The number and complexity of cybersecurity threats to businesses is constantly growing, yet while businesses appreciate the risks, many still don’t have adequate protection and this presents opportunities for resellers.
Cybercrime is a major threat to businesses of all sizes and in all sectors and cannot be ignored: AAG found that 39% of UK businesses reported suffering a cyberattack in 2022. Of these businesses, 31% estimate they were attacked at least once a week. In addition, cybercrime cost UK businesses an average of £4,200 in 2022; when just considering medium and large businesses, it rose to £19,400.
Unsurprisingly, 82% of boards or senior management in UK businesses see cybersecurity as a high priority.
It needs to be as the threats are myriad, as Matt Aldridge, principal solutions consultant at OpenText Cybersecurity, explains. “OpenText Cybersecurity’s latest threat report reveals that cybercrime groups are doubling down on long-standing tactics as well as using newer techniques such as deepfakes, artificial intelligence and social engineering to exploit businesses’ vulnerabilities,” he says. “Phishing has remained the number one delivery mechanism for ransomware, with attackers refining their techniques. Phishing is also dominating the web, with HTTPS sites being increasingly used for malicious purposes. Overall, ransomware has grown and adapted, and it remains one of the most significant cyberthreats that small- to medium-sized businesses face.
“The number of phishing emails we blocked last year grew to 1.14 billion, a 16.4% year-on-year increase. The use of HTTPs sites for phishing showed 55.5% year-on-year growth. Most alarming perhaps is the rise of the average cost of ransomware attacks, which peaked at a staggering £320,000 last year.”
Malware threat
Sarah Goodchild, senior director, channel sales EMEA at Picus Security, adds that malware also continues to be a threat. “Picus Security recently analysed 500,000 malware samples and discovered that it is evolving rapidly to become more evasive and more dangerous,” she says.
“The latest multi-purpose malware is akin to a Swiss Army knife in terms of its versatility and usefulness to adversaries. Sophisticated malware samples are adept at evading security controls, moving laterally between devices and encrypting data. More than a third of the malware we analysed can perform over 20 tactics, techniques and procedures and this flexibility helps it adapt to different environments.
“Malware developers continue to invest significant resources into researching and developing more sophisticated techniques that help them to accomplish their goals. Security teams now have more tools to help them detect, prevent and respond to threats. However, the pace of change means it remains challenging for security teams to ensure that their defences are optimised against the latest attack techniques. Adversaries continue to raise their game and defenders must too.”
Martin Jartelius, CSO at Outpost24, adds that there is also an increase in credential stealing malware. “As many organisations turn to the internet to conduct business and, in turn, collect and store more data digitally, this is especially worrying,” he says.
“In recent years, the number of Initial Access Brokers skyrocketed, malware prices have increased, and ransomware groups have multiplied. Research conducted by our KrakenLabs into the ecosystem of credential threat found a growing number of Traffers operating. Traffers are organised groups of cybercriminals specialising in credential theft using malware, most commonly stealers. We found that this is becoming a real problem for businesses and it’s something that requires constant monitoring and real-time intelligence to detect and fight against.
“Equally, as always, weak passwords continue to pose a large problem for businesses. The 2023 Specops Weak Password Report showed that nearly 90% of breached passwords used to attack RDP ports in live attacks were 12 characters or less. Even more worryingly, the most common base term found in passwords used to attack networks across multiple ports is still ‘password’. From brute force attacks to password guessing and ransomware, threat actors will inevitably continue using passwords as a way of gaining access to a system. A strong and comprehensive password policy across an organisation is key.”
Remote working threat
Users continue to be a weak point in cybersecurity, especially with the rise in remote and hybrid working, which has also made network devices more vulnerable to attacks, Martin adds. “Security teams need to consider the implications of having a workforce that alternates between being physically present and working remotely,” he says.
“Moreover, because people are physically isolated from their colleagues, they become easier targets for social engineering attacks. With fewer distinctions between work and personal devices, businesses must increasingly focus on user behaviour. It is becoming more and more crucial to ensure that employees follow best practices when accessing sensitive data or communicating with colleagues. This includes implementing training programs, conducting regular security assessments and using multi-factor authentication to keep accounts secure.
