We Dared to Ask: Is Ransomware Good for Business?
Doctors likely wouldn't say disease is good for business, and the same applies to ransomware.
![Ransomware Ransomware](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta7195305f98722a6/65242930f0a176a609b19a6c/ransomware1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Getty Images
Proofpoint’s Joe Sykora said ransomware and other threats are never going to stop. Ransomware attacks continue increasing year over year, with 2021 seeing a huge increase over 2020.
“Does it help drive business?” he said. “I think most people in the cyber industry, if you look at our results, stock prices, how we’re doing, everything else, I would say that it does help as far as that. But I don’t think that’s necessarily anything that we want. I think none of us want that. We’re here to help the good guys from the bad guys. We continue to do a lot of collaborationamong each other. We do integrations, and so we try to help with that. You combine that with our MSP partners and other partners out there … a lot of them, that’s why they’re doing services. If it’s an SMB play, there are 100,000 MSPs out there right now.
“When I talk to them, they’re all doing well. Everyone seems to be doing well. So it does drive some behavior. But I don’t think anyone’s going to say it’s a good thing. The reality is it will continue to grow and it will always be there because the weakest link of all of it is the people. No matter what systems we develop or put in place, it still comes down to education and the people are going to be the weakest link. So education is key.”
NTT Application Security‘s Matt Lantinga said the industry is built on trying to help companies avoid getting hit with ransomware.
“Like medical doctors, if there was no disease, there’s no illness, you wouldn’t need doctors and it wouldn’t be very good for their business,” he said. “But I’m sure they would all say they would much rather have the world be free of all that, and we’ll find something else to do. So I think, of course it’s good for business, but if you could wave a magic wand and make it all disappear, we’ll find something else to do. There’s other businesses out there, but as long as that’s there, we’re all in the business of helping customers and companies to limit the damage.”
Malwarebytes‘ Brian Thomas said many cybersecurity providers have a non-commercial component to help combat ransomware and other threats.
“This is how Malwarebytes got on the map, is incident response and best-in-class remediation,” he said. “This is the free version of a product that protects every one. That being two words, every one of us. And I think that’s a component of our companies that really isn’t in the news as often as it should be. But I think it should.”
Fortinet’s Jon Bove said the cybersecurity skills gap and how to address it needs to to be talked about more.
“How do we go get the younger generation that has any sort of interest in gaming, and computers and coding, interested and enabled, and pointed in a direction in which they want to go get any certifications in order to go be that next up, because the unemployment rate of cyber is only going to continue to increase as the sprawl of the internet continues to grow,” he said. “So I think that’s the biggest threat and the biggest opportunity for our partners and for us as manufacturers in terms of what we can do. But we’ve got to figure out how to skill up individuals. And it can’t be the generation that it is today. I think it’s got to be the ones that are going to be the next K-12.”
Trellix’s Kristi Houssiere concurred that the industry needs to do more to draw young people to cybersecurity. It’s also important to foster more diversity in cybersecurity.
“The other thing is, if you look at nation-states, they use their military to train people, and it’s obligatory,” she said. “You go into the military in other countries and they teach them that while they’re in the military. We don’t really have that. If they choose to do it, they can. And I think we need to lean into security. Security is everywhere. You could be in the IT arena, but security is not a second. It’s not, ‘I do networking and these guys do security.’ Security has to bleed through everywhere in technology. And it’s not a separate entity, a separate industry.
“We need to start infiltrating in every technology conversation and then it will be adopted more because people say, ‘Oh, those are the incident responders’ or ‘those are the application security guys.’ … If you guys have kids or teenagers, they know what the security is in their phones. They are aware of reputation; they’re aware of security. So let’s lean into it and talk about that more often.”
Proofpoint‘s Joe Sykora said the skills gap is only going to get worse and “we really need to do our part in the community to help with that.”
“We do things, we do hackathons and things like that where we teach kids here’s what’s really going on out there, and what to do and what not to do,” he said. “So yeah, the skills gap is real. If we in the industry can’t find salespeople to sell it, you know there’s a big gap because there’s an even bigger gap of the people who actually have to do the work on threat intelligence.”
Proofpoint‘s Joe Sykora said the skills gap is only going to get worse and “we really need to do our part in the community to help with that.”
“We do things, we do hackathons and things like that where we teach kids here’s what’s really going on out there, and what to do and what not to do,” he said. “So yeah, the skills gap is real. If we in the industry can’t find salespeople to sell it, you know there’s a big gap because there’s an even bigger gap of the people who actually have to do the work on threat intelligence.”
Is ransomware good for business? And what aren’t we talking about that we should be talking about in cybersecurity?
With ransomware attacks continuing to escalate, cybersecurity providers have their hands full. And that translates to increased sales and revenue. But would anyone dare admit ransomware is good for business?
In addition, the cybersecurity industry is a noisy place. But amid the chatter, what’s not being addressed enough?
Our cybersecurity roundtable at the 2022 Channel Partners Conference and Expo addressed these questions in the fifth in our series of articles highlighting various topics addressed by the roundtable.
The first was on partner stress from the M&A frenzy, and the second was on threats and issues beyond ransomware. The third discussed unprecedented times for cybersecurity channel partners and the fourth posed the question of to pay or not to pay when hit with ransomware.
Panelists included:
Scott Barlow, Sophos‘ vice president of global MSP and cloud alliances.
Jon Bove, Fortinet’s vice president of channel sales.
Justin Crotty, Netenrich‘s senior vice president of channels.
Kristi Houssiere, Trellix‘s senior director of global channel strategy and operations.
Matt Lantinga, NTT Application Security‘s vice president of sales and global strategic accounts.
Joe Sykora, Proofpoint’s senior vice president of worldwide channels and partner sales.
Brian Thomas, Malwarebytes’ vice president of worldwide MSP and channel programs.
See our slideshow above for more from the roundtable on these questions.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like