Symantec’s latest Internet Security Report makes for grim reading with attacks in 2014 increasing in speed and precision, thwarting companies’ defences and extorting end users – but Symantec says the challenge of protecting businesses also provides significant opportunities for the channel.
Mark Shaw, Symantec technology strategist, says the report shows that 2013 – the year of the mega breach – was not an anomaly, with attacks continuing to increase and verticals like healthcare, retail and finance all proving lucrative targets.
“But it wasn’t just those guys,” Shaw says. “There was a wide range of industries being attacked.”
Last year was a record-setting year for zero-day vulnerabilities, as attackers succeeded with speed and precision.
Shaw says attackers were moving faster and being more creative. They were also perfecting digital extortion, and using social networks to reach more people, with less effort.
For New Zealand, the news on the digital extortion front was particularly bad, with New Zealand the fourth most targeted country in Asia Pacific for ransomware – beating out many more populated countries.
Software trojanizing – where attackers identified software being used by a company, and the vendor, attacked the vendor and got software updates that were then infected with malicious code before being reloaded onto the vendor’s site – also increased.
“So we had companies which were doing the right thing, getting their software updates and installing it across the network, but were inadvertently installing malicious software,” Shaw says.
And it wasn’t just large organisations targeted. Shaw says small and medium businesses are a popular target, whether for financial gain, to gain IP or as a stepping stone into larger organisations.
“With attacks moving faster and being more creative, the channel can potentially play an important part,”
Shaw says a multilayered approach to security is required, with robust security in various parts of the network now key.
“But while your customers may be doing that, their systems may not be allowing those pieces [of security] to communicate and work together,” he says.
Shaw says targeted attacks, if persistent enough, will succeed, and it’s not a case of if a customer will be attacked, but merely when.
“Attacks leave indication of compromise,” Shaw says.
“You can have all the technology you want but if it’s not working together the speed you can detect and respond drops and you’re at increased risk.
While an intrusion prevention system may deal with a threat, it’s also necessary to have visibility of the end points to ensure they are all clean.
“There’s an opportunity for resellers to help organisations with all of that. That could take the form of additional technology or managed services.
Shaw says the channel also has an opportunity in providing specialist incident responders to work with companies that have been compromised.
“The speed of a response is often impacted by the quality of people.
“There is the ability to engage vendors on a retainer to bring in specialist incident responders and you will see that from the channel as well, enabling customers to be able to hire and retain skilled security resources such as forensic level analysts.”
A third key opportunity for the reseller channel is in offering education for customers’ employees, Shaw says.
“Education is probably the most important thing the channel can do to help their customers, perhaps by running workshops for a customer’s employees.”
The channel can help plug the gaps in technology, but it’s the service based angles that offer the most benefit, Shaw adds.
“The growth in targeted attacks means it’s a growing concern for customers. And that represents an opportunity for the channel.”