channelinsider.com
Home > RSS Feeds > Security
  • The latest Dell Security Annual Threat Report makes for disturbing reading because not only are the number of vulnerabilities and instances of malware on the rise, but also that malware is starting to be delivered via encrypted connections that IT security defenses can't pick up on. Most of the attacks rely on the same basic set of exploit kits, but the targets are changing. "Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," said Patrick Sweeney, executive director, Dell Security. "Hacks and attacks continue to occur, not because companies aren't taking security measures, but because they aren't taking the right ones." The report confirms that digital hackers have identified point-of-sale (POS) and other types of systems as targets worth compromising. For solution providers across the channel, this means that the scope of the IT services they need to provide is expanding at a time when hackers are becoming more sophisticated in how they deliver malware payloads. That may not be what solution providers want to hear, but as the saying goes, to be forewarned is to be forearmed.

  • Physician, encrypt thyself. Guest author Doug Truitt, Kalleo Technologies CEO, offers his take on how MSPs can safeguard medical firms from costly data breaches.

  • RSA is looking to help its channel partners make the transition to becoming managed security services providers.

  • If channel companies want to tap growth opportunities in security services, they will need to make changes, which may include retraining staff, revamping their sales structure, becoming more proactive and becoming experts on all facets of a security technology they are addressing, according to a new study from CompTIA. Sixty-three percent of the nearly 300 U.S.-based IT channel companies surveyed expect their revenue from security services to grow over the next 12 months. However, some IT channel companies will need to up their game in security, according to the study. There is strong potential for channel companies to expand into areas such as compliance management, risk management, cloud security, identity and access management, mobile security, and security information and event management, which "could all easily become components in a new security baseline," said Seth Robinson, senior director, technology analysis, CompTIA. This is in addition to foundational security offerings such as network security, business continuity, email security and data protection, which many of them already offer. Here's why IT channel firms should re-evaluate their portfolios.

  • Organizations may not exactly be in love with the Payment Card Industry Data Security Standard (PCI DSS), but they are increasingly complying with it with help from solution providers across the channel. The 2015 PCI Compliance Report from Verizon finds that although more companies than ever are attaining PCI DSS compliance, few of them can maintain it since the overall IT environment remains fairly dynamic. "Compliance at a point in time isn't sufficient to protect valuable data and their reputations; organizations must make being proficient at maintaining security controls in a dynamic environment a strategic imperative," the reports explained. "Being able to say that you were compliant three months ago will be of little solace when dealing with the aftermath of a breach." Most of the data being stolen is accessed with credentials that have either been stolen or are easily cracked. Also, much of the stolen data is unencrypted, showing that companies still have work to do to move toward compliance.

  • In distributed denial-of-service (DDoS) attacks, an IT infrastructure, Website or network becomes overwhelmed with requests, making it impossible to deliver services properly. The majority of 129 service providers surveyed by DDoS protection provider Black Lotus have experienced such attacks, with a large percentage reporting "customer churn" as a result. The study shows a disparity between how threatened providers feel about potential DDoS attacks and how prepared they are to mitigate an attack. While the report shows that 92 percent of service providers have some form of DDoS protection in place, it's often not enough to stop an attack before the damage is done. Plus, there seems to be a disconnect between what customers and their service providers believe are their responsibilities during a DDoS attack. Nearly half the service providers said they are solely responsible for the viability of their infrastructures during an attack, but they also believe the direct impact of the DDoS attacks are the customer's responsibility. The bottom line is that DDoS attacks can result in significant revenue losses.

  • While demand for mobile applications is growing at astronomical rates, so too are the security vulnerabilities that affect those apps. Although most companies consider the risks to be significant, just a small percentage of mobile application development budgets is being allocated to securing those apps, according to a survey of 640 IT professionals conducted by the Ponemon Institute on behalf of IBM. Worse yet, only 29 percent of those polled said they have the resources they need to address the issue, and only 14 percent gave high ratings to their capabilities in this area. "For a variety of reasons, companies find it difficult to improve the security of their mobile applications," the study stated. The report recommends frequent testing of mobile apps, ensuring the "rush to release" does not have a negative impact on coding practices, conducting training and education programs for development teams, increasing budgets for mobile app security, and implementing policies and procedures to control employees' risky behavior. For solution providers across the channel, testing and securing mobile applications represents a major opportunity.

  • Kaspersky Lab North America's new program is aimed at enabling partners to achieve up to 50 percent margins and receive additional incentives.

  • Using technology from Centrify, AVG aims to provide partners with a way to control company data on employees' mobile devices and cloud apps.

  • As the IT industry continues to face growing security issues, amid announcements of security breaches at major retailers and banks in the past year, virtually all IT decision makers at financial services and retail organizations believe their organizations are vulnerable to insider threats, according to an online survey conducted by Harris Poll for Vormetric's 2015 Insider Threat Report. The study, based on a poll of 408 U.S. IT decision makers primarily at retail and financial companies, found that the biggest threats come from a variety of insider channels, including privileged users and the supply chain, such as contractors and service providers. In addition, disruptive technologies, such as the cloud and big data, are creating new risks to organizations with additional administrative roles. These findings show that organizations need to develop and prioritize their IT security strategies to protect their data and reduce their vulnerabilities. They also should make encryption with access controls the default, monitor and analyze data-access patterns, and replace point solutions with data security platforms, according to the report. Here are key takeaways from the report.

  • NEWS BRIEFS: In addition to ABI's managed security services study, this week's briefs cover Arrow's acquisition of immixGroup, Tech Data's new division, and more.