The good news is the tech space has never been hotter. Between the ever-expanding mobility market, a plethora of new business applications, the Internet of Things, and a host of other IT-driven solutions, our days are literally filled with computer-related activities. Many people and businesses can’t function without tech.
In other words, we’ve created a target rich environment for cyber criminals. They can pick and choose their victims at will with so many network-enabled and smart devices available. So, what can channel professionals do to minimize the threats and ensure these vital lifestyle and business solutions remain online?
There were plenty of answers at ChannelCon. In a session hosted by the IT Security Community, moderator Seth Robinson, Director of Technology Analysis at CompTIA, chatted with three industry experts on the expansion of IT ‒ and the threats resulting from these innovations.
Is there cause for concern? Lysa Myers, Security Researcher at ESET, suggests there is, alluding to how fast some connected devices and online services are being developed and introduced. “Companies are putting all these cool things on the market without making sure their security is locked down.”
How bad is it? In certain situations, a cyberattack could have life-threatening implications ‒ think automated vehicles and drones. “What happens if someone hacks a robot performing surgery?” asked Charles Tholen, President and CEO of Cognoscape. “When these technologies are introduced to industries that didn’t use them before, and they don’t have adequate protections in place, it could lead to major problems.”
Dated infrastructure and a long-history of cybersecurity lapses have made hospitals a frequent target of hackers. Just imagine what a bad actor could do with access to a patient’s electronic medical records and equipment that may be keeping them alive. Those are the types of worst-case scenarios that keep many lawyers and insurance company executives up at night. According to the security panelists, providers need to start following a similar mindset when vetting their clients’ security systems and processes.
The motives of hackers vary. “There are financial reasons and hacktivism, those who use ‘jerkware’ to irritate people or businesses they don’t like or whose activities they dislike,” said Myers. “With so much of the hacking being automated, it’s become somewhat random. They may launch an attack on a thousand small businesses just to find one good target. It’s all money to them.”
Some industries are more at risk than others based on the technologies they employ and the practices they follow. “While retailers are good at collecting and leveraging their data, I’m not how good they are at protecting that information,” added Tholen. Based on recent experiences, many are failing in that respect.
Panelists did note that government and industry regulations are steps in the right direction, but the oversight is often lax, penalties for failure are rarely a deterrent, and few companies seem to have a strong grasp the rules. “I have seen businesses get hit because they were not following recommendations, yet still claim to be in full compliance,” stressed Ian Thornton-Trump, Head of Security for ZoneFox. “The reality is their company is only compliant until the guys in suits show up to say when and how they failed. With security, there has to be due diligence, since some requirements are really quite vague with a lot of room for interpretation.”
“We collect too much data, copy all our old server info onto the new ones, and add to it with personal data,” added Thornton-Trump. “All that information is just risk and organizations need to get rid of as much of it as possible. Do they really need to store a customer’s birth date In healthcare, yes, but in retail?”
What does all this confusion mean for the channel? Despite the uncertainties, IT firms have an opportunity to step up. The panelists suggested several ways that providers could more effectively support their small business clients and build more viable security practices, including adding advanced testing, remediation, and end user training to their portfolios.
And don’t forget backup and disaster recovery. When things go bad, someone has to be able to get businesses back on their feet. That may be, as one audience member suggested, the ultimate channel security offering