Expert Hubs 2021: fighting threats with cybersecurity

Canalys ran a series of “Expert Hubs” at its latest forum events. We gathered experts from the channel partner community to discuss subjects relating to one of the key event themes: ESG, strategy, cybersecurity, managed services and digital workplace. The sessions contained a mixture of partners, vendors and, in some cases, third-party experts. Event participants were invited to watch the live discussions online. In this series of reports, we summarize the key points that came from those sessions.

Session details

Topic: Fighting threats with cybersecurity

Partner participants: Also, ITsolutions24, Nuvias, Orion, Ramsac, SCC, Softcat

Vendor participants: Dell Technologies, HP, Kaspersky, Trend Micro

Key points

The last 18 months have seen a surge in high-profile ransomware campaigns, the exploitation of zero-day software vulnerabilities and the emergence of supply chain attacks. The fallout has had far-reaching implications at a time when economies are recovering from the sharpest contractions on record due to the pandemic. Many organizations are fighting to keep operations going and at the same have had to step up their fight against these cyber-threats.

Partners and vendors shared valuable insights:

Threat actors have become more aggressive and effective at monetizing breaches. Ransomware demands have escalated from tens of thousands of dollars to tens of millions of dollars to unencrypt data. Cryptocurrencies have been a key enabler for threat actors to get paid. But the typical entry points used to penetrate organizations have not changed. Hackers continue to focus on credential phishing, social engineering, encouraging employees to click on malicious links and hacking unsecured technology. The combination of increased remote working, a lack of training and awareness, a continued reliance on configuration by default, poor patch management, and the use of unsupported legacy technologies has made these attack vectors more susceptible. The reality is every organization is vulnerable. Some just make it easier than others for threat actors to exploit.

Too many resources are spent on protection and not enough on recovery. A common theme throughout the discussion was that organizations must plan for the worst-case scenario. Many follow the NIST framework and its five core functions: identify, protect, detect, respond and recover. Traditionally, most resources are spent on identifying and protecting. XDR is increasing the focus on detecting and responding. But a lot of organizations are not prepared for recovery. Recovering from ransomware takes time. The cost of lost operations and sales, as well as restoring IT after an attack, can be up to 10 times as much as the ransom itself. Recovery is a key part of being cyber-resilient. Organizations need to have a clear process in place for when an incident occurs. But even with post-breach forensics and analysis, organizations often do not implement the recommendations, which increases the likelihood of further successful attacks.

Specialization is still important, as most partners cannot offer full-stack and end-to-end cybersecurity lifecycle services. Larger partners have invested in an all-encompassing managed lifecycle approach, focusing on people via training, processes, technology deployment and integration, as well as support. The primary benefit of this for customers is a holistic approach to address their cybersecurity needs and single billing. But not every partner has the resources to build this full-stack capability and end-to-end offering. Many are focusing on selected capabilities. Specializing in certain areas is also an important model, such as penetration testing or consultancy. Others are just reselling third-party cybersecurity services with their core portfolios to provide secure solutions. For example, some Microsoft partners offer third-party vulnerability assessments for customers’ Azure environments. The cybersecurity channel ecosystem will remain diverse.

We must think differently if we are ever going to reduce the skills gap. The availability of specialized skills is the major factor limiting partners’ expansion. There are government and private sector-led initiatives in place that aim to address this issue in the future. But the need is immediate. Location is part of the problem, with organizations deciding to relocate SecOps to areas where there is more talent. But the reality is there are more cybersecurity jobs than people to fill them. This does create opportunities for partners, though the execution is difficult given the spike in salaries. Venture capital flowing into cybersecurity start-ups to fund recruitment has worsened the problem. The key issue is that it is hard to become a proficient cybersecurity technician. A foundation and expertise in the areas that need securing is essential, for example, networks, DevOps, cloud architectures and OT. Therefore, different approaches are needed. Working with ethical hackers is one option, which are starting to offer services. But recruiting them is challenging. They are typically younger people that want to work for themselves and often do not understand or want to fit into corporate cultures. Being part of this ecosystem is a better option.