Free Newsletters for the Channel
Register for Your Free Newsletter Now
“I’ve never seen cybercrime as bad as it is right now,” Theresa Payton said at Tuesday’s CompTIA ChannelCon event.
August 3, 2021
COMPTIA CHANNELCON — Cybercrime is going nowhere. In fact, it will only rise in frequency and damage — the latter to the tune of $10.5 trillion each year by 2025, according to Cybersecurity Ventures. Small and medium businesses, notorious for not wanting to spend on cybersecurity, remain in perhaps the most vulnerable position to breaches. A lax approach can lead to a tarnished reputation, unhappy employees, or to going out of business altogether. Now is the time, says Theresa Payton, to help SMB customers build stronger cyber protections that combat cybercrime.
Payton, president and CEO of Fortalice Solutions, and co-founder of Dark Cubed, was the keynote speaker at Tuesday’s annual ChannelCon event, presented by CompTIA, held virtually this year. (Payton, as you may know, also worked as the first female White House CIO during the George W. Bush Administration.)
As Payton noted, SMBs remain reluctant to spend on cybersecurity because that money takes away from outlay on critical efforts such as R&D. But managed service providers, VARs, consultants, agents and other channel partners must find ways to combat this mindset. After all, in 2021, ransomware alone will hit a business every 11 seconds for a total of 31.5 million attacks (numbers from Cybersecurity Ventures again).
Payton said the big key is focusing on human-centered design. In other words, come up with strategies to entice people into participating in security. Maybe the answer is chocolate. Maybe it’s gift cards. Whatever it is, it must reach your clients’ employees and resonate with them. Consider that email stands out as the No. 1 method cybercriminals use to hack into a business. Consider, too, that someone who wants to get into hacking only has to pay $1 in startup fees, Payton said. (That stat comes from 2019 Cisco/Cybersecurity Ventures report.) SMBs should be on high alert.
Fortalice Solutions’ Theresa Payton
“I’ve never seen cybercrime as bad as it is right now,” Payton said. However, she added, she has “a lot of optimism” that industry – vendors, partners, researchers, etc. – will close the gap.
One method for thwarting cybercrime lies in making data harder for hackers to access. This is not a new concept, but it bears repeating. To that end, Payton first suggests segmenting data. SMBs could have non-public-facing website domains that house certain information, for instance. They could also keep different pieces of data in different clouds or containers. (Speaking of clouds, no, the vendors themselves do not deliver all the security end users need. This is where the channel comes into play.)
Second, implement airtight identity and access controls.
“Zero trust should be no trust,” Payton said.
Also, help customers to know when they should go offline. Payton called this the “kill switch/shields-up” moment.
Next, conduct threat hunting on your clients’ behalf. Scan traffic, enter email addresses into LeakPeek and take on other security-centric activities that uncover any surveillance someone may have put on your customers.
Finally, talk with SMBs about the sneaky tactics cybercriminals use to infiltrate businesses. Those include clickbait; fake personas, companies and ads; chatbots disguised as humans; and deep fakes and artificial intelligence. Each of these methods can lure in even a seasoned pro. But designing for the human and implementing Payton’s other recommendations should go a long way toward preventing problems.
In terms of what’s coming next, Payton put forth no Pollyanna-esque predictions. By the end of 2022, she expects extended reality (augmented, virtual) will be hacked, even biometrically. This stands to compromise a victim’s entire life. Again, microsegment data, Payton said. No one can fully prevent attacks but it is possible to make things harder for hackers.
Payton further forecasts criminals will successfully hack into a bank. They will then set up AI chatbots on social media that create concern and urgency among the public. In a rush to talk to humans, people will …
… encounter longer wait times. From there, people will try to access their money, fearing it will disappear, creating a mini-run.
“Banks are already thinking about how to come back from that,” Payton said.
Her final prediction surrounded AI. AI will drive misinformation campaigns, free of human intervention, that could target industries, companies or individuals.
Overall, cybercriminals will keep looking for opportunities, especially easy ones. Companies and channel partners on the front lines have to communicate, Payton said.
“Sharing for the greater good is going to help us accelerate our offensive and defensive mitigating controls that we need to implement,” she said. “Information sharing has been kind of like the holy grail … but sharing true actionable intelligence … is still part of that holy grail that we’re all searching for.”
Meantime, channel partners shouldn’t necessarily expect to lean on cyber insurance should a hack result in a ransom demand or other damage. Cyber insurance, while “critical and vital,” still isn’t fully mature yet, Payton said. In fact, she called on the cyber insurance industry to look inward “and think very differently.” For example, too many insurance companies recommend clients pay the ransom because it’s the cheaper option. But that ransom actually could be funding terrorism or human trafficking, Payton pointed out.
In terms of the most at-risk sectors, that changes depending on what’s happening around the globe, Payton said. Right now, health care, energy, transportation and financial services represent four critical areas to protect from cybercriminals.
Read more about:MSPs
Contributing Editor, Channel Futures
Kelly Teal has more than 20 years’ experience as a journalist, editor and analyst, with longtime expertise in the indirect channel. She worked on the Channel Partners magazine staff for 11 years. Kelly now is principal of Kreativ Energy LLC.
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024