Roundtable: Channel security combating cyber crime

In a channel security focused round table, Amanda Adams, Senior Director – European Alliances at CrowdStrike, Antony Byford, Managing Director, Westcon UK & Ireland and Anton Shelepchuk , NAKIVO’s VP of Sales delve into the underworld of cyber crime and what the channel needs to consider to stay safe.

Here’s what Amanda Adams, Senior Director – European Alliances at CrowdStrike, Antony Byford, Managing Director, Westcon UK & Ireland and Anton Shelepchuk , NAKIVO had to say:

Please can you explain a bit more about the company and the products and services it offers?
Amanda Adams CrowdStrike: CrowdStrike is a cybersecurity company protecting customers from all cyber threats by leveraging its security cloud to stop breaches. The CrowdStrike Falcon platform offers enterprise security for the cloud era. Its single lightweight-agent architecture leverages AI and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network.

Antony Byford, Westcon: Westcon is a value-added distributor providing specialty resellers with end-to-end technology solutions for business network and application infrastructure. Our security, compliance, data center, unified communications and cloud solutions are backed by a complete range of professional support, operational and marketing services. We recently signed an agreement to distribute the CrowdStrike Falcon platform to the European market.

Anton Shelepchuk , NAKIVO: NAKIVO is a private company that was founded back in 2012. The name of our product is NAKIVO Backup & Replication. NAKIVO Backup & Replication is a backup and recovery solution for SMBs and large enterprises. We help businesses back up their data. The solution facilitates operation recoveries for accidental data deletions or data loss related to ransomware and other malicious activities. In addition, we offer a built-in Site Recovery functionality for disaster recovery automation. MSPs can also use our solution to offer backup as a service and disaster recovery as a service to their clients.

What is the current state of the security industry in your opinion?
Amanda Adams CrowdStrike: Threats and incidents vary in complexity and potential impact, so the one-size-fits-all approach pushed by many traditional, legacy vendors, is impractical and impossible. Organisations big and small need a range of response capabilities. CrowdStrike believes that a combination of automation and analyst-driven intervention provides the flexibility organisations need for incident response. The industry has been slow to take advantage of the cloud and AI, and signature-dependent defences are simply too cumbersome, destroying the ability of employees to work quickly.

Antony Byford, Westcon: From a partner channel perspective and in the UK specifically, Westcon has seen strong growth in security technology sales across the board, particularly Zero Trust remote access, identity and threat prevention. Yet there has also been a considerable number of established communications and networking Value-Add Resellers (VARs) that have chosen to pivot and enhance their client offerings with cloud-first security technologies.

 Anton Shelepchuk , NAKIVO: I think that it’s facing additional challenges with the surge in malicious activity. Some are launched by state actors, others are more difficult to trace. However, what’s clear is that both the security and the backup industry have to adapt quickly and help businesses find innovative solutions. Just in the past few months, we’ve seen the SolarWinds hack, the Microsoft Exchange Server hack – both allegedly by state actors – and the recent Office 365 malicious account deletion by a disgruntled employee. For our part, we’re working on ensuring that backup targets can be made immutable to avoid data modification and overwriting and adding other security features.

What are the key challenges or threats affecting the channel?
Amanda Adams CrowdStrike: Zero day attacks play havoc with traditional cybersecurity defences, and on-premise solutions make the administration of security piecemeal, opening cracks in the armour where adversaries slip in. Organisations want to remove the overheads, the administration, the performance degradation they have felt for years from legacy technologies. They simply want to stop breaches. The trouble is that adversaries from eCriminal gangs and states are able to take advantage of a sophisticated set of tactics, techniques, and procedures designed to evade traditional defences.

Antony Byford, Westcon: The pandemic has had profound effects on enterprise, with remote working rolled out across multiple industries, increased adoption of cloud resources and applications, and a shift to greater workplace flexibility. These changes have brought a variety of security challenges, and organisations that implement a Zero Trust Access approach will be much more resilient to threats and crises in the pandemic and beyond.

Anton Shelepchuk , NAKIVO: I would focus on ransomware attacks and cloud vulnerabilities. One of the pressing challenges is the skyrocketing cloud technologies adoption and taking stock that cloud data is not immune to loss by default. Often businesses mistakenly think that having data in the cloud automatically protects them from data loss vulnerabilities. Going back to the disgruntled employee deleting over 1,200 accounts of the company’s 1,500 Microsoft 365 user accounts. The company had to deal with financial losses and days of downtime while it scrambled to recover. So when security defences fail, backups remain the only chance to recover your data with minimal downtime. Needless to say, we have to concentrate our efforts on educating our clients about possible threats and what can be done to avoid them.

