Joerg Habermeier - stock.adobe.c
GTIA sharing MSP threat intelligence
Organisation keen to get members engaged with its forums to share, track and expose the latest efforts by cyber criminals to underline the managed service provider community
The channel, particularly managed service providers (MSPs), continue to be a target for cyber criminals, and warnings about threats need to be shared between partners.
That is the view of Wayne Selk, head of cyber security programmes at the Global Technology Industry Association (GTIA), who met with members earlier this week at ChannelCon and talked of the importance of engaging with its Information Sharing and Analysis Organization (ISAO).
He said that members could access the ISAO for no additional fee, share information around threats and gain access to intelligence that would improve their business defences.
“We’re dealing with very sensitive information around vulnerabilities, and folks asking questions and sharing some of what they’re seeing,” said Selk, adding that different MSPs could share their experiences, “then the puzzle starts coming together and starts forming what could be a threat against the industry as a whole”.
He said MSPs remained in the crosshairs for criminals because of their position in the wider supply chain. “They – and more importantly, their clients – are targets,” said Selk.
“The challenge for the MSP is that you have the small and medium-sized enterprises or small micro organisations that don’t see themselves as a target.”
He said that as a non-profit organisation championing the channel, the GTIA recognised the need to help educate and protect partners, and has teamed up with various research agencies to furnish members with the latest threat reports.
Trustmark certification
The organisation also provides its Trustmark certification, which enables an MSP to indicate to customers their ability to follow security best practices with the GTIA working with an accredited third party to assess the partner’s capabilities.
“We’ve taken a lot of the global frameworks that exist, from NIST [the National Institute of Standards and Technology], from ISO [the International Organization for Standardization], from privacy, including GDPR [the General Data Protection Regulation], and some of the other privacy frameworks that exist, like in the States and other places, some other security type frameworks from a maturity perspective, and we’ve tailored 177 safeguards specifically for an IT service provider around the world,” said Selk.
“The goal of the Trustmark for folks that are going through is to really help them create a foundational security programme,” he said. “We help them understand policies that they need to have in place, risk management, at least the foundational level of risk management, business risk kind of stuff that they need to put in place.
“Documented procedures, standardised documented procedures, are important, involving the entire organisation from the top to the bottom, left and right, horizontally: whoever owns the business, all the way down to the newest employee, to HR, finance and sales,” said Selk. “Everybody has to be in lockstep.”
Dan Wensley, CEO of the GTIA, said that it was on a membership drive, and that the efforts it had made around security, along with other technology areas including AI, were designed to arm partners with guidance around topics that posed both a risk and opportunity to their businesses.
He said that as well as increasing the number of partners it worked with, the organisation was acutely aware it had to encourage more interaction with features, including the ISAO.
“We’ve really looked at more value for more members to increase the value to current members, as well as increase the number of members globally,” said Wensley. “Growth is a key theme, both geographically as well as the number of IT service providers and overall members around the globe. The other [theme] is to increase the utilisation of the assets and the exposure of the assets and resources that we provide.”
