https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


MPOWER 2017 Summit

The Doyle Report: Culture, Not Technology, Is the Key to Surviving a Cybersecurity Breach, Says Top Cyber Sleuth Brian Krebs

  • Written by doylet
  • October 22, 2017
Security expert shares McAfee MPOWER attendees insights on his newfound “Hollywood” celebrity and practical tips that everyone should embrace.

Just a few years ago, Brian Krebs was a little-known cybersecurity writer with a loyal readership of mostly geeks and freaks. Unless you were in the know, you had no reason to read his now world-famous blog, Krebs on Security.

That all changed after the mild-mannered Krebsbroke the story of 2013 Target security breach. Soon thereafter, his career and notoriety soared.

In article after article, Krebs detailed tales of corporate buffoonery and cyber intrigue. The mix was irresistible to “Corporate Joes” and security professionals alike. After outing some cybercriminals, the 14-year veteran of The Washington Post became a target of bad actors around the world. Rather than hide behind his blog, Krebs fought back. He tracked down previously unknown hackers and exposed corporate malfeasance the world over.

Not long after, The New York Times chronicled the various ways some hackers retaliated against him. One guy signed him up to 70,000 different email mailing lists. Another guy tried to ensnarl him in a police bust by sending heroin to his house and calling the cops. When Krebs called the perpetrator out, the hacker sent his wife a bouquet of flowers—the kind you send to funerals. Krebs went after the guy. Krebs identified hacker, tracked him down and helped send him to prison in Italy. Afterwards, Krebs wound up becoming pen pals with the criminal, though hardly friends. (After serving time in Europe, the hacker was extradited to the U.S., where he is now serving time in a prison in Newark, N.J.)

Krebs’ story of cloak and dagger brought him so much acclaim that Sony Pictures bought the rights to The New York Times story about him with the hopes of turning it into a “Jason Bourne”-style film about the cybersecurity world. The mild-mannered Krebs isn’t quite sure what to make of that idea, or the person who created a super fan website devoted to him.

Amid this backdrop, Krebs (pictured left) took the stage at the McAfee MPOWER 2017 Cybersecurity Summit event in Las Vegas. His first order of business during a keynote presentation? Address the question he gets asked most, especially at technology conferences showcasing the latest in cybersecurity software: Why are there so many data breaches today? Krebs believes technology isn’t to blame, but people instead.

“Doing security right has a lot less to do than having the right security tools in place… and a lot more to do with having the right culture,” he says. “The best way to be secure is to assume you are already compromised.”

Sadly, the percent of companies that adopt this mindset is small. Despite the hundreds of stories he’s written on hacks big and small, most companies simply deny that a major breach could happen to them. Krebs likens this thinking to a scene in one of his favorite films, “The Matrix.” In one pivotal scene, the protagonist is told he can take one of two pills, one red, the other blue. The red one, he is told, upends your world but reveals reality; the blue one helps you to ignore the truth. When it comes to cybersecurity, “too many executives essentially take the blue pill,” Krebs says.

Those that “take red” embrace a culture that is equal parts prevention, cure and openness. They assume, in other words, they have been hacked—or soon will be. They routinely conduct drills with “red teams” of engineers that look for vulnerabilities and “blue teams” of security specialists that look to improve defenses. They tell the truth about what they find and mind their Ps and Qs when it comes to upgrades, patches and new threats. They also educate and train their people, which are the cause of nine of every 10 cybersecurity breaches.

“Everyone gets penetration whether or not they are paid for the pleasure,” Krebs jokes.

Regardless of culture, Krebs is troubled by one thing above all else: why it takes some organizations so long to learn they have been breached. He often finds out that a company has been hacked before it does. Krebs is also able to pinpoint organizations that are being less than forthcoming about data breaches to customers, partners and investors. How? By trolling underground web sites where purloined data is put up for sale. (Krebs broke the Target story after comparing stolen credit card data up for sale on the Dark Web to retail store zip codes.)

