One of the biggest opportunities that partners see in security isn't around the newest security startup or hot new technology. Instead, partners said they see a significant opportunity to go to current customers and "get back to basics" around cybersecurity.
Michael Goldstein, CEO of Fort Lauderdale, Fla.-based LAN Infotech, said his solution provider business had made a concerted effort to go back to clients over the past two months to re-engage around basic security principles.
Instead of selling customers new tools, he said LAN Infotech is going to customers for an audit to make sure those basics are in place, including password policies, admin change policies, patching, and more. Goldstein said the audits aren't about selling new tools, but rather about putting a plan in place around security for "going back to basics."
"I think people are looking at the high-level tasks and they are forgetting about the entry-level, low-level things that they should be doing over time," Goldstein said. "We have enough tools. We have enough software. But, someone could get hit if they aren't handling the basics."
Jolene Johnson, owner of Knoxville, Tenn.-based Absolute Access ID, said she also "absolutely" sees a huge opportunity to take clients back to basics around security. She said she works with her clients to develop a preventative security practice. "The more [these breaches] are in the news, the more people are reaching out to us on a daily basis," Johnson said.
Driving that shift is a continued set of breaches that take advantage of customers who don't have basic cyber hygiene in place, Chris Hall, a partner at PricewaterhouseCoopers, said.
In the past few months, there have been multiple examples of security incidents that take advantage of users and companies who didn't heed basic security precautions. Three recent incidents – affecting Verizon, World Wrestling Entertainment, and the Republican National Committee – exposed personal records due to misconfigured or unsecured Amazon Web Services S3 storage instances. The recent WannaCry ransomware attacks and Petya wiper attacks also took advantage, in part, of unpatched exploits.
According to the 2017 Verizon Data Breach Report, 88 percent of breaches in the past year took advantage of the most popular nine attack vectors and 81 percent used reused, stolen, or weak passwords. "[The breaches] take advantage of the fact that good hygiene isn't at the forefront in most people's minds," Hall, from PricewaterhouseCoopers, said. "They have the technology. It's now just about getting back to basics to communicate more and work together."
Hall said he sees customers with many standalone technologies – up to 70 for a single company – that aren't integrated or used to their full capabilities. One way customers are looking to improve their cyber hygiene is by consolidating the number of vendors they work with and focus on integrating the technologies, he said. He said this also has the added benefit of saving cost and human resources.
This isn't a challenge that's going away anytime soon, Absolute Access ID's Johnson said. She said she sees a "huge increase in interest from the customer perspective to find some type of solution." For partners, she said that means there remains a lengthy opportunity to help clients get back to basics and improve their security posture for the long term.
"I don't see any end in sight, unfortunately [for clients]," Johnson said. "We [as partners] have to be on the front end to be aggressive in how it's tackled from our side."