Ransomware attacks pose an undeniable threat to the global business environment, reaching levels that easily qualify as an epidemic. According to Cisco, the total number of distributed denial-of-service (DDoS) attacks worldwide will reach 15.4 million by 2023.
Rapid technological advancements are also making matters more complicated. Now, the technology behind ransomware attacks is evolving and becoming more sophisticated than ever. One of the most effective preventative measures involves forming a comprehensive security plan powered by next-generation technologies, the kryptonite for cybercriminals.
We’ve sat down with security expert Alex Ryals, VP, Global Security Solutions at TD SYNNEX for a deeper dive on this critical topic and how we can expect the cybersecurity landscape to evolve within the near future.
This article is a transcript of an interview conversation. The content has been edited for clarity and brevity.
Describe the current cybersecurity landscape — What are some of the ransomware attack trends we are seeing today?
First, it’s important to understand what the issue is around ransomware. It’s become an epidemic around the country and the world. CEOs cite ransomware as one of their top concerns around threat vectors for their organizations.
Ransomware attacks used to be limited to withholding data until a ransom was paid. A few adjustments in tactics later, attackers now gather data and threaten to release it publicly or alter the data and demand a ransom to identify what changed.
In this most frightening scenario, companies can become stuck grappling with inaccurate data about their customers and finances as employees continue their everyday jobs. This ransomware attack trend has hit the scene very recently, and we will continue to see this worsen throughout 2022.
Tell us more about the threats of cybersecurity that persist for organizations. What do these threats look like?
Per incident cost, organizations are rethinking how they spend their dollars. We’ve seen companies increase the security aspect of their IT budgets from about 10% in 2020 [1] to 15–40% in 2021 [2] because they are realizing the importance of mitigating these security risks.
Threats take an average of 287 [3] days for companies to detect and contain and ransomware attacks don’t always happen right away. Often, companies are compromised by nation-state actors who will spend those 287 days in your network evaluating it, researching it, understanding what your production and test servers are and who the key players are in the organization. Then, they proceed to launch a ransomware attack against your most critical devices and systems. So, focusing on threat detection technologies to identify the threat beforehand while it’s still dormant, is a critical part of ransomware mitigation.
Attacks can come from everywhere. Some threats come from phishing email scams, while others disrupt the network. One of the main causes of ransomware attacks is misconfigured systems. The threat can be complex and multi-directional, which is why we teach customers this concept of what we call zero-trust and defense in depth. Zero-trust is the idea that you verify the identity of every user and device that wants to connect to your network. Defense in depth is the idea that you can’t just put up a firewall and call it a day — you must have the multi-layers depth of security solutions to truly protect your organization.
What are the steps partners can take to prevent security breaches?
- First, partners have to train their own sales teams on how to speak the language of security. It’s critical to introduce them to the various areas of security, such as endpoint security, identity and access management and cloud security. All of these offerings are important to consider, which is why we built our digital security practice builder program to specifically walk through sales training with our partner communities and teach them this language.
- Another thing that partners can do is offer security-managed services. We’ve noticed it’s simple for a partner to become a reseller of security technologies, such as a firewall or an endpoint security solution, but what customers are looking for is a business outcome economy. To accomplish this, we train our partners on how to sell a full solution. Plus, we teach them how to be Managed Security Service Providers (MSSPs) and offer services like Security Operation Centers (SoC) that act as a 24-hour pane of glass to survey security events for the environment.
- As a third point, we can examine strategic vendor partnerships. There are over 2,500 security vendors in the market now, and it can be confusing for our partner community to figure out. Which vendor do I work with? What area of security is ideal to invest in? Deciding which vendors to partner with is exceedingly difficult, and we have a team of people that help our partners walk through that rationalization so that they can choose the right vendors offering the optimal endpoint security for their needs.
- Lastly, I’d mention to partners to consider what you will do if your customer is compromised with a ransomware attack. We see this happen every day. So, if their customer calls in a panic saying they’ve been hacked, now how is the partner planning to respond? Well, they need to think about an incident response service. And if they don’t have it themselves, TD SYNNEX has multiple providers that we leverage. Partners call us and can sometimes require help within 6 to 12 hours. We can have them connected with the contract with an Incident Response (IR) provider equipped to assist with digital forensics and all the recovery steps.
Let’s talk security trends. Within the next 3–5 years, how do you see the cybersecurity landscape evolving?
Ransomware is going to continue to evolve. I’ve mentioned that we’re starting to see cybercriminals modify your data. They don’t encrypt it or steal it — they change it, which presents several issues.
Cybersecurity skill shortages present a widespread problem today, which is why TD SYNNEX has launched programs such as our Passage Program™ that focuses on training people with cybersecurity skills and placing them in our channel community so that they can help their customers.
Malware automation is going to continue to become more sophisticated, as hackers are now using artificial intelligence engines to write phishing emails. An AI engine can sound more human than an individual who wrote a phishing email a couple of years ago. Previously, you could detect a phishing email because the messages appeared broken with grammar errors. Well, now you will find it very difficult to spot the real from the fake — which means more phishing attacks.
Attacks on remote workers will persist. We experienced this trend during the past year, but as it becomes the norm, hackers have figured out that home networks are much less secure than corporate networks, so compromising an executive working at home is an easier target. Thinking about how we advance remote worker security is critical.
Could you walk us through all the benefits partners will experience when leveraging TD SYNNEX’s suite of security solutions?
When we examine ransomware mitigation solutions specifically, we think about it in terms of what we want to provide that
- Prevents the attack
- Detects an attack in progress
- Mitigates the attack.
With those three steps, it comes down to what products and services do we need to have in each of those categories to offer an effective solution. One of the ways we approach this is through our StreamOne™ Ion Enterprise cloud marketplace by offering Click to Run™ solutions. These are pre-configured cloud-based offerings that combine two or more vendor products along with services and some customization, delivered via an automated deployment.
For security, we have launched a Ransomware Mitigation solution that incorporates an endpoint security offering, backup/recovery solution and a SIEM (Security Incident and Event Management) offering. The SIEM is the single pane of glass view where we can identify a security threat across the servers, storage, networking, applications and endpoints. The Ransomware Mitigation solution leverages a customized version of Microsoft Sentinel for the SIEM which includes custom policies and configurations out of the box.
In addition to the products, we’re coupling services with support where we can help you deploy the offering and even manage it in some cases. Our services are a part of intellectual property (IP), which supports the technology. Along with the innovative technology that goes behind each of these solutions, we’re also offering materials and collateral to help the partner be effective in selling these solutions.
Do you have any additional thoughts you’d like to share with us?
We’re starting to see more regulation around cybersecurity in the US. In Europe, they launched the General Data Protection Regulation (GDPR) and some cybersecurity and data privacy-related controls. This will apply within the next year or two in the Americas as well. So, with that in mind, partners need to begin ramping up security efforts.
Pay attention to the regulation and invest now as a partner in cybersecurity because as the regulation hits, customers will need to have offerings to stay competitive and ahead of the evolving security landscape. TD SYNNEX is committed to releasing new and upgraded solutions over time that partners can sell to their customers in need of enhanced security offerings.
To learn more about our catalog of Click to Run™ offerings, please visit the Solutions Factory. Also, be sure to check the StreamOne™ Ion Enterprise Platform to explore our security-based solutions.
Sources:
[1] Deloitte Insights: Reshaping the Cybersecurity Landscape
[2] SC Media: Security Spending will Top 40% in Most 2021 IT Budgets
[3] IBM Report: Cost of a Data Breach Hits a Record High During Pandemic