Security vendor points finger at peers for ransomware rise

Carvir CEO says MSPs are challenged by ransomware growth, security skills shortage

Security vendor Carvir has pointed the finger at its peers, saying the market has failed to do a good job in protecting channel partners and their clients from ransomware.

According to Symantec's Internet Security Threat Report: Ransomware 2017, there were 361, 000 ransomware infections in 2015 and 470,000 in 2016. Malwarebytes' 2017 State of Malware Report says ransomware distribution grew 267 percent from January 2016 to November 2016.

Jay Ryerse, CEO at managed endpoint detection and response company Carvir, which says it sells its offerings 100 per cent through the channel, puts this growth on vendors.

"Year over year [ransomware infections were] supposed to have gone down, but the vendors out there have not done a good job as far as keeping their MSPs safe and their clients protected," he said. "They haven't kept up with the growth of ransomware, and this year we've seen all the name brand attacks - the WannaCry, Petya, Crysis and other types of attacks - that have occurred. They're not going down; they're going in the wrong direction."

Ryerse says there is opportunity for MSPs to help secure SMB customers with "enterprise-class tools" that these customers wouldn't otherwise be able to access.

He noted that some of technologies Carvir offers came from the enterprise space, and Carvir is able to offer that enterprise-grade technology down to SMBs through its approximately 500 MSP and IT service provider channel partners.

If SMBs are keeping an eye on the news, they're aware that they need the same level of protection as enterprise-sized firms and are counting on their channel partners to enable that, according to Ryerse, who use to own an MSP company.

"We ask our partners on a regular basis, ‘If one of your clients is breached, who are they going to blame?' Of course, they point the finger back at the MSP, so we've got to have tools, systems and processes in place to help the MSPs provide a higher level security, and sometimes that means enterprise-class tools," Ryerse said.

While ransomware is a scary adversary facing MSPs' security businesses, Ryerse believes the biggest challenge for MSPs today is finding security talent.

"Cyber security as a whole has a negative unemployment rate, and there are more jobs than there are people to fill them. Based on that, it's very difficult for a services provider to hire that staff, let alone keep them, because the pay scale is going up and the demand for them is so high that anybody in the space can pretty much go out and write their own ticket in the world today," he said.

"The impact is that with the number of cyber threats increasing, [MSPs] don't have much of a solution… to be able to defend against them because they can't hire the staff and bring all the talent they need to truly secure their customers."