Life's A Breach: SMBs Finally Turn To MSPs For A Security Boost
Small- and midsize-business owners are increasingly turning to resellers and MSPs to contain security incidents and are entering into long-term IT management discussions to bolster their security posture in the wake of several high-profile threats, according to panelists participating in a formal discussion on the future of cybersecurity in Boston on Thursday.
The notorious Cryptolocker ransomware that spread quickly, locking out consumers and businesses from their computer files, and the open-source Heartbleed vulnerability that required businesses to check often-neglected networking gear, helped bolster interest in regional resellers, consultants and managed security services providers, according to industry analysts, customers, resellers and MSPs in a Dell-sponsored discussion about security over the next decade.
Copycat Cryptolocker threats already are emerging and the future holds more uncertainty about data security, privacy and other issues as organizations of all sizes make the transition to cloud-based services. How attackers may adapt their tactics to future technology trends such as broader cloud adoption and an increasing number of Internet-enabled devices is unclear, the participants said.
"What we're not seeing here is the industry helping us get end users to not click on things that people shouldn't be clicking on," said David Wrenn, vice president of sales at Branford, Conn.-based solution provider Advanced Office Systems. "The human factor behind all of these attacks and the sneakiness of bad people out there writing malware used to capture information is one of the biggest challenges that our industry faces, and one [where] I don't see an end in sight."
Advanced Office Systems helped clients hit hard by Cryptolocker and other threats and added new and former clients that dealt with costly aftermath of the ransomware attack, Wrenn said. While high-profile data breaches at Target and other retailers get the most attention, small- and midsize-business owners are realizing tough losses if they aren't addressing basic security best practices, establishing some security measures and policies, and properly maintaining a system backup, he said.
"Our job as resellers is to educate the customers," Wrenn said. "SMBs especially need some guidance because they need to understand that the Linksys router that they just ran out and purchased is not protecting their customers from being compromised."
Resellers and MSPs are in position to help small businesses establish stronger security measures and get more value out of the technology investment that they make, said Laurie McCabe, co-founder and partner at research firm SMB Group. Unless they are under regulatory pressure to meet minimum security standards, most small- and midsize-business owners will balk at security until a breach or serious security incident disrupts the business, McCabe said.
"SMBs are completely overwhelmed," McCabe said. "Very few of small or even medium businesses can possibly have the internal expertise to run an effective security program and that's where MSPs and resellers can at least sell them the peace of mind that security is being addressed."
NEXT: Advanced Threats Prompt New Security Measures
Heartlbleed was 48 hours of chaos, but it truly served as an education for clients about security, said Michael Gray, director of network operations at Lawrence, Mass.-based Thrive Networks, the managed service provider subsidiary of Staples. Thrive Networks was able to calm clients after Dell and other security vendors issued signatures to detect an attack, Gray said.
High-profile data breaches are prompting businesses to finally adopt security best practices, such as instituting LAN segmentation over groups of users on the network, he said. In the future, every user may have their own network.
"The concept is that everyone is being treated as a remote worker, including people inside the building," Gray said.
Zeus, Cryptolocker and other financially motivated attacks driven by automated attack tools make up 90 percent of the threats detected on any given day, said Jon Ramsey, CTO of Dell SecureWorks in Atlanta and a Dell Fellow. The attackers are getting smarter with their campaigns to avoid detection, Ramsey said. Attacks using data-stealing malware are finely tuned to prevent them from spreading rapidly.
So-called advanced threats that slip past next-generation firewalls, intrusion-prevention systems and other detection mechanisms also are forcing change at some enterprises, which may trickle down into the SMB space, the panelists said. Some businesses are wiping and re-imaging systems on a monthly basis, preventing malware that evades detection from remaining on systems for more than 30 days.
"We're seeing a number of businesses that do containment as a matter of course, and I think we'll see more of it," Ramsey said.
Businesses are underequipped to defend against advanced persistent threats that use custom malware or zero-day exploits to target vulnerabilities that are not publicly known, Ramsey said. Those threats pose the biggest danger because they can remain on systems for months or years, he said.
Poorly written software is one of the main culprits leading to security incidents and data loss, said Donald Ferguson, vice president and CTO for software at Dell. The level of discipline into design analysis for civil engineering is more than software engineering, yet software is an integral part of our daily life, Ferguson said.
"Software is being dialed for agility, function and time; it is rarely being dialed for security," Ferguson said.
PUBLISHED JULY 25, 2014