Collaboration is more important than ever. MSPs must understand and address the most common threats, select tools that are easy to manage, and build key partnerships that bring expertise where it’s needed most.
Learn More
➡️ Dive into the ESET World’s content from Day 1 and Day 2.
➡️ Read about the most important MSP-focused announcements from ESET World 2025.
Images: ESET
