• Home
  • Reseller
  • Distributor
  • Vendor
  • Finance and M&A
  • People moves
  • Cloud
  • Technology and trends
  • Women in channel
  • Events
  • A-list
  • Top VARs
  • Printer Supplies
  • Women in Channel
  • CRN Essential
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • Please contact your account administrator for more information on your access.

  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • CRN Essential
  • Events
    • Upcoming events
      event logo
      CRN - What the channel needs to get right in lockdown 3.0 and beyond

      In this webinar we are joined by, Jenny Hicks, head of technology at Midwich, Chris Southern, general sales manager at Enterprise Solutions, Laura Mills, segment marketing manager EMEA at Barco and Lieven Bertier segment marketing director at Barco to discuss what the channel has learnt since March and how to bridge that AV and IT Divide.

      • Date: 04 Mar 2021
      event logo
      CRN DeskFlix: The MSP Lounge

      Join CRN to gain advice on the trends that will shape MSP business during the industry’s COVID recovery and beyond.

      • Date: 11 Mar 2021
      event logo
      CRN Sales & Marketing Awards 2021

      The CRN Sales & Marketing Awards recognise and reward the achievements of those individuals and teams that are responsible for making the UK IT channel truly great.

      • Date: 08 Jul 2021
      event logo
      CRN Women in Channel Awards

      Designed to recognise the female role models that will inspire the next generation of females in the Channel.

      • Date: 14 Oct 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      What are the opportunities for the channel with the growth of AI?

      Encryption, privacy, & data protection: a balancing act

      This white paper examines the risk posed by encrypted threats; considers the business, privacy, and security implications of managing that risk; and presents constructive measures for balancing security needs with employee privacy rights. In the end, the best way for IT leadership to ensure the rights of the individual employee is to protect the organization from threats and attacks.

      Download
      How do MSPs really feel the channel will shape up by 2020?

      On borrowed time?

      Cybercrime has become a huge part of our economy and it is a topic that is getting more and more attention in the news media. The cybercriminal stories making headlines involve big companies such as British Airways and Marriott etc. However, smaller companies are just as susceptible to cyber- attacks. Often these attacks are much more damaging to smaller businesses, sometimes forcing them to shut down completely. One report from Verizon claims that 43% of email attacks target SMBs.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • A-list
  • Top VARs
  • Printer Supplies
channelweb
channelweb
  • Home
  • Reseller
  • Distributor
  • Vendor
  • Finance and M&A
  • People moves
  • Cloud
  • Technology and trends
  • Women in channel
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • Please contact your account administrator for more information on your access.

  • Security

Why threat actors are targeting the channel

The recent attack on Exclusive Networks is only the latest in a series which has seen cybersecurity vendors, distributors and MSPs suffer breaches to their systems. CRN asks why the channel is seeing itself become a popular target for cybercriminals

Why threat actors are targeting the channel
  • Marian McHugh
  • Marian McHugh
  • @MarianMcHughCRN
  • 15 January 2021
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

The breach experienced by Exclusive Networks in recent weeks is just the latest in a spate of attacks that have also seen FireEye and SolarWinds suffer suspected nation-state hacks.

Channel firms have often found themselves the targets of criminals in the past, but it appears that these sorts of attacks have ramped up in the last 18 months, and the allegation of state-sponsored attacks on vendors adds another sinister element to the situation.

Related articles

  • Riverbed appoints new EMEA channel boss
  • StorageCraft and Arcserve set to merge
  • Spots up for grabs on £100m education framework
  • Tech Data acquires integration specialist Finance Technology

But why is the channel an increasingly popular target for these sorts of attacks? It's because of the profile of its customers, particularly at enterprise level, according to Dave Sobel, MSP commentator and host of the 'Business of Tech' podcast.

"It's a pretty obvious target," said Sobel.

"For example, SolarWinds was attacked because it is the dominant network management solution in enterprise and getting into network management tools is an excellent way to get into your end targets. SolarWinds has a very rich portfolio, they're in a massive number of the Fortune 500, all the major branches of the US military and lots of civilian organisations as well."