What industrial sectors are experiencing increased threat and challenges of cyber security?

Amanda Adams CrowdStrike: It really is a problem across all industries, with ransomware a pandemic poses great risk. CrowdStrike Intelligence identified the highest number of ransomware-associated data extortion operations in 2020 from the engineering sector (229 incidents), manufacturing (228 incidents), then technology and retail, both with just over 140 incidents. Healthcare and pharmaceutical targets however suffered a lot of state actor attention as countries looked to acquire COVID-19 information and vaccine IP. Any business that uses technology and accesses the Internet is at risk, and until models like Zero Trust and cloud-based endpoint protection become widely used, then organisations will continue to suffer intrusions and data loss.

Anton Shelepchuk , NAKIVO: The attackers often target organisations that have critical data for their operations and those with small cybersecurity budgets. The sectors include healthcare and educational institutions. Hospitals have sensitive information such as patient records. Other frequently targeted businesses are the accounting firms and banks. Cybercriminals are motivated by monetary gains, thus they often target organisations that have valuable data or high returns. Other targets have been government agencies, and the recent SolarWinds attack has brought into focus the dangers of using the same software across agencies and thus being exposed to the same attacks.

Are there any new threats that have emerged recently? If so what and how have these come about?
Amanda Adams CrowdStrike: An interesting twist on a profitable ransomware technique is how ‘big game hunter’ adversaries took different approaches in the release of stolen data onto data leak sites, many staggering the data release. eCriminal group TWISTED SPIDER became the most adept, spacing out releases in percentages of the dataset. VIKING SPIDER adopted this approach with some victims, as have affiliates of PINCHY SPIDER for some REvil victims. Whichever release method is chosen by the adversary, the intent is to increase pressure on the victim company to pay the ransom.

Anton Shelepchuk , NAKIVO: Yes, ransomware attacks have recently caused many issues for organisations. Hackers can initiate a ransomware attack by exploiting any vulnerability in a system; they look for imperfections in the code or security systems to insert a payload and take over a specific machine or network. In 2020-2021, there was a great number of cyberattacks around the world. And each day cyber criminals come up with more elaborate methods. Sometimes businesses are not even suspecting that they are under attack and that their valuable data is being exposed. Today attackers may use social engineering, AI botnets, supply chain attacks, 0-day attacks, DNS-tunneling, eavesdropping and SQL injections to get access to their desired target.

What advice would you give to the tech channel to help safeguard their business?
Amanda Adams CrowdStrike: Visibility and speed are critical for blocking attackers that have the capability to steal data and disrupt operations. Security teams must understand that it is their responsibility to secure their cloud environments, just as on-premise systems. They must establish consistent visibility for all environments and proactively address vulnerabilities before they can be leveraged by attackers. Multifactor authentication should be mandatory on all public-facing employee services, and a robust privilege access management process limits the damage from adversaries. Zero Trust solutions should be implemented to compartmentalise and restrict data access too.

Anton Shelepchuk , NAKIVO: I would advise getting quality anti-ransomware software with endpoint security and performing regular backups. Though, there are instances where attackers still manage to invade the system even with all security measures in place. There is never a 100% guarantee of being fully protected against a cyber threat. To ensure the safety of your data, I would recommend using a 3-2-1 approach. The method implies having two backup copies of your data in separate locations and keeping another copy offsite. That way, even if the backup becomes infected, you can still restore your files from the offsite copy. Today you can also make replicas of your VMs if you have a virtual infrastructure. This will allow you to power on your machines and keep the business operations running during and immediately after the attack.

What new threats or challenges is the consumer industry facing in regards to cyber security?
Amanda Adams CrowdStrike: Whilst other industries may see state adversaries also joining eCriminals in probing defences, consumer industries face the greatest risk from ransomware and cyber extortion. The numbers of ransomware operators, their sophistication, and their tenacity really can’t be overstated – it’s sweeping over industries as adversaries refine their techniques and target organisation after organisation in an efficient money-making operation. With data leaking as well as ransom demands, organisations face the risk of needing to pay twice to secure their data. These adversaries do their research and know how much to ask for to secure a big payday from victim organisations.

