Resellers as Guardians: Tackling Escalating Security Threats in Network Infrastructures

0
1034
Evolving threats

Network security is becoming increasingly important to businesses as more work is undertaken online and the number of outside threats from cybercriminals grows. Resellers have a crucial role to play in helping customers to get the right solutions for their business needs.

Security threats to businesses continue to rise, with 46% of businesses saying they experienced an attack in the past year, which is putting more pressure than ever on network security. 

“Businesses are currently navigating the complexities introduced by a hybrid workforce, and concurrently, the nature of threats is evolving to become more intricate,” says Mark Allen, head of cyber at CloudCoCo. “Despite efforts to enhance resilience through increased knowledge and deployment of advanced security breach identification tools to mitigate the risk of compromise, the hacker community continues to devise increasingly creative ways to disrupt organisational productivity. Unfortunately, we still witness breaches occurring, and when they are successful, they inflict serious commercial damage.

“Commercial damage resulting from a fully deployed breach goes beyond the immediate costs of regaining control and rebuilding the IT ecosystem. The potential financial loss is twofold: first, through payments directly to the criminal, either as a ransom or inadvertently to a bad actor. Second, there is the additional cost associated with the loss of business during the process, as the organisation may be unable to sell effectively. 

“Furthermore, reputational damage compounds the situation, as regulatory requirements – such as those from the ICO – necessitate notification to clients about the breach and its resolution. Unfortunately, we are seeing instances where companies cease to trade due to the severe impact of this criminal activity.”

Adam Seamons, information security manager at GRC International Group, adds that one of the big impacts to networks has come from the changes in technology. “Networks have moved from self-contained on-premises setups and many are now often distributed between cloud services and accessed remotely by external staff and resources,” he says. “Some of these technologies have been hastily implemented due to pressures for remote work during the COVID years and pressure to integrate with essential service providers who have moved into the cloud, forcing the hand of IT teams and decision makers.

“This has created complexity where traditional IT and security controls don’t cut it and now new vulnerabilities and threats have arisen. This is compounded by funding and skills shortages. Doing more with less often means things are missed, badly implemented, or simply overlooked and rushed, all of which is a recipe for disaster.”

Security solutions

But there are a range of technologies that can be deployed to assist businesses to stay secure. “When it comes to meeting the technical controls of an organisation, all-in-one products such as Microsoft’s Defender suite, which offers XDR, account monitoring and protection, DLP and more can be quite helpful,” says Adam. “To analyse and react faster, a combination of new artificial intelligence (AI) tools has been combined with robust identity and access management systems, zero trust architecture, management platforms, cloud access security broker, security information and event management or security, orchestration, automation and response.”

Mike Fry, UKI security director at Logicalis, adds that network security vendors from all parts of the spectrum are broadening their technology range, such as secure service edge (SSE), zero trust network access (ZTNA) and password-less authentication to gain a greater share of market and customer spend.

“This presents the customer with a problem; who is right and who should they listen to?” he says. “This is where a credible partner can bring value to a customer by helping them navigate this increasingly noisy space.

“The significant rise in traditional firewall vendors moving into the SSE and ZTNA spaces to support new way of working.”

As well as implementing a robust cybersecurity framework involving a multi-layered security strategy that integrates various protective measures, it is crucial to invest in cybersecurity education for employees, says Spencer Starkey, VP EMEA at SonicWall. “This is to ensure they possess the knowledge to identify and thwart phishing attacks and are adept at creating strong and secure passwords,” he says. “Additionally, staying vigilant on software updates is imperative, as these often include crucial security patches to address vulnerabilities that may be exploited by cybercriminals. 

“Establishing a comprehensive response plan for cyberattacks is essential to fortify defences. This should meticulously outline procedures for prompt identification, effective containment and successful recovery from potential incidents, thereby enhancing overall cybersecurity resilience.”

Matt Aldridge, principal solutions consultant at OpenText Cybersecurity, adds that cloud threats also need to be considered, and SSE/SASE and CASB services can add a lot of security value, as can secure configuration management and monitoring solutions for cloud services. “Once the fundamentals are covered, extending an organisation’s capabilities into threat hunting and breach detection by deploying XDR-style solutions gives another important layer of proactive prevention and reactive, timely response capabilities,” he says. “For most organisations, it is not possible to deliver such capabilities in-house, so often a considered partnership strategy with a managed detection and response provider is key to unlocking the value of XDR solutions.”