“To mitigate risks, organisations must make sure their cyber defences are adapted to cover both environments. Yet, for many organisations, questions on how to securely manage a hybrid workforce remain open, such as how are users using and consuming business data? Where is that data being stored? Is it encrypted? What networks are they using their devices on, and what other devices might also be on the same network? For example, many IoT devices won’t have the secure coding that other endpoints do. Do all of the devices users have meet the business’ security and compliance requirements?”
Patches
Stuart Robson-Frisby, RVP, EMEA Channels at Tanium, adds that many businesses don’t have visibility of how many devices are connected to their network, and who has access to what, which creates numerous security risks if some or all of the devices are unpatched.
“However, despite being such a significant risk, many companies still fail to patch their systems and devices frequently enough,” he says.
“Without addressing this situation, businesses are at high risk of malware infections, data breaches and operational disruptions. This is not only a drain on resources, time and money, but often leads to irreparable reputational damage and even legal liabilities.
“To mitigate the risks associated with unpatched devices, businesses should prioritise patching as a critical component of their cybersecurity strategy. This includes developing a robust patch management strategy, testing patches before deployment, and ensuring that all devices – known and unknown – are up to date with the latest security patches and updates. It only takes one weakness in an organisation’s IT defences to bring the business to its knees, so being able to swiftly identify and remove any vulnerable devices is vital to securing the company’s future.
“Being prepared for – and able to withstand – today’s cyber landscape is about being ‘cyber ready’. This means practicing good cyber hygiene and detecting threats and performing counter threat actions. Finding a way to discover and manage all the endpoints in your environment, including those in home offices, remote workspaces and cloud environments, is a vital component of this approach.”
Supply chain vulnerabilities
Jamie Andrews, senior director international partners at Armis, notes that supply chains are also at risk. “The lateral movement tactics used by threat actors are taking advantage of trusted third-party suppliers to infiltrate larger, more traditionally ‘secure’ targets,” he explains. “By worming their way into a smaller organisation, they can spend weeks or months lurking about undetected on systems and networks.
“This puts numerous organisations at risk. Without the right visibility into the devices and assets on their networks, organisations risk inadvertently allowing threat actors to launch large scale attacks.
“We’ve also seen several warnings from UK authorities that point to heightened risk of cyberwarfare attacks conducted by Russian nation state actors because of the ongoing war. By not having full visibility into their networks and systems, organisations are much more vulnerable to being targeted by threat actors that are becoming more ideologically motivated and are looking to send a message.
“Channel partners that are equipped to help customers address these risks will stand the most to gain now and into the future as these types of attacks evolve.”
Trusted partners
Jamie adds that the shortage of skilled cybersecurity personnel remains a huge problem. “There is an increased demand for services and solutions from third parties and partners that can offer value, such as MSSPs,” he says. “Good cybersecurity vendors will support the reseller community as much as they can by sharing resources or training sales and technical professionals through robust partner programmes. Therefore, resellers should be taking vendors up on the training and resources that they offer to get the most out of their solutions for their customers.
“That said, we also cannot forget that customer budgets are getting tighter which translates into increased ROI requirements, result-oriented purchasing decisions and sometimes longer and more complex decision processes, all of which elongate the sales cycle. It is therefore important for the channel to work with cybersecurity suppliers that offer a high-quality product with a modern approach to maximise time to value.”
Tom Herrmann, vice president of global channels and alliances at Synopsys Software Integrity Group, adds that resellers are in a unique position in that they can represent multiple vendors across a broad spectrum of cybersecurity solutions. “They can also be a trusted advisor to businesses in terms of understanding what solutions and services are available in the market, the specific uses cases and what each can address, and which solutions tend to work best suited for a business’ specific concerns,” he says.
“Resellers can then bring in the vendors that are experts in their particular area of cybersecurity to further assist with vulnerability identification and remediation efforts. Given their broad exposure to a diverse mix of customers and vendors, resellers are a great resource for customers to increase their awareness and knowledge of the overall threat landscape.
“Most companies have only scratched the surface on protecting themselves from cybersecurity threats, and even the ones that can be considered ‘ahead of the pack’ will still find new holes that must be patched on a regular basis as attackers discover new areas to exploit.”
