zephyr_p - stock.adobe.com

Channel can be peacekeepers in the ransomware war

There is a lot of anger around ransomware, but there is also a lot of opportunity for those with the ability to help users keep criminals at bay, as Nick Booth finds out

In a study by managed security service provider Talion, 78% of consumers and 79% of IT professionals responded that they believe paying the ransom to get your business back should be illegal. That’s easy for them to say – they might not be so pedantic if they had to get their business back before it dies.

Meanwhile, 43% of the young people in the same study group called for a physical or nuclear attack on the perpetrators. Who knew there were so many keyboard warriors out there?

The study was commissioned to support a new cyber security movement called #RansomAware, led by Talion and backed by the Research Institute for Sociotechnical Cyber Security (RISCS).

Before we launch into nuclear war, the channel has a peacekeeping role by adopting the preventative programmes offered by the likes of Vade, Sumo Logic, Beyond Identity and Fortnet, which are all looking for UK partners.

There’s still room for military metaphors in your presentations. Many of the best people in security were trained in the armed services – where brevity, simplicity and clarity are vital attributes. Making yourself easily understood is a vital component of working in a team. Using jargon as a smokescreen to cover your deficiencies is just selfish.  

Britain’s businesses would be a lot more secure if the IT industry stopped confusing everyone. Phishers and other cyber con artists have capitalised on the opportunities causes by IT. Their target’s defences are often wound down by the IT department with their indecipherable instructions. Criminals then drive a metaphorical coach and horses through the security gateways and deliver the coup de grace – a massive punch into the database, removing the company’s brain with ease.

Iain Chidgey, Sumo Logic’s vice-president for Europe, Middle East and Africa (EMEA), doesn’t blame the end users for being confused.

“Many of the old ways of doing things and all the comfortable metaphors that described security are out of date,” says Chidgey.

Security used to be a problem that you could solve with a group of people in a room looking at monitors. But the situation has gone from hundreds of attacks per day to hundreds of thousands. You have to automate while making the process easier around matters such as consolidation and automation. You need the right people giving you the right advice at the right time.

Phishing emails slip by because people are busy at the wrong time. Many companies mistakenly use technology to create extra work for everyone. Phishing attackers seems to know human nature better than the layer of meddle management that exists in many companies, and this creates an opening for attacks based on social engineering techniques.

The biggest problem today is how complex everything is, says Chidgey. Companies have cloud, on-premise software and third-party tools in place, and all those pieces connect together.

The clarity of a unified view has gone. Instead of a “single pane of glass”, many managers are plagued by multiple pains in the aaS (as a service).

“Data is like a sumo wrestler,” adds Chidgey. “It’s hard to move around if you take the wrong approach. But get the right approach around data in place, and you can be just as strong as a sumo.”

Meanwhile, Vade added a user awareness tool, called Threat Coach, to their existing product. Threat Coach is a much more fun way of getting the user’s attention.

Instead of asking people to read a load of turgid prose about enterprises, it asks the punters to play a game which investigates how many employees will fall for a con trick. A much more powerful sales technique – quick, powerful, entertaining and straight to be point. Everyone from the boardroom to the post room understands it.

Vade then uses algorithms to deal all these deadly blows against the invaders who breach the defences of the company.

Having signed up to secure Microsoft 365, it has launched a channel in the UK to sell its anti-phishing services. “We sell purely through the channel,” says chief revenue officer Maya Gershon, adding that the sales strategy is completely through channel partners, and the portfolio of engagement runs from high touch through to low touch and no touch.

Vade is training partners to conduct small deals, without any human contact, through “no touch” engagements, then it starts training them to climb up the value ladder.

Meanwhile, confidence tricksters are moving up the value chain even quicker. Gershon says one estate agent was befriended and then followed for six months before a big sting was carried out. Imagine having that much skill and patience – how many IT salesman can match that sort of dedication? Is this why the criminals are winning?

A closer look at identity management

Beyond Identity is from California and was founded by Silicon Valley veterans Jim Clark and Tom Jermoluk. Their strategy is to issue a cease and desist order on passwords, which they intend to replace with “a solution based on asymmetric cryptography and X.509 certificates”. That doesn’t sound too clear, but the channel structure is simple.

The EMEA sales push is 100% channel centric, with Beyond Identity actively looking to identify and partner with distributors, managed security service providers (MSSPs), value-added resellers (VARs) and advisory organisations. The simplest explanation of its solution is that it stops cyber attacks, protects critical data and satisfies compliance.

Identity management is like karate – few have the time or the inclination to learn this complicated art, and grand masters rarely get the chance to use it. US-based JumpCloud creates a sort of Krav Maga of IT self defence – its moves are designed to be quick and easy to adopt.

Only enterprises can afford specialists, so small and medium-sized enterprises (SMEs) need a trusted adviser on identity management who can convey what it means and explain how they can get this job done, according to Chase Doelling, director of strategic and technical alliances at JumpCloud.

Since the pandemic made everyone work from home, the virtual private network (VPN) is not enough. It’s like a digital door frame that’s too small to let everyone in, says Doelling. JumpCloud provides the door service and establishes everyone’s credentials – that’s the simple explanation.

“Con artists use cues and context to guide their approach, while we use them to defend ourselves. So when people lose an established pattern of defence, like not physically seeing each other, you need to rely on different cues for context,” says Doelling.

Helping customers to understand how to use context more effectively can quickly increase trust and help people make competent decisions. For example, if your staff are not based in China, for example, then why accept an IP connection from there?

“The biggest challenge is how to make something as crucial as identity simple for any business to understand,” says Doelling. “Then give people inside that company the right practices to put in place.”

Meanwhile, the criminals are racing ahead.

“The battle against ransomware isn’t against teen malware,” says Gunter Ollmann, chief security officer at Devo Technology. “We are now facing a global ecosystem of tens of thousands of suppliers, distributors, enforcers and money launderers run by organised crime cartels and nation states.”

Talion’s RansomAware coalition has persuaded 16 founding members – ranging in size from BAE Systems, through KnowBe4, to consultant IT Security Guru – to start communicating. Criminals collaborate successfully, so should the security industry, adds Talion CEO Mike Brown.

Read more on Data Protection Services