Optimising security

Ryan Kunker, senior director of channels and alliances at Picus Security, notes that resellers are embracing technologies that help customers to better understand their readiness to defend against the latest threats and respond to them.

“Breach and attack simulation (BAS) tools are increasingly popular among MSSPs and resellers to help validate and optimise organisations’ security,” he says. “They enable partners to simulate the techniques typically used by ransomware gangs and other threat actors.

“If a simulation finds that the existing tools do not prevent, detect or generate alerts for specific attacks, they can demonstrate to the client that their controls need to be optimised, or new tools are required. 

“BAS helps security teams to enhance the value of investments, and for the channel opens the door to new upselling opportunities. BAS goes further than just technology as well. It can help organisations test the people and processes they have in place to respond to breaches. Allowing teams to practice their craft before ‘breach day’ allows incident responses to be fine-tuned.”

Conversations

Resellers have a crucial role in network security. Ryan says channel partners should identify gaps in customers’ defences, so they can guide them to invest in the areas that will make the biggest difference. “This can be an incredibly effective way of selling to clients who are otherwise trimming budgets or being extra cautious with their security spending,” he says. “More than ever, channel partners must help clients make data-driven security decisions and demonstrate where security investments are essential.”  

Mark agrees that resellers should initiate conversations with their customers and seek to assess existing security measures, identifying potential vulnerabilities and gauging the overall resilience to cyberthreats. “Once the current standpoint is clear, resellers can then highlight the value that enhanced security can bring to the business,” he says. “This could include improved protection against evolving threats, safeguarding sensitive data and ensuring compliance with industry regulations. Establishing these points helps tailor security solutions to the specific needs of the customer and emphasises the tangible benefits that come with it.”

Resellers also play a crucial role in ensuring organisations stay ahead of emerging cyberthreats. “It’s imperative for resellers to engage in conversations that address the current and future landscape of network security,” Adam says. “Cybersecurity demands adaptability. Resellers should proactively discuss how organisations are responding to the latest threats and inquire about strategies to safeguard new cloud-based eCommerce platforms or finance systems.”

Spencer adds that resellers should look to educate customers about the proposed security solutions, while evaluating the efficacy of their network security protection measures. “Subsequently, a comprehensive discussion is held regarding the security budget and aligning it with the customer’s expectations,” he says. “Throughout the implementation process, a commitment to open and transparent communication is upheld, ensuring regular updates on progress are shared. This commitment extends across the entire lifecycle of the implemented solutions, fostering a collaborative and informed partnership between the client and the security service provider.”

It is also critical to stay up to date with the defensive technologies deployed and the firmware and software which runs on, or underpins, these platforms, Matt says. “Focus on minimising the number of internet-exposed services and applications, while protecting those which must be exposed using an independent combination of active defence and passive detection. Time and again, we see organisations being compromised due to an unnecessarily exposed remote desktop solution, or by an out-of-date VPN gateway. Even exchange server compromises are still prevalent for those who have not completed cloud migrations. Finally, architecturally, it is critical to assume that internet-facing bastions will at some stage get breached, so ensure that segmentation, controls and monitoring are in place to contain and detect any such compromise.”

Continuing threats

Matt says that network threats will continue to become more prevalent and increasingly sophisticated. “AI is already helping threat actors with things like high-quality phishing lures and optimised targeting of user populations,” he says. “It will continue to become even more powerful as solutions grow and mature, helping attackers to create exploit code with a high degree of automation once patches are released, putting even more pressure on patching cycles for system and network administrators alike.  

“AI is becoming critical for defenders, too, with solutions maturing fast that can help analysts zero-in on the alerts that really matter, while unsupervised machine learning continues to play a key role in detecting and surfacing anomalous activities and behaviours across network and cloud environments. Expect to see a lot more AI-powered security solutions, updates and announcements in the coming year.”

Mike adds that threat actors will continue to exploit organisations that have adopted new ways of working, such as hybrid or remote, but that have not yet evolved their network security to support this. “Sadly, in these scenarios, it is only post-breach that budgets become available for security projects,” he says.

“In addition, as organisations adapt to new ways of working, more and more will be turning to approaches such as zero trust to help protect and secure their people, brand and assets. The challenge they face, however, is resource and availability, knowing where to start and what to do next. A credible zero trust gap analysis assessment can help understand their current position and where to invest next for the highest return.”