Arming the first responders - How partners can service a ransomware hit market

Partners urged to combine back-up and disaster recovery solutions to build out security expertise in 2018

With the media spotlight shining on a bruising Equifax breach, and Yahoo continuing to count the costs of a three billion user hack, security concerns are surfacing.

Closer to home, customers are also on edge, following the data exposure of more than 550,000 donors through the Australian Red Cross, and 50,000 government workers through the Department of Finance, the Australian Electoral Commission and National Disability Insurance Agency.

The repercussions of such breaches are combining to create panic, with businesses now under pressure and threatened, passing such pressures onto partners.

In operating as first responders on the front line, the onus is now on the channel to adopt a services-focused approach, designed to combat cloud concerns while complementing back- up strategies.

“The short answer is yes, partners are now viewed as chiefly responsible for having this under control,” Counterparts Technology managing director Matt Wynn-Jones acknowledged. “We’re seeing a significant change around board- level policy, and are spending more of our time advising directors.

“If boards take our advice and implement the correct procedures and solutions, then we should ensure a positive outcome.”

Security threats

As the first line of defence, managed service providers (MSPs) are operating in a volatile market, a market succumbing to frequent and ferocious attacks as malware such as WannaCry and Petya attempt to penetrate protection layers.

With distance no longer a viable defence strategy, partners are padlocking customer doors shut, in a bid stay ahead of advanced threats.

“Ransomware continues to be a huge problem for businesses in Australia,” Cavalry director Barry Silic said. “But we’re seeing a drop in successful attacks and that’s because of the changes we’ve implemented during the past six months.

“It’s crucial for customers to have an effective policy around ransomware to protect environments, and we’ve changed our approach to reflect this.”

Barry Silic (The Cavalry)
Barry Silic (The Cavalry)

As a result, organisations are now adopting new cyber security and privacy safeguards to manage threats, while achieving competitive advantages in the process.

“The number of attacks is obviously going up as the potential increases but the number of successful attacks is going down,” Harbour IT COO Josh Watts added. “This is largely because customers are managed well from a managed services perspective, with patching and security procedures updated.

“In that sense, the recent WannaCry attack was a good advert for MSPs in Australia because it told a good story around the holes in older software and the need for customers to continually refresh technologies.”

Consequently, for attacks to break through customer walls today, hackers must now overcome strong end-user patching and training, bolstered by back-up and disaster recovery solutions.

“Ransomware from a cyber criminal perspective is big business,” Seccom Global director Michael Demery said. “WannaCry happened because of old ransomware and the fact that businesses weren’t properly patched or protected.

“Education is still key because cyber security remains a new concept for most businesses, and they require guidance from partners. We must have robust security practices in place, alongside strong back-up and disaster recovery capabilities.”

While increased market awareness appears to be driving the adoption of increased end-user spending in the context of security, back-up and disaster recovery, the channel remains challenged to ensure such an approach doesn’t become a tick and flick exercise.

“Attacks are on the increase but they are not getting through as much,” HAL Group technical services director Peet Jordaan observed. “The media attention post-WannaCry has helped partners in terms of end-user education, which has served to be beneficial for MSPs across Australia.”

Despite seemingly encouraging news for the channel, the overriding security message for customers and partners alike remains centred on “room for improvement”, as the industry continues to battle ongoing data breaches.

“Market awareness exists in terms of protection,” Trend Micro managing director of enterprise and government A/NZ Indi Siriniwasa added. “We continue to provide training models and better ways to educate both our partners and end-users.

Indi Siriniwasa (Trend Micro)
Indi Siriniwasa (Trend Micro)

“We believe our role is to work with our partners to understand their landscape and the landscape of their customers. Our competition is not other security vendors in the channel, rather the cyber crime industry.

“It has never been more important for organisations to make cyber security a key priority, and protect the interests of their customers against cyber security attacks.

“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”

Information vs. Reputation

With customers threatened by an ever-changing cyber security landscape, there are a few truths about what leaders want.

Businesses must balance risk, resiliency, usability and price, while requiring enough visibility and control over crucial aspects of the organisation.

But if defences are dropped and a breach does occur, what is the worst- case scenario?

“The risk has shifted from information to reputation in terms of damage,” Wynn-Jones advised. “It’s now about brand protection and managing risk. Our customers have 15 to 15,000 staff, but it’s the same problem.”

Aligning to Wynn-Jones’ view of the local market, The Missing Link senior security sales executive Zoaib Nafar recognised that for businesses today, brand reputation is mission-critical.

