Xpert Commentary: On the Eve of RSA 2017, A Perspective on the State of Security

Written by Charles Cooper 1
February 8, 2017

Companies face cyber threats from an increasingly sophisticated cohort of attackers armed with a toxic assortment of malware, ransomware, and APTs. And 2017 is shaping up to be as bad, or worse, than 2016, which was a year punctuated by a series of devastating cyberattacks.

For the channel, this presents big opportunities and equally big challenges for VARs and MSPs.

The Cybersecurity Epidemic

If you wanted to find a growth business, this is it. As more organizations digitize and move their data online, cybercriminals will be on their toes probing for soft, lucrative targets. We’re long removed from the era when the biggest danger came from so-called “script kiddies,” out to prove their technical chops by randomly defacing corporate websites. Contemporary cybercrime threatens every organization, large and small. The economic cost is estimated to reach into the trillions of dollars within the next few years.

How cybersecurity can make or break a business

Cybersecurity needs to be a boardroom issue for no other reason than that poor implementation can lead to damaging and embarrassing data breaches that affect the success of the business. Some companies have recorded losses amounting to tens of millions of dollars after suffering cybersecurity breaches. What’s more, sloppy cybersecurity can result in the firing of the CEO, CIO, or other executives. Despite wider recognition of the importance to enforce strong cybersecurity, many boards are not sufficiently proactive. They still fail to understand their organization’s digital posture well enough to properly assess their vulnerability.

Things Are Getting Worse

We live in an increasingly connected digital world, where everyone—and nearly everything—has become a potential target. In the US, there are 25 connected devices per inhabitant. Organizations are adding literally billions of devices in the burgeoning Internet of Things. The problem is that many of these IoT devices are designed without adequate security. That puts the onus on businesses to pick up the slack and find ways to prevent attackers from exploiting weaknesses to penetrate their networks. Unfortunately, this remains, at best, a work in progress as manufacturers lack incentives to prioritize security. As IoT enters the mainstream, researchers are bracing.

Cybersecurity also remains problematic because employees remain the weakest link in any organization’s cybersecurity defenses. Despite years of investment in policies and procedures to educate workers how to safeguard company data, employees continue to download malware-laden apps onto their mobile devices and fall prey to phishing expeditions. Human nature takes time to change – and when it comes to cybersecurity, it changes very slowly.

Cybersecurity Essentials

No single piece of technology is going to solve a business’s cybersecurity needs. The magnitude of the task can sound daunting, leaving companies unsure about what to focus on first. That’s where channel providers can apply their expertise to build a multi-layered security approach that helps mitigate the threats against their clients. They can make sure that organizations are equipped with the essentials, including data controls, firewalls and malware scanning to reduce the likelihood of a compromise.

Unfortunately, it’s hard, if not impossible, to hermetically seal off networks from attack anymore. And so incident response teams should be formed and ready to deploy at a moment’s notice. At the same time, internal teams should have threat behavioral analytics and software solutions in order to analyze log data and flag abnormal traffic or user activity.

Terms to know

Malware: There is a seemingly limitless supply of new malware samples. In fact, Symantec has estimated the number to exceed 300 million as variations continue to get developed in response to the latest defensive measures. Also of note: Most successful malware compromises are due to outdated security defenses.

Ransomware: A type of malware that prevents users from access to their data until they comply with ransom demands. The number of ransomware incidents tripled last year as the practice went mainstream.

APTs: A technique in which attackers remain hidden on a network for extended periods of time, monitoring or stealing data. In the past, APT attacks have been linked to groups working on behalf of nation states to carry out cyber espionage missions or engage in political intrigue. Success breeds imitation and cybercriminals have also started to use APT tactics, most notably to steal money from several financial institutions last year.

DDOS: DDOS attacks are used to take down websites, email servers and other services which connect to the Internet by flooding the target with massive amounts of traffic or requests. Here’s another worry: DDoS attacks are increasing both in frequency and sophistication and the attacks no longer require special hacking or networking skills. There are now any number of DDoS-for rent sites that enable anyone to launch multiple simultaneous attacks from an easy-to-use interface to knock their targets offline by flooding their networks with data.

Voice of the Practitioner

But an increasingly perilous threat landscape also presents opportunities. To find out more, we turned to Ron Cullen, the CTO at Secure Designs, Inc., an MSP that specializes in offering multi-layered Internet security defense solutions to small to mid-size businesses. Cullen holds wide-ranging views on cybersecurity, the channel and its role in the battle against cybercrime. What follows is an edited transcript.

“As more customers expose parts of their businesses to the internet, they need to be aware of new vulnerabilities: It could be in the software, the operating system, the applications. Vulnerability management is now a huge issue. You can stop a lot of issues if you keep the products and technologies up to date. If you don’t, you leave yourself open [to attacks.]

Companies know they need better security. They hear about what’s going on in their industries and read about attacks taking place. But in the technology world, we still, to a large extent, speak a foreign language. Customers need to rely on a solution provider who can help interpret for them what’s actually needed. But the channel’s business has evolved. We don’t go to the customer anymore and ask, `How many copies of Microsoft Office do you need?’ The approach now depends upon first talking with customers about their business and understanding what their risks and concerns are – as well as their plans over the next couple of years. Then we need to help build security solutions for them using technology as a tool to solve their needs.

Security can be a competitive factor for the channel. A lot of VARs and MSPs are already doing things like managing patches and updates on their customers’ equipment. They may not call it a security service, but it is indeed a security offering. So instead of a company putting something out there and hoping that everything’s OK, you have someone sitting there who is monitoring the system, keeping it up to date and reporting on what’s going on so as to be able to handle issues when things change. As far as margins go, anytime you can get a recurring service that incurs revenue, that’s key in a VAR/MSP environment. That’s what keeps the lights on and keeps everyone paid.”

Sources for future reading:

PWC: Global Economic Crime Survey

CompTIA: Security in the IT Channel

EY: Global Information Security Survey 2016