The Gately Report: Arctic Wolf Partners Getting New Channel Program Benefits This Summer
Microsoft is tracking a phishing campaign targeting tax preparers.
Shutterstock
Channel Futures: Is there a message for partners in the Arctic Wolf threat report?
Will Briggs: It’s the first time that we have ever done a report like this, and we’re super excited about it. Overall, there are a lot of knowledge nuggets or big rocks and industry trends that we are seeing in the space. Most notably, I think what we saw in 2021 and 2022 was the fact that we had some geopolitical stuff going on with Russia and Ukraine. We actually saw ransomware decrease, but now most recently, especially at the start of this year, it has picked back up. One other thing in there, too, is just the whole idea of BEC. With ransomware cases decreasing over the past year, many are wondering what comes after ransomware. And based on the research, we believe that BEC accounts for 29% of our incident response cases that we’re seeing throughout the country. So I think this is just directionally stuff that our partner community, now north of 1,000 partners globally, can use when they’re having protect and detect conversations with their prospects and customers.
CF: Arctic Wolf recently unveiled Incident Response (IR) Jumpstart Retainer, advancing its IR offerings. How are partners benefiting from that?
WB: This allows our partners to partner with Arctic Wolf and help build an IR plan with their end users and customers. It provides a service-level agreement (SLA). There’s a small sit-down with the IR team, and then it has a low-cost retainer and a pre-negotiated rate that allows them to pretty much go to the top of the line if there actually is an incident. For a lot of our partners out there, they are just starting to grow their cybersecurity practice and starting to dip their toes into IR, working with best-in-class vendors. So this allows them to get in on that together with us, and help harden and secure their customers.
Alternatively, a lot of our partners do have a robust cybersecurity program and have partnered with other IR partners in the past. The feedback that we hear from the partner community is sometimes these are high cost, high dollar. So there’s a bunch of the market that is not willing to sign up for that. And they’ve seen larger organizations sometimes hard to navigate and work with. So we’re super excited about the opportunity to bring this to market with our partners.
The last piece I would say is what goes along with IR plans is the overarching cyber insurance conversation. Rates are going up. Coverage is dropping. And a lot of our customers and prospects, and a lot of our partners’ prospects and customers require cyber insurance, whether you need to have an IR plan intact, 24/7 monitoring, 90 days of log aggregation, this, that or the other thing. This actually elevates our partner community to start having those cyber insurance conversations and leads to different decision makers within the organization.
CF: Arctic Wolf was included in Deloitte’s Technology Fast 500 for the fourth consecutive year. What’s driving Arctic Wolf’s growth and what role are partners playing in that growth?
WB: We continue to be a leader in the cybersecurity space and we want to be the security operations platform to go to. We continue to grow in multiple different models, whether that be through our different GTMs by acquiring different organizations that are new GTM offerings, or tuck-ins to help increase our platform efficiency, or provide increased benefits to our customers and partners. And then just obviously different channels as well. In our partner community, many of them have grown with us through the years, starting with one module in our security operations platform being managed detection and response (MDR), growing to managed risk (MR), our third module — managed security awareness, and now with the acquisition of Tetra Defense, which is now Arctic Wolf IR, to [have a] benefit in these IR practices and GTM. This is all increasing opportunity for demand with our partners, with new modules and new demand streams. It also helps with our growth and net retention for our partners being able to land with one model module, whether that be MDR, and grow into MR or manage security awareness. So it’s been great to see our partners this past year with some of the economic headwinds, us continuing to partner together and hold hands together, and get through these. And ultimately, what I’ve seen from our partner community and here at Arctic Wolf is that we are facing a little bit of adversity with these headwinds, but we’re powering through them. And that’s what we saw with our partners at the end of last year. And they’re super excited to kick off their new year this year.
CF: Is Arctic Wolf being impacted by current economic uncertainty? Also, how can Arctic Wolf help partners who are being impacted by economic uncertainty?
WB: If you read any of the big newspapers or the big industry insights and all that stuff, cybersecurity continues to be top of mind for customers and prospects. What we’re seeing a little bit of is customers and prospects being a little bit more careful where the dollars are spent, trying to be more efficient and maybe a little bit about consolidation. They’re still leaning into [having] a hardened security posture and a hardened cybersecurity practice. And that has benefited Arctic Wolf, as well as our partner community.
CF: Is cybersecurity recession-proof? If budgets are tight, it’s not like organizations are going to cut back on security, right?
WB: It continues to be a top priority. Just look at our personal lives. I’m making sure my mom has turned on MFA on every one of her apps, from her banking account to Target, to everything like that because it can happen to any of us, consumers, and business to business. I would have never told my mom two months or three months ago to turn on MFA. And now it’s one of the easiest things you can do to help protect.
CF: What sort of feedback are you receiving from partners and is that shaping the upcoming new partner program benefits?
WB: Our overall feedback from our partner community has been really good. We run two net-promoter scores a year with our partner community, one every six months, and the scores are always top-of-the-line industry standard. And so knock on wood, we’re doing everything right right now, and the partners are liking the program and liking the partnership. We just need to make sure that it keeps going in that direction. And really that’s some of the stuff that we work on here in the second half of FY 2023, making sure that we continue to have benefits and a program that helps our partners and us grow together in partnership.
