December 4, 2020
Ransomware is the No.1 cyber threat that businesses of all sizes need to worry about, and more emphasis on cybersecurity services is needed.
Bitdefender’s Jason Eberhardt
Sophos’ Scott Barlow
TBI’s Bryan Reynolds
That’s according to participants in this week’s Channel Evolution Europe Thunderdome that focused on security. Bryan Reynolds, TBI‘s director of sales operations, was the ringmaster. Scott Barlow, Sophos‘ vice president of global MSP, and Jason Eberhardt, Bitdefender‘s vice president of global cloud and MSP, were the contenders.
“With worldwide security spending expected to hit over $130 billion in 2022, it’s clear that there is a demand for this, which translates to opportunity for you,” Reynolds said. “And given the necessity to ramp up remote work, security is definitely on every business leader’s mind. Or at least it should be.”
Gauging Concern About Cybersecurity
When it comes to worrying about cybersecurity, Barlow said customers generally fit into two categories. Many are either worried about it or focused on it because they want to be more proactive.
“Or they’re not worrying about it until they get hit by a threat or by ransomware,” he said. “What we’re seeing is the threat landscape is just constantly evolving. And ransomware attackers are also evolving with their evasion/detection tactics, techniques and procedures.”
At the end of the day, the end-user is the weakest link in cybersecurity, Barlow said. There are cybersecurity services available to address this.
“Oftentimes you really need to focus on the educational aspects, and doing phishing simulations and educating users on what’s a right password to use,” he said. “So there’s a lot of components to that, but ransomware is probably the No. 1 scenario or the No. 1 concern from a cybersecurity standpoint that end-user customers need to worry about.”
Eberhardt uses the house analogy.
“How many access points does it take you to break into someone’s house: a window, a door, a garage?” he said. “It takes one. Now associate those attack vectors with IP addresses. It only takes one IP address. So when you’re an SMB or a midmarket, it doesn’t matter if you have a lot of intellectual property or a lot of data that they’re trying to get from you. They might just be using you as a conduit to attack someone else. So the attack vector and the attack on the smaller businesses in this global world, right now, is getting higher and higher.”
Bad Guys Getting Better
The bad guys are the ones that are getting better, Eberhardt said. And if “we don’t continue to improve our security, it’s just going to get worse and worse.”
“The other thing that we look at that people need to be aware of is centralizing data,” he said. “When you put yourself up on the public cloud and your data in one location, that’s another attack for everybody to go.”
Ransomware for SMBs and MSPs is really high, Eberhardt said. And MSPs are under attack because they offer a “plethora of accounts or people they can attack by attacking one attack vector.”
MSPs’ security acumen is getting stronger, he said.
“One of the things I hate and I know Scott’s going to feel the same way, is when people say good enough security,” Eberhardt said. “That means not good enough security. Now if you take it down another level to free antivirus, you get what you pay for. People don’t understand that you don’t just move your stuff and you’re secure. You need security awareness training. People are the biggest threat. We have to make sure they’re educated on using your systems.”
No Magic Number
Both Barlow and Eberhardt agreed there’s no “magic number” in terms of how much a business should spend on security.
If you’re a small business dealing with compliance regulations, the amount is going to be significant, Barlow said.
“Is it worth paying $20,000, $300,000 on a ransomware attack?” he said. “The chances of you going out of business is significant. Do you want to put that layered defense in?”
Eberhardt said the question of how much to spend is “a little tricky.”
“What I would say is how sensitive is your data?” he said. “How sensitive is your business? If you spend say $100,000 versus spending $1 million. But what would happen if you had to close your doors? Or what would happen if you got sued because of personally identifiable information (PII) got pushed out? How important is your business and if you want to sleep at night? I think the one place you cut is not security.”
Cybersecurity From a Telco?
Barlow and Eberhardt also were asked how they would react to a customer saying they’ll just get their cybersecurity services from…
…a telco rather than a third party. With convergence on the rise, many telcos are starting to incorporate cybersecurity services.
“We’re aware that more and more telcos out there are trying to provide managed threat response, managed endpoint and network security,” Barlow said. “I think the bigger challenge, from a telco standpoint, is they’re all about scale. They want to resell, and I think you get into a small business, a 10-user or 15-user, and it’s all about relationships. The MSPs hold the relationships and hold the keys to the castle. Oftentimes they’re friends, they’ll go out to dinner, they’ll do QBRs or monthly business reviews.”
Eberhardt said buy it from “where it makes sense.”
“Whatever is easy, get security on the system,” he said. “And I agree, you have to be in there with your partners, you have to be friends. They have to be an extension of your family, and you have to care about their business. If you care about their business, they’re going to care about your business, and it’s a working relationship moving forward.”
About the Author(s)
You May Also Like
November's Top 20 Stories: Broadcom-VMware, AI in UCaaS, Google Cloud Shake-UpDec 04, 2023
Digital Transformation 2.0? IT Teams Look Ahead to 2024Dec 05, 2023
Insight-SADA Deal Makes Tony Safoian Richest Man in the ChannelDec 04, 2023
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023