“We have customers come to us after they have been attacked asking us to help,” Nafar added. “Unfortunately, technology providers can do very little other than pay the ransom or use back-ups.

“Success in the market comes down to strong security hygiene, with vendors especially advocating the usage of strong control on endpoint and education of users.”

Page Break

Security, or a distinct lack of, continues to break the world’s most iconic organisations - think Target, Sony or Home Depot - creating sensationalism and media headlines in the process.

“Each business is different but they are also the same,” StorageCraft vice president of worldwide sales Marvin Blough observed. “The data is different and that is especially applicable for small and medium sized businesses [SMBs] because the owners just want to run the company and not worry about IT.

“There’s different risk profiles on different sets of data because if a small business can’t invoice a customer, they are pretty much out of business.”

As explained by Blough, different approaches apply to different data sets, with the SMB sector housing decision-makers more focused on creating revenue streams than protecting company assets.

“But if there is a breach, how much will this business pay to retrieve the data?” Blough asked. “Reputation is key because if a business is attacked and cannot service its customer then that is most damaging.

“Likewise, most channel partners work on reputation and referrals, therefore if they got breached, what would that mean to their customers?”

With the consequence of an attack potentially more damaging at the lower end of the market, SMBs are struggling to shake off such a big hit to the bottom line, and it appears, on occasions, that they are starting to get the message.

“We’re experiencing more mandates being placed on our customers because having the technology in place is no longer enough anymore,” Lanrex managing director Jodie Korber added. “It’s not enough to have an anti-virus in place, you now need policies and an entire framework wrapped around the technology.

“It’s no longer a technology conversation, it’s a business outcome conversation.”

Echoing Blough’s observations, Korber acknowledged that servicing the SMB market is challenging for MSPs, due to the sector’s laissez-faire approach to security on occasions.

Jodie Korber (Lanrex)
Jodie Korber (Lanrex)

“SMBs don’t think these rules apply to them but there’s no loopholes or exceptions,” Korber cautioned. “Enterprise mandates are applicable for SMBs, the risk is still there but just in different places.

“We still have the same challenges around explaining the benefits of a strong security play. There’s a minimum standard in place with back-up, disaster recovery and security which is a no brainer. But then moving into data protection is changing the conversation.”

With company size no longer a contributing factor, sophisticated threats are placing pressures on organisations across the industry to proactively invest in security.

“Attackers don’t discriminate depending on scale or size,” Brennan IT sales manager Wayne Simmonds added. “There’s a thriving SMB and mid-market sector in Australia which supports our enterprise customers.

“We’re playing in that market now and they are potentially the back door into the enterprise. Security is no longer the problem of just IT, it’s with the board and the business owners.”

Security strategies

Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on products and services.

However, improving security is not just about spending on new technologies, with organisations improving posture significantly by combining offerings.

“Security is now a natural part of the conversation,” StorageCraft head of sales Asia Pacific Marina Brook said. “There’s an approach for businesses to consider around ensuring they have up-to-date back-up and disaster recovery solutions, replication and protection of data in the cloud.

“Having that as part of your overall security strategy and talking about these different recovery options is happening every day for our partners and customers.”

According to Brook, every partner will embark on different disaster recovery and back-up conversations because each customer has different objectives.

Marina Brook (StorageCraft)
Marina Brook (StorageCraft)

“But our successful partners are the ones bringing these solutions into the security conversation, because vendors in the market are now providing the tools to do so,” Brook added.

“MSPs are grabbing onto those tools and delivering a solution, while providing knowledge about what the customer needs.”

When talking to the end-user, Brook said partners must adopt a “holistic approach” to understand requirements and leverage the different technology partners working alongside them.

“In terms of services, the channel must understand how to deliver it, commercialise it and add value to it,” Brook added. “It’s a bigger picture mentality and that’s achieved by becoming a trusted advisor.

“As a vendor, we add value through placing time and resources into making our partners successful, whether that be through easier certification and on-boarding processes, or through deal protection, referrals and support.”

For Ethan Group, account director Nick Stranks said security spans the provider’s entire technology portfolio, impacting every pillar of the business.

“While the ramifications of a breach in terms of commercial consequences remains strong, they are no different to the many other issues that businesses deal with every day,” Stranks added. “From our perspective, we’re now focusing on how we employ the right people to have the right conversation.

“Can my account manager recognise an opportunity? Can we educate our people before we educate the customer?”

Today, security is still somewhat smoke and mirrors in the eyes of the customer, creating the potential for greater profit margins for MSPs.

