The channel's role in fighting cybercrime

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.channelpro.co.uk/opinion/9508/the-channels-role-in-fighting-cybercrime

> From WarGames to Hackers, Hollywood has historically glamorised the idea of
hacking with a range of corny stories about cyber-savvy young whizz-kids
taking on the bad guys and saving the world. But in reality, hacking is
more the domain of the bad guys than the heroes, and has become a constant
threat for businesses.

The Centre for Economics and Business Research (CEBR) estimated that
cyber-attacks cost British businesses around £34bn a year and 15 percent of
them have directly lost revenue from a breach.

This year alone has seen the fallout of major hacks on Sony, Ashley Madison
and the Carphone Warehouse, amongst many others. Given the reputational
damage these attacks can cause, businesses are increasingly concerned and
looking to shore up their defences. In this context, the channel has a
vital role. Resellers should be engaging with customers to discuss their
option in how to manage their security, offer the right tools, and provide
a managed service to help them cope with the sheer complexity of the task.

Multiplying and fortifying the defences

The frequency and complexity of the high-profile attacks that we’ve seen
recently give the channel the perfect excuse to be speaking to customers
about how they intend to avoid this sort of headline. The average cost of a
data breach is estimated to be between £600,000 and £1.5m in the UK, with
the fallout of the worst breaches running on for years. This gives
customers a real incentive to listen to their partners in the channel about
the best ways to limit such risk. By talking to customers about how they
are currently defending their kingdoms, it’s easy to see where the chinks
in the armour might be.

For instance, many organisations take a very network-heavy approach to
security. While network security is clearly an important facet of any
enterprise defence, it will not protect against everything. Increasingly
the endpoint is the target. While many may claim their anti-virus will
protect them should the endpoint be attacked, the rise in zero-day attacks
– where the malicious code used by the hacker has never been seen before –
means that the blacklists that AV tools use to determine what is and isn’t
allowed to gain access are fundamentally flawed. This makes them useless
against more sophisticated attackers. While AV is important and helps to
protect against many everyday known attacks, on its own, it will not
provide the protection needed to prevent endpoints being breached. This is
why we are seeing a rise in whitelisting, where defences are tailored to
the individual organisation through a system of rules.

Resellers need to communicate with customers about the need for more
sophisticated, multi-layered defences that can protect both the network and
the endpoint devices that connect to them.

MarketsandMarkets suggests the endpoint protection sector alone will be
worth just under $15bn by 2019, so there is clearly a large piece of the
pie available for resellers that can hook into the current opportunity; in
particular those that can create broad offerings that enable multi-faceted
defences. This should combine AV black-listing, white-listing endpoint
security, and network security tools, such as IDS, as well as SIEMs to
correlate all the data. Creating security bundles and strategic advice
around how these technologies can be deployed and best placed to protect
the company crown jewels will allow partners to not only expand their role
as trusted advisors, but to also drive revenues around licences. However,
prevention alone will not solve the problem; it’s just part of the battle.

Finding the enemy within

It isn’t just that cybercrime is on the rise, but the nature of the threat
is evolving daily, meaning it’s almost impossible to spot and prevent every
threat as it happens and still operate your business effectively. The fact
is, particularly with Advanced Persistent Threats, that it is likely that
at some point you will be breached. The secret to limiting the risk of such
breaches is to find out early and to know exactly what happened. When
looking at a typical attack, it’s rare the entry point is the intended
target. Hackers will often find a weak spot, gain entry, then slowly start
to test the system, put in backdoors for re-entry, and set themselves up
for the moment they make a dash for the safe. Just like a bank robber
casing a target. Therefore catching them quickly is critical to limiting
damage.

However, the fact remains that most breaches take years to be discovered,
and are often flagged by a third-party when it’s too late. What happens
after the breach has occurred is even more important. Forensics teams need
to know what the hacker did, what backdoors they installed, what they took
and where exfiltrated data has been sent to. For this, organisations need
continuous monitoring and recording on each and every endpoint device.

However, keeping on top of all the security alerts being generated and
trying to make sense of them in a timely way is a very difficult task.
There are always a number of false positives, and in-house teams are often
very stretched. This is why we are seeing so many of our partners in the
channel offering managed security services and incident response. By
offering these services, partners not only benefit from recurring revenues,
they can also move themselves up the value chain and strengthen the
customer relationship.

Being the preferred partner in cybercrime

As the threat from cybercriminals grows, enterprises will increasingly
depend on the channel to offer advice and tailored solutions. Resellers
should be reaching out to educate the market about the security options
available and creating bundles that reflect what enterprises need to keep
their data safe. More than that, the opportunity is there to lock down
good, reliable revenue streams by managing the solutions once purchased.
Stopping cybercriminals from perpetrating another Ashley Madison or Sony
hack is no small task, but the channel has a huge role to play.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!