Resellers need to be aware of the growing threat of cybercrime and how governments are responding to it, according to NSW Crime Stoppers chairman, Rob Forsyth, who has been closely following exponential growth of cybercrime across the increasingly desensitised global community.
Forsyth was speaking to select partners at the WatchGuard Elite OneVision conference in the Gold Coast.
He said today’s legislation and law enforcement seem to provide little protection or comfort and it takes time for the government to respond to new threats. And partners need to be aware of the network breaches and what’s happening at the government level in order to properly educate and sell to customers.
“To sell technology, you need to have the trust of your customers. You need to be a trusted advisor. If your customer is coming to you, treating you as a trusted advisor on security, even if it is a product you don’t have, that is a good thing. You can control their information and you can direct them and they will buy more stuff from you as a trusted advisor.”
He said partners should be using anecdotes and examples of network breaches with customers in order to educate them on the situation and be able to build the trusted advisor status.
Additionally, partners also need to be aware that law enforcement can’t help customers.
“Law enforcement is going to be post-event, after something very bad has gone wrong. Instead, the only thing that can help a customer is good security upfront, not law enforcement at the backend,” he said.
“It is evolving too fast and law enforcement and legislation is slow. But there is some interesting legislation coming up,” he said, referring to the upcoming rollout of the mandatory data breach laws.
The data breach laws are in the pipeline, Forsyth added.
“The federal government has announced they have bipartisan support to have mandatory data breach notification in Parliament this year. So if you sell in Australia there will be mandatory data breach legislation in Australia this year – something that the industry has been campaigning for a long time.”
This is good news for the industry.
“As a reseller, go back to your customer’s board and say, ‘This is a reputational risk for your company now. You need to plan for over the next seven months the government has said there is going to be mandatory breach disclosure legislation which can cost your company money if you don’t do something about it.”
Additionally, he said the newly established Australian Cybercrime Online Reporting Network (ACORN) is the best law enforcement resource to tap into. It is an online reporting network where information is forwarded to relevant police. He said it will take anonymous reports; however, it will log IP addresses to detect malicious reports.
Education is key Forsyth said the important thing for partners to do is educate customers about the dangers and network breaches.
“The Internet is still really young and law enforcement just can’t keep up. It is like a child grasping for a cactus. It is going to reach for it because it doesn’t know it is going to hurt, until the next time.”
He advised partners get a free copy of a government book entitled, ‘The Little Black Book of Scams’, which shows examples of cybercrime.
“Give your customers copies of this. It talked about all type of different scams.”
Some of the scams include dating or romance scams, Nigerian scams (advanced fee fraud), free product trial scams, Vishing (VoIP) and SMSmishing, health insurance and mortgage scams, vacation and travel scams, scholarships, online car sales, job and work from home scams, and affiliate marketing.
“These little scams have a personal impact to people and you as IT professionals in the security space have a duty of care, in my opinion, to be protecting the community from that. We’ve got good security software, WatchGuard, and many others, but it’s not being deployed correctly. Resellers have the opportunity, at the coalface, to go and get billable hours and get it deployed properly.”
Additionally, in the age of Big Data and the Internet of Things (IoT), Forsyth said the killer application will be security.
“Once again, your businesses are in exactly the right place. The tools to defend that first line of defense is going to be security so stay abreast of security. Security will be the key area of it. 2015 marks the inflection point where suddenly this new market takes off.”
Eyeing the growing threats, Forsyth said sophisticated state sponsored attacks are occurring more and more.
“They may occur at some of your customers too. How do you deal with a state sponsored attack rather than a random one? You are dealing in the bigger end of town. It is very targeted information that people will want,” he said.
“I think we should be wary of in the future of the more sophisticated attacks and these are the sorts of stories that your customers will be very interested in, and they will find more budget for security.”
Forsyth offered up some main tips to resellers and said they need to convince customers to have a plan.
“Don’t let your customer be caught on the back foot when a data breach occurs and have a plan. You as the security professional can help the customer write the plan. Doing that, you will become the trusted advisor.”
He suggested some other tips both on the people management front and with regards to IT systems.
People - Provide ongoing education for all employees including how to look for social engineering - Encourage board level support for expenditure on security - Make everyone accountable for their actions
IT systems - Don’t collect unwanted information - Introduce a security and privacy committee - Encrypt ‘trophy data.’ - Mandate password hygiene - Have a range of action plans