The Channel's Role in Preventing Ransomware Attacks
Deliver cybersecurity training that will have a long-term impact.
December 6, 2021
By David Ellis
David Ellis
Ransomware, in a broad sense, is by no means a recent phenomenon, dating back to the time of floppy disks, but the challenge organisations face today is different from the ransomware of old. Increasingly, the attacks being seen today are becoming more sophisticated and complex through increased information sharing on the dark web.
As ransomware continues to cause anxiety amongst CEOs and IT teams alike, the move to remote working has created ample opportunities for cyber criminals. All organisations have been facing significant challenges, and the channel has a role in solving these issues for their customers.
Finding System Weaknesses
Through vulnerability scans and penetration testing, issues which need to be solved can easily be identified. Nevertheless, continuous testing is important to have a complete overview of all potential issues. The regularity of these tests depends on how often the IT environment of the organisation changes. If a business’ IT environment is updated frequently, then it should test its systems on a more regular basis than one that doesn’t do frequent updates.
The majority of businesses usually choose to implement a multilayered, multivendor approach. This enables them to meet individual needs within their organisation. However, the task of evaluating the most effective solutions requires time and expertise many organisations feel they don’t have. This cannot become a self-fulfilling prophecy, where a lack of resource becomes a poor security posture. The channel must help their customers navigate which product combinations will create the best overall solution for them. With the increasing number and sophistication of attacks, the channel should be working alongside vendors and solutions aggregators. This would allow them to keep their training and market knowledge relevant.
Fostering Internal Collaboration
Once upon a time, ransomware attacks were exclusively an issue for the IT department; the businesses’ data was encrypted, and they needed to get it back. Now, as ransomware gangs target employees, customers and sell the data on the internet, a ransomware attack involves the entire business or organisation. To combat this, having a playbook in place that sets out how an organisation should respond to an attack is critical. By encouraging intraorganisational collaboration, alongside proper back-up practices, it’s possible for organisations to mitigate the severity of an attack and lower the ransom demands.
The channel has a key role to play in advising on what best practice looks like and how such a plan can be designed and executed. This collaboration can also bring channel partners closer to their customers, increasing the value of the channel.
Focus on Training
Businesses and the channel within the cybersecurity realm need to work together to raise awareness of how ransomware attacks infiltrate businesses.
The tried-and-true methods, such as using email to gain initial access into the IT systems of organisations, continue to be the most successful. This suggests that the message on cybersecurity best practice just isn’t getting through. At the same time, some ransomware gangs are adopting more complex phishing techniques. Examples include …
… using fake accounts on social networking platforms to contact and build trust with high-value targets before sharing a malicious payload.
Training needs to tackle the basics whilst also giving employees the tools to recognise more sophisticated techniques. The channel should focus on delivering training that can have a long-term impact. This isn’t a case of teaching every possible tactic a malicious actor might use, but instead giving people a framework through which they can assess potential threats and make themselves more resilient. This framework can then be added to, with regular tips and refreshers, to keep organisations as secure as possible. With ransomware attacks typically beginning with a human mistake, there’s a real need for the channel to help its customers get this right, once and for all.
Utilising the Channel to Expand Offerings
It’s vital for the channel to collaborate with its customers when working towards closing the security gap. Although, this isn’t easy, partners can support their customers even when they themselves are at different stages of their security journey.
Ransomware is a continuing issue which threatens businesses of all sizes. As such, more channel partners are needed in the cybersecurity market. Click-to-run solutions are a good option while partners continue to work and further develop their own skills and offerings. While these solutions are ready-built, they’re able to be customised to fit the requirements of each organisation. Beneficially, it’s fast to implement these solutions and can reduce the time needed to build and configure a ransomware solution to between 30 minutes and one hour. When implementing these click-to-run solutions, monetary and operating costs are reduced. This allows partners to move into the security market faster and more easily than before.
The issue of ransomware will continue, and the channel has a role in helping its customers prevent and protect themselves from these attacks if they do fall victim. Even as penalties for cybercriminals become harsher, offensive operations against ransomware groups more commonplace and regulation of cryptocurrencies more stringent, there will always be those who find a way to adapt. As a crucial part of the technology sector that supports businesses, the channel needs to keep playing its part in helping fight the scourge of ransomware alongside its customers.
David Ellis is vice president of security and mobility solutions at Tech Data Europe. He has a lengthy record of working in the cybersecurity, cloud and services value-added distribution markets, including positions at Computerlinks and Unipalm. You may follow him on LinkedIn or @TechDataEurope on Twitter.
You May Also Like