The channel's role in fighting cybercrime

Cyber Threat

From WarGames to Hackers, Hollywood has historically glamorised the idea of hacking with a range of corny stories about cyber-savvy young whizz-kids taking on the bad guys and saving the world. But in reality, hacking is more the domain of the bad guys than the heroes, and has become a constant threat for businesses.

The Centre for Economics and Business Research (CEBR) estimated that cyber-attacks cost British businesses around £34bn a year and 15 percent of them have directly lost revenue from a breach.

This year alone has seen the fallout of major hacks on Sony, Ashley Madison and the Carphone Warehouse, amongst many others. Given the reputational damage these attacks can cause, businesses are increasingly concerned and looking to shore up their defences. In this context, the channel has a vital role. Resellers should be engaging with customers to discuss their option in how to manage their security, offer the right tools, and provide a managed service to help them cope with the sheer complexity of the task.

Multiplying and fortifying the defences

The frequency and complexity of the high-profile attacks that we’ve seen recently give the channel the perfect excuse to be speaking to customers about how they intend to avoid this sort of headline. The average cost of a data breach is estimated to be between £600,000 and £1.5m in the UK, with the fallout of the worst breaches running on for years. This gives customers a real incentive to listen to their partners in the channel about the best ways to limit such risk. By talking to customers about how they are currently defending their kingdoms, it’s easy to see where the chinks in the armour might be.

For instance, many organisations take a very network-heavy approach to security. While network security is clearly an important facet of any enterprise defence, it will not protect against everything. Increasingly the endpoint is the target. While many may claim their anti-virus will protect them should the endpoint be attacked, the rise in zero-day attacks – where the malicious code used by the hacker has never been seen before – means that the blacklists that AV tools use to determine what is and isn’t allowed to gain access are fundamentally flawed. This makes them useless against more sophisticated attackers. While AV is important and helps to protect against many everyday known attacks, on its own, it will not provide the protection needed to prevent endpoints being breached. This is why we are seeing a rise in whitelisting, where defences are tailored to the individual organisation through a system of rules.

Resellers need to communicate with customers about the need for more sophisticated, multi-layered defences that can protect both the network and the endpoint devices that connect to them.

MarketsandMarkets suggests the endpoint protection sector alone will be worth just under $15bn by 2019, so there is clearly a large piece of the pie available for resellers that can hook into the current opportunity; in particular those that can create broad offerings that enable multi-faceted defences. This should combine AV black-listing, white-listing endpoint security, and network security tools, such as IDS, as well as SIEMs to correlate all the data. Creating security bundles and strategic advice around how these technologies can be deployed and best placed to protect the company crown jewels will allow partners to not only expand their role as trusted advisors, but to also drive revenues around licences. However, prevention alone will not solve the problem; it’s just part of the battle.

Finding the enemy within

It isn’t just that cybercrime is on the rise, but the nature of the threat is evolving daily, meaning it’s almost impossible to spot and prevent every threat as it happens and still operate your business effectively. The fact is, particularly with Advanced Persistent Threats, that it is likely that at some point you will be breached. The secret to limiting the risk of such breaches is to find out early and to know exactly what happened. When looking at a typical attack, it’s rare the entry point is the intended target. Hackers will often find a weak spot, gain entry, then slowly start to test the system, put in backdoors for re-entry, and set themselves up for the moment they make a dash for the safe. Just like a bank robber casing a target. Therefore catching them quickly is critical to limiting damage.

However, the fact remains that most breaches take years to be discovered, and are often flagged by a third-party when it’s too late. What happens after the breach has occurred is even more important. Forensics teams need to know what the hacker did, what backdoors they installed, what they took and where exfiltrated data has been sent to. For this, organisations need continuous monitoring and recording on each and every endpoint device.

However, keeping on top of all the security alerts being generated and trying to make sense of them in a timely way is a very difficult task. There are always a number of false positives, and in-house teams are often very stretched. This is why we are seeing so many of our partners in the channel offering managed security services and incident response. By offering these services, partners not only benefit from recurring revenues, they can also move themselves up the value chain and strengthen the customer relationship.

Being the preferred partner in cybercrime

As the threat from cybercriminals grows, enterprises will increasingly depend on the channel to offer advice and tailored solutions. Resellers should be reaching out to educate the market about the security options available and creating bundles that reflect what enterprises need to keep their data safe. More than that, the opportunity is there to lock down good, reliable revenue streams by managing the solutions once purchased. Stopping cybercriminals from perpetrating another Ashley Madison or Sony hack is no small task, but the channel has a huge role to play.

Roy Pickard is channel manager, EMEA, Bit9 + Carbon Blac