CF: What do you find most dangerous about the current threat landscape?
WB: I think BEC is still what I would consider the most dangerous. Just the fact that the bad actors that obtain these records and how they leverage them in many different ways, I would consider that still what is top of mind here.
CF: What can Arctic Wolf partners expect in the months ahead and what are your goals for FY 2024 with partners?
WB: So these are the high-level goals. I want to continue to win with our partners. I want to win with the Arctic Wolf team and I want our Arctic Wolf team to win with our partners. Obviously, as we go into FY 2024, we will continue to evolve to the leader in security operations platform and cloud. And with that, we probably expect new features and functions, potentially new products, potentially acquisitions. And these are all things that we provide back to our customers and to our partners so they can continue to provide to their customers to harden their cybersecurity strategy and make sure their customers are protected.
In other cybersecurity news …
With the April 18 tax-filing deadline fast approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos remote access trojan (RAT) and compromise target networks.
Remcos, which stands for remote control and surveillance, is a closed-source tool that allows threat actors to gain administrator privileges on Windows systems remotely. In 2021, the Cybersecurity and Infrastructure Security Agency (CISA) listed Remcos among its top malware strains, citing its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.
While social engineering lures like this one are common around Tax Day and other big topic current events, these campaigns are specific and targeted in a way that is uncommon. The targets for this threat are exclusively organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax. This campaign can be detected in Microsoft Defender Antivirus, built into Windows and on by default, as well as Microsoft 365 Defender.
The campaign uses lures masquerading as tax documentation sent by a client, while the link in the email uses a legitimate click-tracking service to evade detection. The target is then redirected to a legitimate file-hosting site, where the actor has uploaded Windows shortcut files.
These shortcut files generate web requests to actor-controlled domains and/or IP addresses to download malicious files. These malicious files then perform actions on the target device and download the Remcos payload, providing the actor potential access to the target device and network.
James McQuiggan, security awareness advocate at KnowBe4, said tax season presents an excellent chance for cybercriminals to exploit unsuspecting tax professionals and taxpayers.
“It is crucial to stay vigilant and take necessary precautions to protect against these attacks,” he said. “Users and organizations can reduce the risk of a data breach by being skeptical and cautious with emails, keeping software and systems up to date, and avoiding public Wi-Fi networks when accessing sensitive information. With all emails and determining if the email is a potential phishing attempt, users will want to check for several items to verify the authenticity. These steps work towards developing new habits with email, and while they may not want to, it reduces the loss of data and damage to a user or organization.”
Check the sender’s authenticity by checking their email address and make sure it matches the sender’s organization or if it’s a completely random email address, McQuiggan said.
“Avoid clicking on suspicious links, which may direct you to a malicious site,” he said. “If the user needs clarification, there are free online services where you can copy and paste the link into their tool, and they can determine if it’s malicious or not. Users can protect themselves against the tax season style of phishing emails and help prevent their personal information from falling into the hands of cybercriminals. Being cautious, with a healthy level of skepticism, and taking the necessary precautions is the best defense against these attacks.”
The Center for Cybersecurity Policy and Law, an infosec think tank, has teamed with several technology companies to launch the Hacking Policy Council. It aims to improve security research and vulnerability disclosure policy.
Founding members for the council include Bugcrowd, Google, Intel and others.
Among the council’s goals are:
Create a more favorable legal environment for vulnerability disclosure and management, bug bounties, independent repair for security, good faith security research, and pen testing.
Grow collaboration between the security, business and policymaking communities.
Prevent new legal restrictions on security research, pen testing, or vulnerability disclosure and management.
Strengthen organizations’ resilience through effective adoption of vulnerability disclosure policies and security researcher engagement.
Dave Gerry, Bugcrowd‘s CEO, said his company is committed to a business and regulatory environment that helps protect consumers, security researchers and enterprises, and increases the likelihood that vulnerabilities will be identified and remediated before malicious actors have the opportunity to exploit them.
“Bugcrowd, along with our fellow council members, have been advocating for stronger security practices and we’re excited to be a founding member of the council,” he said. “We believe that promoting best practices in these areas will help protect consumers, enterprises and society by increasing the likelihood that vulnerabilities will be mitigated before malicious actors exploit them. By leveraging the collective creativity of the hacker community, organizations can bridge the gap between the need for better security practices and their lack of in-house talent.”
Unaddressed vulnerabilities put an organization’s security at risk, and in turn, the personal data of millions of users annually, Gerry said.
“It’s my hope that this council can help bring clarity on vulnerability disclosure to set security standards that currently encourage beneficial cybersecurity activities,” he said.
Darktrace is disputing a claim by the LockBit ransomware group that it targeted the company in a ransomware attack.
According to SecurityWeek, LockBit’s leak website appeared to suggest the group had targeted Darktrace. The post suggested data was stolen from Darktrace and that the cybercriminals were asking for a $1 million ransom.