Dealing with ongoing threats
Sohin Raithatha, CEO of Redsquid, notes that while some organisations understand the risks, many underestimate the number of devices that can be breached. “The widespread adoption of Internet of Things devices and bring-your-own-device policies amplify those risks, and we as MSPs play a vital role in ensuring customer awareness and that appropriate security measures are being used across all businesses,” he says.
“As an MSP with a focus on cybersecurity and as trusted advisers we at Redsquid see it as our responsibility to continue to guide and communicate these ongoing threats and the measures and technologies that can be utilised to overcome them. The threat level from cybercrime has only gone one way in the last many years – and that is up! I don’t anticipate that this will change, and we expect the threats to continue to become more complex and refined against our businesses.
“We have developed our own cyber security solution, Redsquid Cyber/Kill, which protects the entire perimeter around a business and not just individual devices. Paired with SOC and SIEM technology – these solutions are what more and more businesses are integrating to stay secure and give peace of mind to stakeholders and customers alike. Paired with awareness training, this is the only way forward and we will continue to be advocates for the use of these technologies to protect organisations, users and data.”
Dom Ryles, director of sales and commercial – security at Exertis Enterprise, says that some customers might not realise the implications of moving their data to the cloud and the impact of the shared responsibility model, where the customer themselves is responsible for the data in the cloud – providers are only responsible for the infrastructure but not the data. “This is a big vulnerability,” he says.
“It’s our responsibility as a distributor to educate and enable the reseller community, and to address the challenges that our partners’ customers are facing. We need resellers to get their customers to understand that it’s not a question of ‘if’, but ‘when’ when it comes to security. Taking customers through certification processes and getting the baseline understanding and awareness, is a good way to start. General security awareness training is essential, so they don’t see security as a ‘blocker’ to progress, rather than an ‘enabler’.”
Growing market
With cyberthreats continuing to grow, so is the market for security – Dom points out the market is predicted to grow at a CAGR of 8.9% – which means the opportunities for resellers will increase too. However, it will be important for them to stay on top of the latest innovations to make the most of those opportunities.
“The main market trends in the next 18-24 months will be AI automated security systems, which can analyse patters and behaviours and automate responses thereon,” says Dom. “However, a negative side of AI is that hackers now have the capability to write malicious code more easily or create an attack that bypasses the latest security protocols, and they could even predict the best time to attack an organisation when it’s at its weakest.
“Insider threats, for example human error or social engineering, are still primary reasons for a data breach. Another upcoming trend is zero trust, where colleagues only have access to the resource they require for a limited time. IT managers then receive more visibility into what people are accessing and reducing their access capabilities. Zero trust will be the fastest growing form of network security, growing by an estimated 31% in 2023.”
OpenText Cybersecurity’s Matt Aldridge adds that while there is no ‘silver bullet’ that can stop all attacks, multi-layer solutions that block attacks from bottom to top are essential for serious protection. “But fundamentally it is applying regular software or firmware updates to these devices that can give the most protection, along with carefully hardening their configuration. This is most critical with any appliance or device which sits outside the network or at the border, such as routers, firewalls and VPN gateways, where devices are directly exposed to attacks. Disabling all unneeded features and heavily restricting admin access are other key methods to keep devices secure.
“We expect cybercriminals will continue to evolve their tactics, notably relying on sophisticated AI to support their malicious activity. They will continue to look for the weakest link, and this will usually be servers or endpoints that are not adequately protected and/or are running outdated, vulnerable software. Cybersecurity vendors work extremely hard to detect and prevent attacks, but when organisations are operating on legacy infrastructure, there are limits to the protection levels that can be achieved.
“Social engineering tactics, such as those targeting multi-factor authentication fatigue will remain an important area of concern for business leaders and cybersecurity experts. This is a technique that exploits the fallibility of humans, rather than vulnerable computers, and it can unsurprisingly be much more effective than purely technical attacks devised to infiltrate IT systems. As such, it is another important reason why businesses should invest in employee education as a priority and ensure that their endpoint security has real-time anti-phishing protection included.”