He added that the relatively recent popularity of cybersecurity firms as targets is due to the criminals now "noticing" them and the access they provide to customers' IT networks.

"Cybercrime is a really well-run business it just happens to be incredibly illegal," he said.

"We oftentimes think of it as a single person in a basement but it's not, it's a criminal enterprise and they're running it very efficiently. They're now starting to be really deliberate about making sure they attack CEO workstations or high-value targets. They're not blanketing, they're being very specific with their time and they're getting smarter each time.

"The magic of the channel has always been the way that it aggregates the ability to sell into customers. The channel is the best way to access those customers and the criminals have figured that out."

Defence

No form of cybersecurity is 100 per cent effective against attacks, but these series of attacks on vendors and a distributor will likely cause some concern among MSPs in how protected their own vendor partners are.

Sobel advised that MSPs need to start focusing less on assumed protection and more on mitigating the likelihood of an attack on themselves and their customers.

"We need to thinking differently about security; we're still thinking too much about how we can prevent this," he stated.

"Instead, we need to be thinking more along the lines of true zero trust security architectures, where our goal is to always minimise the damage, minimise the attack vectors and ensure that when it happens we're alerted faster, we've minimised the damage and were able to contain it."

These attacks on cybersecurity vendors should indicate to MSPs that they can't take it for granted that their partner's products are infallible and they should always be probing and questioning the efficiency of what they're selling.

"They need to be approaching this from the perspective of ‘trust no one'," Sobel added.

"We should be shaken to our cores that we can't necessarily trust the vendors providing the software. We have to verify that they are deserving of that trust and do that continuously - that's the value that you're expected to pass on to your customers. But you can't just trust that everything along the line is fine.

"If you just think ‘Well I'm going to just patch it' or ‘I'm going to change vendors' you're not actually solving the root problem, which is that we are too trusting in our infrastructures."

Channel companies also need to stop seeing each other as the "enemy" and work together to implement tighter processes across the industry, said Distology CEO Hayley Roberts.

"Rather than being this dog-eat-dog industry - like most industries are - why don't we work to help one another and become robust in our protection mechanisms? She asked.

"We should be working together to do good - regardless of whether it's with our competitors - because those that are looking to actually penetrate boundaries and steal data are the real enemy."

Regaining customer trust

For companies that have found themselves the victims of cyberattacks, the main priority is regaining customer confidence in their products and reputation. To paraphrase RuPaul, if you can't protect yourself, how the hell are you going to protect somebody else?

Sobel gave Johnson & Johnson as a classic example of how to regain customer confidence quickly and efficiently after being caught in several murder cases. In the early 1980s, its widely available Tylenol tablets were tampered with by an unknown person who put arsenic in several bottles throughout Chicago, killing seven people.

"Everyone was very afraid of Tylenol, so what did Johnson & Johnson do? They overcorrected," he explained.

"They removed all the Tylenol from the shelves, redid the supply chain, overinvested and overcommunicated it. They were quickly back to their place of trust and shareholder value within a short period of time because of that. I think anything other than that path is an endless sea of suffering because you will forever be trying to regain customer confidence. They are the classic example when talking about crisis management.

"If you're breached, overcorrect. You are now going to have to be incredibly transparent the entire time, overcommunicate it and go all-in on your strategy to repair your relationship with your customers."

Distology's Roberts agrees with this ‘honesty is the best policy' approach to rectifying customer relationships in the wake of an attack.

"The biggest concern is how you communicate that to your customer base and your partners," she added.

"It's all very well saying ‘We're going to deal with it' but what happens is that partners don't know where to go with that information if their end users contact them. We've got to have almost like a disaster recovery a fire drill because I think that these issues aren't going away."

It's ‘totally' going to get worse

All contributors agreed that this trend is not going to go away and will likely get worse as cybercriminals sharpen their tools and expand their arsenal.

"It's totally going to get worse because there's money to be made here," Sobel exclaimed.

"We need to be thinking differently about this problem, if you keep doing the same thing over and over and expecting different results, that's insanity. If we're going to keep doing the same things and expect to get better at this problem, we're just crazy.

