With the media spotlight shining on a bruising Equifax breach, and Yahoo continuing to count the costs of a three billion user hack, security concerns are surfacing.
Closer to home, customers are also on edge, following the data exposure of more than 550,000 donors through the Australian Red Cross, and 50,000 government workers through the Department of Finance, the Australian Electoral Commission and National Disability Insurance Agency.
The repercussions of such breaches are combining to create panic, with businesses now under pressure and threatened, passing such pressures onto partners.
In operating as first responders on the front line, the onus is now on the channel to adopt a services-focused approach, designed to combat cloud concerns while complementing back- up strategies.
“The short answer is yes, partners are now viewed as chiefly responsible for having this under control,” Counterparts Technology managing director Matt Wynn-Jones acknowledged. “We’re seeing a significant change around board- level policy, and are spending more of our time advising directors.
“If boards take our advice and implement the correct procedures and solutions, then we should ensure a positive outcome.”
As the first line of defence, managed service providers (MSPs) are operating in a volatile market, a market succumbing to frequent and ferocious attacks as malware such as WannaCry and Petya attempt to penetrate protection layers.
With distance no longer a viable defence strategy, partners are padlocking customer doors shut, in a bid stay ahead of advanced threats.
“Ransomware continues to be a huge problem for businesses in Australia,” Cavalry director Barry Silic said. “But we’re seeing a drop in successful attacks and that’s because of the changes we’ve implemented during the past six months.
“It’s crucial for customers to have an effective policy around ransomware to protect environments, and we’ve changed our approach to reflect this.”
As a result, organisations are now adopting new cyber security and privacy safeguards to manage threats, while achieving competitive advantages in the process.
“The number of attacks is obviously going up as the potential increases but the number of successful attacks is going down,” Harbour IT COO Josh Watts added. “This is largely because customers are managed well from a managed services perspective, with patching and security procedures updated.
“In that sense, the recent WannaCry attack was a good advert for MSPs in Australia because it told a good story around the holes in older software and the need for customers to continually refresh technologies.”
Consequently, for attacks to break through customer walls today, hackers must now overcome strong end-user patching and training, bolstered by back-up and disaster recovery solutions.
“Ransomware from a cyber criminal perspective is big business,” Seccom Global director Michael Demery said. “WannaCry happened because of old ransomware and the fact that businesses weren’t properly patched or protected.
“Education is still key because cyber security remains a new concept for most businesses, and they require guidance from partners. We must have robust security practices in place, alongside strong back-up and disaster recovery capabilities.”
While increased market awareness appears to be driving the adoption of increased end-user spending in the context of security, back-up and disaster recovery, the channel remains challenged to ensure such an approach doesn’t become a tick and flick exercise.
“Attacks are on the increase but they are not getting through as much,” HAL Group technical services director Peet Jordaan observed. “The media attention post-WannaCry has helped partners in terms of end-user education, which has served to be beneficial for MSPs across Australia.”
Despite seemingly encouraging news for the channel, the overriding security message for customers and partners alike remains centred on “room for improvement”, as the industry continues to battle ongoing data breaches.
“Market awareness exists in terms of protection,” Trend Micro managing director of enterprise and government A/NZ Indi Siriniwasa added. “We continue to provide training models and better ways to educate both our partners and end-users.
“We believe our role is to work with our partners to understand their landscape and the landscape of their customers. Our competition is not other security vendors in the channel, rather the cyber crime industry.
“It has never been more important for organisations to make cyber security a key priority, and protect the interests of their customers against cyber security attacks.
“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”
Information vs. Reputation
With customers threatened by an ever-changing cyber security landscape, there are a few truths about what leaders want.
Businesses must balance risk, resiliency, usability and price, while requiring enough visibility and control over crucial aspects of the organisation.
But if defences are dropped and a breach does occur, what is the worst- case scenario?
“The risk has shifted from information to reputation in terms of damage,” Wynn-Jones advised. “It’s now about brand protection and managing risk. Our customers have 15 to 15,000 staff, but it’s the same problem.”
Aligning to Wynn-Jones’ view of the local market, The Missing Link senior security sales executive Zoaib Nafar recognised that for businesses today, brand reputation is mission-critical.
“We have customers come to us after they have been attacked asking us to help,” Nafar added. “Unfortunately, technology providers can do very little other than pay the ransom or use back-ups.
“Success in the market comes down to strong security hygiene, with vendors especially advocating the usage of strong control on endpoint and education of users.”