Mike Beck, Darktrace’s CISO, said the company completed a thorough security investigation following tweets by LockBit claiming they had compromised Darktrace’s internal systems.
“We can confirm that there has been no compromise of our systems or any of our affiliate systems,” he said. “Our service to our customers remains uninterrupted and is operating as normal, and no further action is required.”
Darktrace became aware of tweets from LockBit claiming that they had compromised Darktrace’s internal security systems and had accessed its data, beck said.
“Our security teams have run a full review of our internal systems and can see no evidence of compromise,” he said. “None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.”
New ExtraHop research shows 83% of organizations hit by ransomware admitted to paying the ransom at least once.
The research, which compares IT leaders’ cybersecurity practices with the reality of the attack landscape, found organizations experienced a significant increase in ransomware, from an average of four attacks over five years in 2021 to four attacks over the course of one year in 2022.
As organizations increasingly find themselves under attack, the data discovered they are “drowning in cybersecurity debt,” according to ExtraHop. That includes unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT and insecure network protocols that act as access points for bad actors.
Key findings from the report include:
More than three-fourths of IT decision makers said outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents their organizations have experienced. However, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organizations at risk.
Ninety-eight percent of respondents are running one or more insecure network protocols, a 6% increase from 2021. Despite calls from leading technology vendors to retire Server Message Block version 1, which played a significant role in the explosion of WannaCry and NotPetya, 77% are still running it in their environments.
When it comes to unmanaged devices, 53% said some of their critical devices are capable of being remotely accessed and controlled. And another 47% said their critical devices are exposed to the public internet.
With a heightened focus on their cloud environments, 72% of respondents said they were completely or mostly confident in the security of their organization’s cloud workloads.
Mark Bowling, ExtraHop‘s chief risk, security and information security officer, said as organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable.
“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt,” he said. “The liabilities and, ultimately, financial damages that result from this deprioritization compound cybersecurity debt and open organizations up to even more risk. Greater visibility into the network with a network detection and response (NDR) solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”
New ExtraHop research shows 83% of organizations hit by ransomware admitted to paying the ransom at least once.
The research, which compares IT leaders’ cybersecurity practices with the reality of the attack landscape, found organizations experienced a significant increase in ransomware, from an average of four attacks over five years in 2021 to four attacks over the course of one year in 2022.
As organizations increasingly find themselves under attack, the data discovered they are “drowning in cybersecurity debt,” according to ExtraHop. That includes unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT and insecure network protocols that act as access points for bad actors.
Key findings from the report include:
More than three-fourths of IT decision makers said outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents their organizations have experienced. However, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organizations at risk.
Ninety-eight percent of respondents are running one or more insecure network protocols, a 6% increase from 2021. Despite calls from leading technology vendors to retire Server Message Block version 1, which played a significant role in the explosion of WannaCry and NotPetya, 77% are still running it in their environments.
When it comes to unmanaged devices, 53% said some of their critical devices are capable of being remotely accessed and controlled. And another 47% said their critical devices are exposed to the public internet.
With a heightened focus on their cloud environments, 72% of respondents said they were completely or mostly confident in the security of their organization’s cloud workloads.
Mark Bowling, ExtraHop‘s chief risk, security and information security officer, said as organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable.
“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt,” he said. “The liabilities and, ultimately, financial damages that result from this deprioritization compound cybersecurity debt and open organizations up to even more risk. Greater visibility into the network with a network detection and response (NDR) solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”
Arctic Wolf partners will get new channel program benefits this summer to create more customer demand.
That’s according to Will Briggs, Arctic Wolf’s senior vice president of global channels. Arctic Wolf serves more than 3,000 customers that range from large enterprises to SMBs. It works with more than 1,100 channel partners worldwide.
“We will have new partner program benefits in fiscal year 2024, which starts May 1,” Briggs said. “I can’t talk about those yet. But I want to have, the Arctic Wolf channel team wants to have, and the Arctic Wolf organization wants to have the best partner program in the world. And I think we’ve done a pretty good job at that today.
Arctic Wolf’s Will Briggs
“There will be a few new launches going into fiscal year 2024 (starting May 1) from a go-to-market (GTM) perspective that ultimately will help our partners create more demand and for us to help grow together,” he added. “… We have a few internal meetings during those first couple of weeks, and then our big partner week is the second week of June — and it has our partner webinar. That’s our kickoff to fiscal year 2024 with out partner community.”
Arctic Wolf Threat Labs Report
Arctic Wolf partners might want to look at the recently released annual Arctic Wolf Labs Threat Report. It highlights the heavy toll of business email compromise (BEC), a decline in ransomware cases and other trends in Arctic Wolf’s incident response (IR) cases.
The report reveals a year of turbulence within the threat actor community as Russia’s invasion of Ukraine disrupted the operations of top ransomware groups. It also shows a lack of multifactor authentication (MFA) drove BEC attacks. In addition, the long tail of Log4Shell and ProxyShell continues to be exploited en masse more than a year after their initial disclosure.
Scroll through our slideshow above for more news for Arctic Wolf partners. It also includes cybersecurity highlights from the past week you might have missed.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like