"This is not a buy another product, fix it, tweak it process, we're approaching this all wrong. We're going to have to think about new ways of managing customer data, and where we are truly just minimising risk through a zero-trust architecture."

Bridgeway Security boss Jason Holloway echoed this sentiment, saying that companies trying to increase productivity feel the need to add more security systems to their infrastructure which ironically can make those infrastructures more insecure.

"We live in a world where trying to become more productive and efficient means that we're integrating more and more disparate systems, and relying more on third-party supply chain organisations to do this for us in a secure manner. Unfortunately, the more we add to the mix, the more insecure the solution becomes," he explained.

"We are fighting this eternal challenge of how to increase the productivity and competitiveness of the organisations by implementing different IT systems, yet at the same time, trying to reduce the risk that these integrations pose. Unfortunately, the long term prognosis is not good.

This is a challenge that the whole industry is trying to face up to, but unfortunately, many people still ignore that the traditional approach to information security is broken and we need to rethink how we go about fixing this for the future. Otherwise, these kinds of challenges will continue to occur and these risks that we are adding to our systems will indeed come back to haunt us."

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Cyber security
  • cybersecurity
  • MSP
  • SolarWinds
  • SolarWinds Orion
  • Exclusive Networks
  • Cyberattacks
  • Our Take
  • CRN MSP Lounge Hub

More on Security

Leeds-based Boxphish schools students on cybersecurity

Leeds-based firm to provide cybersecurity awareness training to 11-16 year olds

  • Security
  • 16 February 2021
Schools find malware on laptops given out for home schooling

Malware appears to be contacting Russian servers, claim teachers

  • Security
  • 22 January 2021
Canalys reveals its six hottest cybersecurity solutions for 2021

Analyst believes global cybersecurity spending will rocket by 10 per cent after data breaches and ransomware attacks hit all-time high

  • Security
  • 21 January 2021
Five things all MSPs should be asking themselves as threat actors target the channel

As Exclusive Networks becomes the latest casualty in a series of cyberattacks on channel firms, CRN asks cybersecurity specialists what the sector should be doing to prevent themselves becoming targets

  • Security
  • 04 January 2021
Exclusive Networks reports cyber breach across systems in five countries

French security VAD says systems in France, the UK, UAE, the US, and Singapore were affected

  • Distributor
  • 04 January 2021

More news

Riverbed appoints new EMEA channel boss
  • Vendor
Riverbed appoints new EMEA channel boss

Vendor says promotion of Brecht Seurinck to VP channel sales in Europe, Middle East and Africa is immediate

  • 24 February 2021
StorageCraft and Arcserve set to merge
  • Finance and M&A
StorageCraft and Arcserve set to merge

Vendors expect combined portfolio will bring new revenue opportunities for partners

  • 24 February 2021
Spots up for grabs on £100m education framework
  • Public Sector
Spots up for grabs on £100m education framework

Crescent Purchasing Consortium and Education Authority of Northern Ireland seeking suppliers for framework

  • 24 February 2021
Tech Data acquires integration specialist Finance Technology
  • Finance and M&A
Tech Data acquires integration specialist Finance Technology

Acquisition of Finance Technology will bolster the distributor's TaaS offering across Europe

  • 24 February 2021
blog comments powered by Disqus
Back to Top

Most read

9 distie bosses on how Boris Johnson's Brexit deal impacts their business
9 distie bosses on how Boris Johnson's Brexit deal impacts their business
Host of resellers land spots on £130m higher education framework
Host of resellers land spots on £130m higher education framework
Resellers win spots on £1bn healthcare framework
Resellers win spots on £1bn healthcare framework
Tech Data acquires integration specialist Finance Technology
Tech Data acquires integration specialist Finance Technology
'We're racing towards a cliff edge' - Ultima boss on why sustainability is now top of the agenda
'We're racing towards a cliff edge' - Ultima boss on why sustainability is now top of the agenda
  • Contact
  • Marketing solutions
  • About Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading