https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


MPOWER 2017 Summit

The Doyle Report: Culture, Not Technology, Is the Key to Surviving a Cybersecurity Breach, Says Top Cyber Sleuth Brian Krebs

  • Written by doylet
  • October 22, 2017
Security expert shares McAfee MPOWER attendees insights on his newfound “Hollywood” celebrity and practical tips that everyone should embrace.

Just a few years ago, Brian Krebs was a little-known cybersecurity writer with a loyal readership of mostly geeks and freaks. Unless you were in the know, you had no reason to read his now world-famous blog, Krebs on Security.

That all changed after the mild-mannered Krebsbroke the story of 2013 Target security breach. Soon thereafter, his career and notoriety soared.

In article after article, Krebs detailed tales of corporate buffoonery and cyber intrigue. The mix was irresistible to “Corporate Joes” and security professionals alike. After outing some cybercriminals, the 14-year veteran of The Washington Post became a target of bad actors around the world. Rather than hide behind his blog, Krebs fought back. He tracked down previously unknown hackers and exposed corporate malfeasance the world over.

Not long after, The New York Times chronicled the various ways some hackers retaliated against him. One guy signed him up to 70,000 different email mailing lists. Another guy tried to ensnarl him in a police bust by sending heroin to his house and calling the cops. When Krebs called the perpetrator out, the hacker sent his wife a bouquet of flowers—the kind you send to funerals. Krebs went after the guy. Krebs identified hacker, tracked him down and helped send him to prison in Italy. Afterwards, Krebs wound up becoming pen pals with the criminal, though hardly friends. (After serving time in Europe, the hacker was extradited to the U.S., where he is now serving time in a prison in Newark, N.J.)

Krebs’ story of cloak and dagger brought him so much acclaim that Sony Pictures bought the rights to The New York Times story about him with the hopes of turning it into a “Jason Bourne”-style film about the cybersecurity world. The mild-mannered Krebs isn’t quite sure what to make of that idea, or the person who created a super fan website devoted to him.

Amid this backdrop, Krebs (pictured left) took the stage at the McAfee MPOWER 2017 Cybersecurity Summit event in Las Vegas. His first order of business during a keynote presentation? Address the question he gets asked most, especially at technology conferences showcasing the latest in cybersecurity software: Why are there so many data breaches today? Krebs believes technology isn’t to blame, but people instead.

“Doing security right has a lot less to do than having the right security tools in place… and a lot more to do with having the right culture,” he says. “The best way to be secure is to assume you are already compromised.”

Sadly, the percent of companies that adopt this mindset is small. Despite the hundreds of stories he’s written on hacks big and small, most companies simply deny that a major breach could happen to them. Krebs likens this thinking to a scene in one of his favorite films, “The Matrix.” In one pivotal scene, the protagonist is told he can take one of two pills, one red, the other blue. The red one, he is told, upends your world but reveals reality; the blue one helps you to ignore the truth. When it comes to cybersecurity, “too many executives essentially take the blue pill,” Krebs says.

Those that “take red” embrace a culture that is equal parts prevention, cure and openness. They assume, in other words, they have been hacked—or soon will be. They routinely conduct drills with “red teams” of engineers that look for vulnerabilities and “blue teams” of security specialists that look to improve defenses. They tell the truth about what they find and mind their Ps and Qs when it comes to upgrades, patches and new threats. They also educate and train their people, which are the cause of nine of every 10 cybersecurity breaches.

“Everyone gets penetration whether or not they are paid for the pleasure,” Krebs jokes.

Regardless of culture, Krebs is troubled by one thing above all else: why it takes some organizations so long to learn they have been breached. He often finds out that a company has been hacked before it does. Krebs is also able to pinpoint organizations that are being less than forthcoming about data breaches to customers, partners and investors. How? By trolling underground web sites where purloined data is put up for sale. (Krebs broke the Target story after comparing stolen credit card data up for sale on the Dark Web to retail store zip codes.)

What irks Krebs is the way everyone from the government to private enterprises to educational institutions and more rely for authentication purposes on static, personal data that has been compromised a thousand times over. “We have no business using this information for authentication, yet it’s still commonplace,” he says. Krebs, for one, moved his personal money from one bank to another after being told that his social security number was the only way the institution would authenticate him.

