Not much to say Yahoo about in security lately, but at least partners have some object lessons.

Lorna Garey

September 26, 2016

5 Min Read
Internet security

Lorna GareyI spoke last week with Tracy Holtz, director of product marketing for Tech Data’s four-month-old security and information management unit, to see how the business is progressing. Holtz says she’s been busy tracking M&A activity – particularly equity firms taking stakes in security companies – as well as consolidation among partners looking to build security practices.

One area of focus is onboarding new security vendors, a challenge given the volume of startups in that realm and the difficulty of hiring security experts to help with partner education and enablement.

“On a weekly basis I’m on those calls, helping to educate them,” says Holtz. “A lot of our internal investment around VARs has been in education, providing them playbooks, talking about threat landscape, the most critical risk.”

As to what is worrying Tech Data partners, Holtz says it’s largely customer end users, and the distributor is bringing new technologies onto its line card that she says it would not historically have partnered with to help address that. An announcement on security awareness is pending.

“With social engineering and the users just clicking on things — there’s an opportunity there,” she says. “It’s amazing how, with many threats, the entry points are at the user level.”

Holtz says in testing she’s seen a 75 percent success rate for phishing attacks.

“They’re getting very creative and very targeted,” she said. “That’s why I think end-user training is so critical.” And, education has to be daily or at least on a regular cadence, because attackers are constantly evolving their methods.

“There was just a threat last week targeting tech support,” she says.

There’s no doubt it’s an exciting time to be tracking security startups: Holtz says there were almost 400 vendors on the RSA show floor, with SIEM, remediation, analytics and security awareness hot sectors. Many hot new providers are building channel strategies.

Oh, and she says Intel’s recent McAfee announcement hasn’t rattled partners.

“We haven’t seen much concern at all,” she says. “We’re excited to see where they’re going from a product and technology road map.”

Uh, Yahoo?

The big security news this past week was Yahoo’s announcement that at least 500 million user accounts were hacked in late 2014 by what it says is a state-sponsored actor. Compromised information includes names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers. The company is notifying potentially affected users says it has taken steps to secure accounts, including invalidating unencrypted security questions and answers and asking users to change their passwords.

Even if you no longer use Yahoo but are still employing the same passwords you did in 2014, time for a change. You can find additional information here. For partners, perhaps the most impactful facet of this breach may be proof that security professionals who warn that attacks can remain undetected for years are absolutely right.

Vertical Watch: FinServ & SLED

Most banks have yet to deploy biometric ATM authentication, but that hasn’t stopped cybercriminals from exploring ways to defeat the technology. Kaspersky Lab says that there are already a dozen sellers offering skimmers capable of stealing fingerprints. And, research is underway on how to defeat palm vein and iris recognition systems.

There are two factors to consider when using a fingerprint or other biometric data for authentication. First, you can change a password or PIN code. That’s not so simple with an iris. Second, a fingerprint is physical evidence and thus can be compelled by law enforcement, unlike a code.

You can see a biometric skimmer in action here. Financial-services customers considering adopting biometrics may want to offer customers the option to stick with their PINs.

Meanwhile, TripWire has released a survey showing that 88 percent of state and local government IT professionals are concerned about cyberattacks targeting critical city infrastructure. In addition, 78 percent of respondents say they expect a cyberattack against “smart city” services by year’s end. They’re referring to things like smart grids and surveillance cameras, a market that Navigant Research says will be worth $36.8 billion in 2016.

Partners need to help public-sector customers bake in security from the ground up when launching smart city initiatives.

“While smart cities offer great efficiencies for their citizens, the same internet connectivity that enables these efficiencies can be used to deliver physical damage to infrastructure and also cause loss of life if accessed by malicious actors,” said Rekha Shenoy, vice president and general manager of industrial cybersecurity for Belden, Tripwire’s parent company, in a statement.

IoT Under Attack

One way criminals target smart cities is through insecure IoT devices. Symantec just released new research on how lax Internet of Things security is contributing to DDoS attacks, like the record-setting distributed denial-of-service attack that hit respected security journalist Brian Krebs this week.

Krebs’ post on that incident and its implications is well worth a read.

Symantec’s Security Response team points out that consumer and embedded devices such as web servers, routers, modems, network-attached storage devices, closed-circuit television systems and industrial control systems are being pulled into botnets and being used to help carry out DDoS attacks for profit.

Symantec says IoT devices are prime targets because they are designed to be plugged in and forgotten after basic set-up. And, the most common passwords IoT malware used to attempt to log in to IoT devices was the combination of “root” and “admin” — proof that default passwords are frequently left unchanged.

Tips on what channel partners can do to help customers develop a plan for avoiding and mitigating DDoS attacks are available in our free report.

Don’t Worry, Be Plugged In

Trend Micro just announced its Worry-Free Services plug-in for the ConnectWise LabTech remote monitoring and management solution. The plug-in, available now for free to Trend Micro MSP Partners through the LabTech Solution Center, will enable partners to integrate their RMM and professional services automation systems. It can also help MSPs discover unprotected devices and deploy protection quickly and perform scans and updates directly within the LabTech console.

I’ll be on the road next week, first at Splunk.conf in Orlando and then back in Boston for Continuum Navigate. If you’re attending, DM me at @LornaGarey on Twitter.

Read more about:

Agents

About the Author(s)

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like