Five things all MSPs should be asking themselves as threat actors target the channel
As Exclusive Networks becomes the latest casualty in a series of cyberattacks on channel firms, CRN asks cybersecurity specialists what the sector should be doing to prevent themselves becoming targets
Exclusive Networks has joined the ranks of high-profile cybersecurity firms that have found themselves the targets of a cyber breach.
The Paris-headquartered cybersecurity distie reported on New Year's Eve that a cyber breach affected its systems in the UK, US, France, Singapore and UAE, emphasising that no customer or partner data is known to have been affected by the breach.
It is the third such attack on a security firm in the past month, with FireEye and SolarWinds Orion also reporting breaches recently.
We spoke with cybersecurity specialists on what MSPs and distributors should be doing to mitigate their chances of being targeted.
‘It's going to happen to everybody at some point'
Distology CEO Hayley Roberts said that due to the evolving nature of security, being targeted by hackers is an inevitability.
"It's going to happen to everybody at some point. [The Exclusive Networks attack] is awful and it's compounded by the fact that we've had two recent large attacks in the channel," she said.
"It's a shock because you think that the larger the company, the more robust they are in terms of security and it just goes to show that even the most robust security firms - and those that develop software themselves - are still vulnerable.
"Because the landscape of security changes so much and so quickly, there's always going to be the need for additional measures for every single breach because hackers don't take a day off."
Roberts added that companies - even those that specialise in cybersecurity - can lose sight of their weaknesses and that in order to prevent further large-scale breaches, the industry must work together and share knowledge with each other.
"IT security is like an umbrella in the rain; some company security policies are a bit like standing outside in the rain with an umbrella, and some companies say ‘Well, I'm dry now so I'll take my umbrella down' and it's still raining and they get soaked," she explained.
"We're always going to have to be on our toes and it's a bit of an eye-opener that even security businesses are just as vulnerable. So we need to pull together to share knowledge and collaborate on how best to protect ourselves."
When did you last audit your cybersecurity protocols?
Jason Holloway, MD of MSP Bridgeway Security Solutions, advised channel companies to get into the habit of auditing their cybersecurity protocols, even when budgets are tight or sales targets are pressing.
"It's always sensible to run security audits before an incident," he stated.
"Unfortunately, it's often the case that many of the best practices are left for another day - In the interests of chasing new customers or cutting costs. We're all balancing the risk versus the appropriate mitigation against the risk, and that risk management balance always leaves something exposed somewhere."
He added that companies should focus not on perfect protection but "pragmatic" protection, which includes how to appropriately respond to the attack and its aftermath.
"We all hope that we can identify and stop attacks prior to them succeeding, but we have to recognise that it is impossible to protect against all attacks all of the time, so we need to concentrate not so much on how to achieve perfect protection, but how to achieve pragmatic protection," he elaborated.
"Then - and this is the part that most organisations forget about or do badly - we need to focus on how we remediate against attacks; how we speed up the detection of an attack and how we speed up the reaction to it to limit and minimise the damage.
"If we can do that properly, then we can severely reduce the impact of any vulnerabilities being exploited in this way."
Have you addressed hybrid working weaknesses?
The shift to remote working due to the COVID-19 pandemic has resulted in many employees turning to unsecured private networks, therefore making companies a bit more vulnerable to attacks, said DataSolutions MD Michael O'Hara.
These security weaknesses have provided cybercriminals with "alternatives" in how to access a company's data, he added.
"What it has highlighted to me is that companies and businesses out there need to understand where their potential weaknesses are in their new hybrid environment," he said.
"You need to understand your network: where you're exposed, your needs, and to find out where potential weaknesses and areas of attacks are. If you don't know that there's a hole in certain areas, then you're not going to be able to fix it."
Be honest
Companies who've found themselves casualties of a cyberattack should be honest and transparent in their communication with stakeholders and customers, according to Distology's Roberts.
"These things won't go away and so we need to prepare for how we communicate breaches better because mistakes will happen - we're human," she stated.
"Rather than cover things up, have a better communication policy around it. We've got to hold our hands up at times and say, ‘We are vulnerable, just as you are, but here's what we're going to do from now on'.
"A massive amount of humility needs to come into play here. Rather than pointing the finger and laughing at your competitor who has just been hacked, why not work to better yourself and learn their lessons, and maybe extend a hand of support and say, ‘What's happened to you is awful, but we can learn together and collaborate to make our products more robust."
Are you being transparent?
Companies that do hold their hands up and are transparent about being hacked should be embraced by their peers and customers, because it brings awareness to the industry and allows others to learn from the situation, said Bridgeway's Holloway.
"Organisations that have suffered an attack will naturally be shunned by their customers, but potentially suppliers as well," he mused.
"However, it is a little bit unfair, because we're singling out just those that have been open and honest in this process. We should embrace them and welcome this disclosure because it makes us all more aware and better prepared for the attacks that are taking place.
"We also need to understand and accept the supply chain is vital for not only ourselves as channel partners, but also for the customers that we serve and we cannot do that properly unless we ensure our own internal security matches - if not exceeds - those of the organisations that we serve and protect."