Malware and network intrusion are the two most popular security threats to companies today. Breaches can mean millions of dollars in losses. Reynolds, SVP, Corporate Sales at Kaspersky Lab, North America, discusses how to communicate the severity of the danger to your customers.—Jennifer Bosavage, editor
Right now, companies are facing several types of threats from various groups. In 2011, the most widely publicized were hacktivists, who are groups of actors that commit cyber attacks on organizations based on socio-political ideologies and motivations. However, the most common group threatening corporations and consumers are cybercriminals. Such groups commit cyber attacks strictly for monetary profit and have a commercialized operation that targets companies with a variety of techniques including spam, malware, social engineering and denial of service attacks.
The most common threat comes in the form of viruses, spyware and other malicious programs (malware). And those are common.
• In 2011, 91 percent of corporations reported at least one IT security incident from an outside source.
• Despite recent law enforcement arrests on the Zeus creators, the Trojan continues to plague the industry. In 2011, Zeus’ source code was leaked to the public, which gave cybercriminals open access to configure the malware to meet their individual attack needs. The customization creates more targeted attacks and only increases the challenge companies have with securing its networks from the malicious Trojan.
• Mass exploitation continues to spread with crimeware and online attacks. In 2011, the United States was ranked #3 overall for the number of online attacks targeting victim’s computers. As a result of successful attacks, victim computers were infected with a full array of malicious programs: Zbot (ZeuS) Banker Trojans, ZeroAccess multifunction backdoor clickers, fake antivirus programs, and blackmailers.
The second most frequent security issue was network intrusion; 44 percent of companies experience an issue because of vulnerabilities inside its existing software. Patch management for IT continues to be an issue with the amount of diverse software applications running on their employee’s computers.
What’s at stake? Security breaches most frequently result in the loss of financial data, followed by personal customer information, intellectual property, and employee information. Thirty one percent of the reported malware attacks resulted in some form of data loss, with 10 percent of companies reporting loss of sensitive business data.
Although statistics show the majority of attacks are traditional cybercriminal methods, the rapid adoption of mobile devices, cloud services and social networking applications in the work place creates an even more complex model for your customers to secure.
Next: Help your customer understand why security is so important
How can you help organizations take cybersecurity more seriously? Help them understand :
1. the threats that exist,
2. what the risks are and how it relates to their markets.
Reading about security events in the news and sharing research reports with your customers only acts as a long sword when they require a scalpel to fully dissect their cyber security needs. Assist them with evaluating their assets, intellectual property, processes, expertise and resources so they can ascertain what’s the most valuable and invest in security solutions that meet the scope of their needs the most. Here’s where to start:
Evaluate your customers' most valuable assets and offer a customized solution to protect them.
• Assess the market and threats with your customers IT infrastructure/existing technology.
• Conduct a security audit to evaluate strengths/weaknesses and develop a plan to secure the most valuable areas for your customers.
• Look at the tools that are available.
• Look at alliances.
• Evaluate vendors’ interoperability and integration ease.
Adapt to new threats by expanding your portfolio of protection
• Can you broaden by selling adjacent technologies?
• How can you wrap services around vendor offerings?
• What are the tools/barriers to entry?
Who to choose? Finding the right vendors
• What percent of their business is channel?
• Can you continue to build your business with them?
• How deep is their threat analysis team?
• Are they global? Can they meet geographical requirements like IT support in native languages for each region?
• What percent of employees are in their R&D team (i.e. how deep is there R&D)?
• What are their key strengths? Solutions, support and expertise, etc.
• How well do they know the threats in each market and geography?
• Can they offer solutions that fit these diverse needs?
How can you prepare your customers to meet emerging threats with new technologies?
• Are your vendors flexible enough to support virtual and mobile platforms/needs?
• How well can they integrate with existing IT infrastructure and system management technologies?
• How often do they expand and update their portfolio of security solutions and products?
Proof of Concept (POC) – Why it’s important to you and your customer
• As a solution provider, you continue to show your expertise and relevance to your customer.
• POCs will demonstrate and validate the capabilities of your recommendation solution prior to full deployment and installation.
• POCs are another way of activating your professional services business unit and on-going contact with the selected vendor.