Anton Shelepchuk , NAKIVO: The newest security threats include social engineering tactics, phishing mail, DDoS attacks, cloud attacks, AI-related attacks, botnet attacks and so on. Since new threats appear daily, the major challenge for the consumer industry is to give consumers the latest technologies to prevent these attacks. Another part is promoting cybersecurity awareness and education. This means helping their customers understand how to recognise and handle a fraudulent phishing email, for example. The challenge for them is identifying emerging threats and developing the right tools quickly to help consumers avoid being victims. Take Microsoft, for example. It overhauled Advanced Threat Protection and Defender, to create Defendere for Office 365 to help customers prevent, detect and respond to threats.

How can businesses look to simplify their security infrastructure to manage all endpoints and areas that could come under attack?
Amanda Adams CrowdStrike: The cloud is key. By leaving on-premise security, businesses gain a big increase in the sophistication of their ability to stop breaches. It’s possible to remove a number of legacy services all managing different areas of security and use next generation endpoint protection that can stop all kinds of threats, fileless or hands-on-keyboard attacks and even zero day never-seen-before threats. The power of AI running at scale in the cloud means that providers can spot indicators of attack and stop anomalous behaviour dead. Legacy providers look for indicators of attack – which is too late, and relies on already having seen threats before.

Antony Byford, Westcon: The European market needs strong cyber security solutions in a time when safeguarding precious business assets is increasingly becoming a key priority for companies across all industries. Solutions like CrowdStrike’s category-defining Security Cloud provide customers with the highest level of protection while minimising performance impact. Additionally, CrowdStrike’s EDR, threat intelligence and Zero Trust security platform allow customers to significantly reinforce their detection and response offering.

Anton Shelepchuk , NAKIVO: You can implement the endpoint security method. It has been widely used over the last couple of years. The main idea here is to protect the endpoints. Endpoints are laptops, computers, mobile phones and any IoT devices. Attackers compromise endpoints to get control over the machines and networks. Endpoint security requires having a VPN, an OS and an endpoint agent. The endpoint agent is an app that can pick up suspicious activity in the browser or network and send it to the threat detection console. The endpoint security system allows the administrator to monitor endpoints, networks and control backups from a single console.

Just how sophisticated are the attacks becoming, who are these attackers?
Amanda Adams CrowdStrike: It’s incredible how sophisticated attackers are. Take the StellarParticle attack. This sophisticated supply chain attack against SolarWinds was able to move from this initial intrusion vector to deploy code by a very large number of organisations worldwide. The design of SUNSPOT suggests StellarParticle developers invested significant efforts into ensuring the tampering process worked, and added strong conditions to avoid revealing their presence. The adversary took steps to avoid common operational security mistakes in the process of registering and managing its infrastructure. This was a long-term, multi-developer, likely state-funded approach. This is the calibre of many adversaries.

Anton Shelepchuk , NAKIVO: Very sophisticated. And investigating and tracing these attacks is getting very difficult. Sometimes, these are individuals with high tech programming skills who carefully study their targets before launching an attack. In a majority of cases the reason for the attack is financial gain. Companies that have many holes in their security system are more likely to be attacked than those that follow high cybersecurity standards. But then as we’ve seen in 2020 and 2021, there are also state actors. At such a high government level, sanctioning those actors and understanding their motivations is even more complex.

What future threats should companies be aware of and how can businesses ensure they have means of protection?
Amanda Adams CrowdStrike: Two concerning threats are likely to continue to evolve and frustrate companies: ransomware and supply chain attacks. These should be top of mind for all organisations, and considerable effort should be placed on planning the processes, technology, and people skills/training to stay alert to these threats. In addition to endpoint protection, 2FA, and Zero Trust approaches, managed threat hunting can make or break the corporate defence. With white hats, hunting for threats in the business environment, anomalies can be remedied before they turn into risks.

Antony Byford, Westcon: In 2021 we will see extended detection and response (XDR) capabilities improving accuracy and productivity. Privacy will become a security discipline of its own. Network security will continue to migrate from LAN-based models to SASE. Cloud-native apps will require a full life cycle approach to protection, and more emphasis will be placed on Zero Trust Network Access.

Anton Shelepchuk , NAKIVO: Businesses should be focusing on keeping their security strategies up to date. But they should not stop there. Businesses that are successful at overcoming cybersecurity incidents usually have several things in place. An advanced security system and a powerful backup solution for when the first line of defence fails. This is all the more important given that governments seem set on sanctioning payments to hackers in return for regaining access to data. For example, the US Treasury’s October 2020 advisory on penalising payments to malicious actors to avoid incentivising future attacks.

Read the latest edition of PCR’s monthly magazine below:

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.