As for advice to practitioners, Krebs takes a simple, basic approach. He suggests security experts and technology professionals alike embrace the following:

  1. Assume you are compromised
  2. Think beyond compliance to achieve true security
  3. Know your employees even if it means monitoring their behavior
  4. Invest in two-factor authentication for partners and employees, especially on VPNs
  5. Hire and foster more cybersecurity talent
  6. Have regular fire drills to test your technology and, moreover, your business processes
  7. When compromised, secure what you have instead of reflexively adding more of everything, which will increase your attack surface

After sharing his list of practical steps, Krebs was asked what he would do if he found himself working for a customer or partner that didn’t have a proper cybersecurity mindset. “Go find another job,” he says, noting that there are roughly two job vacancies for every one person working in cybersecurity today.

Oh, and the worst breach and response to one ever? Hands down, Equifax, he says.

“It was a different dumpster fire every day,” Krebs says. “The company didn’t care [enough] and didn’t have a proper plan.”

Wise words for those who sell security technology for a living.

Tags: Agents Cloud Service Providers MSPs VARs/SIs Security Strategy

Most Recent


  • Seattle
    Microsoft Job Cuts Hit Hundreds More Workers in Seattle Area
    In January, Microsoft initiated a plan to shed about 10,000 workers.
  • boxing gloves
    Channel Conflict, Controversy: Avaya Bankruptcy, Mass Layoffs, High-Profile Execs Depart
    There's always something to buzz about in the channel.
  • Celebrating millionaire geezer
    AT&T Alliance Channel Awards: Telarus Wins, Avant Rises, Intelisys Slides
    TD Synnex was among the partners joining this awards list for the first time. See who else earned accolades from the carrier.
  • Cisco African American Partner Community Eyes Hiring, HBCU Opportunities
    Cisco is working with 14 Black-owned partner firms in a "high-touch" manner to invest in their growth.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Paying ransomware
    Feds Seize Most of Ransom Paid in Colonial Pipeline Ransomware Attack
  • IPO
    6 Things to Know About the Upcoming SentinelOne IPO
  • Acquisition fish eating little fish
    Deloitte Joins Cloud Cybersecurity Craze with CloudQuest Purchase
  • Qualys Philippe Courtot Obit
    Security Industry Mourns Death of 'Pioneer' Philippe Courtot

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Channel Conflict, Controversy: Avaya Bankruptcy, Mass Layoffs, High-Profile Execs Depart

March 28, 2023

Cisco African American Partner Community Eyes Hiring, HBCU Opportunities

March 28, 2023

National Women’s History Month: Channel Women Recall ‘the Best Thing’

March 28, 2023

Industry Perspectives

View all

Why You Should Include Audiovisual Solutions in Your UC Services

March 28, 2023

Selling Your MSP: Strategic vs. Financial Buyers

March 22, 2023

10 Strategic Smart Enterprise Drivers for 2023

March 16, 2023

Webinars

View all

Give Customers the Power: How MSPs Can Leverage Cloud Choice

April 4, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 121: Hewlett Packard Enterprise

Aryaka ‘Driving Value to the Channel Community’ with Throttle

March 24, 2023

Real-Life M&A: Advice for a Successful Channel Deal

March 13, 2023

Coffee with Craig and James Episode 120: Ronnell Richards

March 3, 2023

Twitter

ChannelFutures

“Every decade a new technology emerges that is truly disruptive.”-- #AI sentiments from @RingCentral @Microsoft… twitter.com/i/web/status/1…

March 29, 2023
ChannelFutures

Check out this edition of Channel Futures TV! Glen Lomond discusses @HitachiVantara's approach to as-a-service of… twitter.com/i/web/status/1…

March 28, 2023
ChannelFutures

.@Microsoft #layoffs target more workers in Seattle area. dlvr.it/SldRzg https://t.co/DGtDBBU4m0

March 28, 2023
ChannelFutures

[email protected] buys 5 MSPs to expand geographic footprint dlvr.it/SldPyq https://t.co/GnewmOXRch

March 28, 2023
ChannelFutures

.@Lacework announces partner program updates, new #MSP program. #security dlvr.it/SldP9H https://t.co/hUKTOYgoY3

March 28, 2023
ChannelFutures

Learn how MSPs can generate new revenue streams with audiovisual solutions. @shure #ucservices #channelpartners… twitter.com/i/web/status/1…

March 28, 2023
ChannelFutures

⭐ 2023 #ChannelInfluencer spotlight: @andrewsage from @Cisco! Congratulations on this incredible honor from your pe… twitter.com/i/web/status/1…

March 28, 2023
ChannelFutures

The latest @ATTPartners awards give a nice glimpse of how M&A is shaping partner hierarchies.… twitter.com/i/web/status/1…

March 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X