Why are massive data breaches still occurring?

Cybersecurity specialists claim that some generalist VARs are failing their customers

Last year’s WannaCry attack is regarded as a pivotal moment in the cybsersecurity industry. The sheer scale of the event justified the fears security experts had been voicing for a number of years.

It also forced governments and organisations around the world to take cybersecurity attacks seriously, as they pledged to make funds available to secure infrastructures and ward off cyberthreats.

However, over a year since WannaCry made its presence known, things are, in many ways, the same.

In recent months, a slew of firms at the pinnacles of their respective industries have seen their walls breached and customer data leaked.

Last week, Butlins holiday camp revealed that it had been the victim of a data breach, as a result of a phishing email being opened by staff. Ticketmaster, Reddit and Dixons Carphone have also become prey to these attacks in recent months.

It may be concerning that such large organisations are finding themselves vulnerable to invasions, but a number of cybersecurity resellers have admitted that it is the nature of the beast when it comes to information security.

These recent data leaks are a “knock-on effect” of previous breaches and vulnerabilities in those companies’ environments, according to Stephen Love, security architect at Computacenter.

“Unfortunately, the way of the world is that no matter how good we get or how much due diligence you put in, there will always be an element of organisations being vulnerable,” he said.

“With some of the organisations that have recently been breached, their issues have been due to a simple mistake being made in an upgrade or a migration. It’s sometimes those simple things that catch us out.”

Rob Swainson, sales director at Blue Cube, agreed with this sentiment, adding that there is no “silver bullet” in protecting against these attacks.

“In the wake of the NHS breaches last year, I think [companies] took some good steps but also had some knee-jerk reactions,” he said.

“While a lot of good investment has been made in cybersecurity, the basics – patching, managing administrative users and reducing that attack footprint – still have gaps. That needs to be addressed.”

The burden placed on an organisation’s IT team cannot be understated, with security experts being forced to do more with less.

Jason Holloway, MD of Bridgeway Security, said that ever-stretched security teams are being forced to protect bigger IT estates against a growing number of threats.

He believes that errors can occur as information security teams must weave their way through a myriad of devices, operating systems and infrastructure.

“We are creating a bigger attack surface area and we are consolidating more and more data into bigger buckets, so a breach is more likely to occur, and when it does, its impact is greater,” he explained.

Budget constraints

Two of the bigger breaches made public recently involved Ticketmaster and Reddit, with the organisations’ defences being breached in two very different ways.

Ticketmaster saw a customer support product supplied by a third party infected with malware, which exported UK customers’ personal and payment data to an unknown third party.

Several employees of Reddit, a news aggregation and discussion website, witnessed their accounts be compromised, allowing access to databases of usernames and corresponding email addresses, potentially linking anonymous activity on the website to real identities.

If the security of such large organisations can be circumvented by threat actors, how can the channel assist their SMB clients who are concerned about protecting their own data?

Budgeting appears to be the biggest issue for many companies, with limited funds allocated to cybersecurity. This is a factor to which the channel should appeal, according to Swainson.

“The channel needs to be focused on offering the right advice and right solutions to specific customers,” he explained.

“There is no one size fits all, so it’s about being more consultative and addressing the risks of individual businesses rather than taking a broad-brush approach to all customers.”

As much as the channel can assist their clients in fighting off hackers, the consensus among those CRN spoke with is that it is ultimately up to the end consumer to take the responsibility of implementing the solutions offered by security resellers.

“The more we do, the better, but it’s also about businesses taking up those offers of services and solutions to get to a point that they can start protecting against these data breaches,” said Love.

Jonathan Lassman, founder of new security VAR Next Generation Security (NGS), claims that many CISOs in companies are not sufficiently convincing the board to dole out more dosh in order to reinforce security.

“This is what is not happening inside the industry – people aren’t breaking down security solutions,” he said.

Channel shortcomings

Both Lassman and Bridgeway’s Holloway believe that there is a lack of understanding in threat prevention among certain larger resellers that offer cybersecurity as an offering, but do not specialise in it.

Holloway believes it is a “challenge” for customers to know where to seek specialist advice regarding information security.

“There are quite a few who claim to be experts in this area who perhaps don’t have the credentials, skill sets or expertise to support,” he claimed, adding that such skills are in “short supply” in both the channel and among end users.

“It is hard [for the customer] to differentiate between the value provided by a knowledgeable partner compared with one who is just providing licences.”

Lassman claims that a lot of the bigger resellers are “jacks of all trades” but that they can’t be masters in security as well as their other offerings.

“All these organisations – particularly when you are seeing these massive breaches – are buying from the industry stalwart solution providers,” he said.

“They need to go to the specialists – that is where they are going to get the true value-add from the reseller. If you say you do security, only do security.”

There has to be an evolution on both the channel’s and the end users’ parts to fight off hackers, but it is a never-ending process, according to Love.

“Once we’ve fixed one problem, another one will come around and that is the unfortunate nature of it. Utopia doesn’t exist in IT. When we take a step forward, so do the hackers,” he said.

Educating end users

Several VARs believe the best way the channel can help end customers in their cybersecurity journey is through education.

Lassman believes that training personnel thoroughly is crucial for such companies to ensure their information is not being compromised by outside sources.

CRN recently reported that a number of cybersecurity training vendors have been snapped up so far this year.

“Most breaches start from a phishing attack,” he claimed. “Unless we can educate the end users in how to spot a phishing attack, someone’s always going to open it.

“Then once it’s opened that leaves a backdoor open for a hacker to come through and do what they want to do.”

Computacenter’s Love added that often the end customer doesn’t even know that their data has been breached, and if they do, they don’t know how to track the attack.

“If you have data that you are aware of in your business, you have to understand where it is and then be able to start securing that data,” he warned.

“Most organisations don’t have a clue about that in the first instance, so they’re not 100 per cent sure what data may have been lost.

“They may have seen that they’ve been breached, they may have the visibility that someone’s got in but they don’t know where [the hacker] has been in or what they’ve got up to.

“If you don’t know where someone’s been, or what they’ve been doing, then how can you ever hope to block it and stop it in the future?”

CRN, 16 August 2018