“It’s hard for customers because there is a lot of noise in the market,” Nexus IT managing director Sean Murphy added. “One of the challenges in the mid-market is getting customers to come to the table and pay attention.

Page Break

“The challenge is going through IT and into management, if you have a management conversation and the penny drops in their head, then you can see progress.”

Security services

From a customer purchasing standpoint, security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services.

“Consultative channel partners are going after the market,” Blough added. “The conversation is no longer about technology but the business objectives.

“When partners adopt this approach, they find themselves having different conversations across the entire business, moving from just doing back-up to becoming more valuable to the customer.”

Driven by the rapid growth of digital transformation, services will represent the largest area of security-related spending until 2020, led by three of the five largest technology categories: managed security services, integration services and consulting services.

Together, and according to IDC research, companies will spend nearly US$31.2 billion, more than 38 per cent of the worldwide total, on these three categories in 2017.

Marvin Blough (StorageCraft)
Marvin Blough (StorageCraft)

“We have shifted our engagement to approach the customer from a commercial rather than technical perspective,” Simmonds added. “We have a very technical sales force and we’re rebalancing that slightly to recruit more strategic sellers.

“They serve to build end-user relationships and provide high-level and roadmap type engagements.”

Collectively, the channel is embracing a more consultative sell, favouring advice and guidance over speeds, feeds and transactional deals.

“We need customers to trust us to provide a service,” Watts said. “Yes, as an MSP we tick off the technology element, but are we trustworthy?

“Consultancy is key because the best sales teams are under no illusions about their knowledge of the product, but they will always pick up the phone when a customer calls.”

But as the industry advances towards managed services, armed with counsel and authority, customers are changing the game, demanding more for less in the name of value.

“It’s the nature of what we do, customers expect a lot for their money,” TechSpecialist CEO Dushern Pather said. “Are we doing more? Absolutely we are but it’s about sharing value and showing value at a boardroom level.

“At the higher end of the market, it’s crucial for partners to demonstrate that they are doing a good job to the customer. It’s about conveying that value.”

In short, partners today must provide more value-add than just a cheque at the end of the month.

“It’s part and parcel of the job,” Simmonds added. “Customers inherently will always want more from a partner but it’s about how you monetise and deliver value from the investments you put into the deal.”

Through managed services, Silic accepted that customers can go further with the dollar than ever before, especially across SMB and mid-market sectors.

Wayne Simmonds (Brennan IT)
Wayne Simmonds (Brennan IT)

“Customers look to us and it’s our responsibility,” Silic said. “But when we make recommendations and customers choose not to take them, we won’t cover them through our managed services agreement.

“This approach is driving engagement because it’s about covering yourself as a partner, just as much as the customer.”

Vendor enablement

Keeping pace with new technologies, cyber attacks and customer demands can be challenging for the channel, with the speed of the market showing no signs of slowing down.

Central to future success is enablement, and how vendors can better engage with partners to provide long-term value through the supply chain.

“Vendor certifications can be a little onerous,” Pather said. “You have to have an engineer out of the field for a week and when you’re charging X by the dollar, it could end up being a $10,000 exercise.

“It’s free from the vendor but it’s not free for the partner and this is an area that can perhaps be delivered online so we can still bill.”

Such challenges around staffing and availability of expertise has created a desire for MSPs to consolidate technology offerings, decreasing the security stack in favour of a tailored approach to market.

“Most of the technology stack is easily interchangeable and the customer wouldn’t even be aware of the change,” Korber said. “If we’re talking about a consultative sell, the whole conversation therefore has nothing to do with the product.”

From a vendor standpoint, Blough said certifications exist to allow partners to specialise in technologies, creating differentiation in a market crammed with competition.

“Partners want to standout from thousands of other partners in the market,” Blough said. “So, let’s put in place a certification program which allows you to become an expert in a particular field of technology.

“But certifications shouldn’t cost partners, it should be the opposite.”

Going forward, vendors must provide structured channel enablement plans, designed to suit all levels of performance, while recognising the resource constraints placed on providers today.

“There’s a balance to be had,” Trend Micro small business sales leader A/NZ Brian Milankovic added. “If we’re working on an opportunity together, as a vendor we want to work with partners and help them succeed but to what extent are we pushing our boundaries?

“Our view of the perfect partnership is that we need to work with one another, respect both parties and communicate. If something goes wrong we need to know because we can fix it, we can be the trusted advisor of the partner.”

This roundtable was sponsored by StorageCraft and Trend Micro. Photos by Christine Wong.