What irks Krebs is the way everyone from the government to private enterprises to educational institutions and more rely for authentication purposes on static, personal data that has been compromised a thousand times over. “We have no business using this information for authentication, yet it’s still commonplace,” he says. Krebs, for one, moved his personal money from one bank to another after being told that his social security number was the only way the institution would authenticate him.

As for advice to practitioners, Krebs takes a simple, basic approach. He suggests security experts and technology professionals alike embrace the following:

  1. Assume you are compromised
  2. Think beyond compliance to achieve true security
  3. Know your employees even if it means monitoring their behavior
  4. Invest in two-factor authentication for partners and employees, especially on VPNs
  5. Hire and foster more cybersecurity talent
  6. Have regular fire drills to test your technology and, moreover, your business processes
  7. When compromised, secure what you have instead of reflexively adding more of everything, which will increase your attack surface

After sharing his list of practical steps, Krebs was asked what he would do if he found himself working for a customer or partner that didn’t have a proper cybersecurity mindset. “Go find another job,” he says, noting that there are roughly two job vacancies for every one person working in cybersecurity today.

Oh, and the worst breach and response to one ever? Hands down, Equifax, he says.

“It was a different dumpster fire every day,” Krebs says. “The company didn’t care [enough] and didn’t have a proper plan.”

Wise words for those who sell security technology for a living.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Strategy

Related


  • Two cloud-shaped hands shaking among other clouds in the sky.
    IBM Buys Cloud MSP Taos for Expertise in AWS, Azure, Google
    Channel partners will be able to take advantage of the combined companies’ hybrid cloud capabilities.
  • ThinkPad X1 Titanium Yoga
    Lenovo to Ship Its Thinnest ThinkPad Yet with X1 Titanium Yoga
    Lenovo's expanded commercial line includes revamped ThinkBooks and AR glasses.
  • Ransomware and malware
    Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!
    With the right antivirus protection, your customers can better detect and prevent the spread of malware.
  • Pax8 Kicks Off European Expansion with Launch of Pax8 UK
    Cloud distributor Pax8 leverages its recent Wirehive acquisition to launch Pax8 UK.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Tenable Research: Publicly Known Vulnerabilities Increased in 2020
  • McAfee Employees Getting Pink-Slipped in Likely 'Belt-Tightening'
  • Microsoft Launches Surface Pro 7+ for Business, Sold Only via Channel
  • SMBs’ Cybersecurity Risk Awareness Is Rising

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!

January 15, 2021

SMBs’ Cybersecurity Risk Awareness Is Rising

January 13, 2021

Your Cloud Data Is Protected, But Is It Portable?

January 12, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@IBMServices snaps up #MSP Taos for #hybridcloud expertise. dlvr.it/RqggQR https://t.co/Fy3uPDtLNw

January 16, 2021
ChannelFutures

.@LenovoBusiness launches its thinnest #ThinkPad to date @CES, revamped ThinkBooks and #ThinkReality glasses.… twitter.com/i/web/status/1…

January 16, 2021
ChannelFutures

Help your customers mitigate #malware @Tech_Data #cryptolocker #antivirus #ransomware #cybersecurity… twitter.com/i/web/status/1…

January 15, 2021
ChannelFutures

Advantages of the Subscription business model for MSPs and IT Resellers @kaspersky dlvr.it/RqgDJn https://t.co/ay694fudp3

January 15, 2021
ChannelFutures

Cloud #distributor @Pax8 launches in UK with leadership team in place. dlvr.it/RqfJWx https://t.co/RsKDCowM5V

January 15, 2021
ChannelFutures

bit.ly/3oO2vFY twitter.com/Craig_Galbrait…

January 15, 2021
ChannelFutures

The Ultimate MSP Guide to Sales Efficiency @zomentum dlvr.it/Rqc63q https://t.co/rHIVLkR01K

January 15, 2021
ChannelFutures

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools dlvr.it/Rqc62k https://t.co/MQDcIYc7G9

January 15, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X