channelinsider.com
Home > RSS Feeds > Security
  • Quick Heal is extending its reach in North America by recruiting channel partners to sell the company's security software to small and midsize enterprises.

  • A big increase in cyber-attacks in the past few years is posing big challenges for IT security professionals. A little more than three-fourths of 387 IT security decision-makers polled said their organizations experienced a damaging breach in the past year, according to a new study, conducted by QuinStreet Enterprise, which publishes Channel Insider. The breaches can be catastrophic, with impacts ranging from a corruption of servers, intellectual property leaks and revenue loss to prolonged email system failure, loss of employee and customer information, and shrinking customer confidence. As a result, IT professionals now consider cyber-attacks one of the top three IT issues for their organizations and are taking action to prevent new attacks by allocating more of their IT budgets for security, adding new security solutions and using best security practices that will expand opportunities for security service providers. Here are key takeaways from the report that show why cyber-attack prevention should be a top concern for IT departments.

  • Many organizations are vulnerable to attack because they lack the tools to prevent and detect insider threats, according to a recent SANS Institute study, sponsored by SpectorSoft. Nearly three-fourths of the 772 IT security professionals surveyed are concerned about threats from negligent or malicious employees, but almost half don't know how much they spend on insider threats. The majority are concerned about data loss, including compromised personally identifiable information (67%), damage to reputation (54%) and revealing confidential business information (51%), yet the study finds serious gaps in protecting against these threats. A look at the top six industries in the survey, including technology/IT services, showed that it took organizations from 12 to 48 days to detect an insider breach and from less than one day to 60 days to respond. Many organizations lack the budget and staff to implement and maintain prevention/detection tools; this creates opportunities for managed security services providers to help these businesses develop, implement and maintain a security plan. Here are 10 key findings from the survey.

  • A new partnership gives Cisco's customers and partners channel access to a cloud access security broker (CASB) offering from Elastica.

  • The latest Dell Security Annual Threat Report makes for disturbing reading because not only are the number of vulnerabilities and instances of malware on the rise, but also that malware is starting to be delivered via encrypted connections that IT security defenses can't pick up on. Most of the attacks rely on the same basic set of exploit kits, but the targets are changing. "Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," said Patrick Sweeney, executive director, Dell Security. "Hacks and attacks continue to occur, not because companies aren't taking security measures, but because they aren't taking the right ones." The report confirms that digital hackers have identified point-of-sale (POS) and other types of systems as targets worth compromising. For solution providers across the channel, this means that the scope of the IT services they need to provide is expanding at a time when hackers are becoming more sophisticated in how they deliver malware payloads. That may not be what solution providers want to hear, but as the saying goes, to be forewarned is to be forearmed.

  • Physician, encrypt thyself. Guest author Doug Truitt, Kalleo Technologies CEO, offers his take on how MSPs can safeguard medical firms from costly data breaches.

  • RSA is looking to help its channel partners make the transition to becoming managed security services providers.

  • If channel companies want to tap growth opportunities in security services, they will need to make changes, which may include retraining staff, revamping their sales structure, becoming more proactive and becoming experts on all facets of a security technology they are addressing, according to a new study from CompTIA. Sixty-three percent of the nearly 300 U.S.-based IT channel companies surveyed expect their revenue from security services to grow over the next 12 months. However, some IT channel companies will need to up their game in security, according to the study. There is strong potential for channel companies to expand into areas such as compliance management, risk management, cloud security, identity and access management, mobile security, and security information and event management, which "could all easily become components in a new security baseline," said Seth Robinson, senior director, technology analysis, CompTIA. This is in addition to foundational security offerings such as network security, business continuity, email security and data protection, which many of them already offer. Here's why IT channel firms should re-evaluate their portfolios.

  • Organizations may not exactly be in love with the Payment Card Industry Data Security Standard (PCI DSS), but they are increasingly complying with it with help from solution providers across the channel. The 2015 PCI Compliance Report from Verizon finds that although more companies than ever are attaining PCI DSS compliance, few of them can maintain it since the overall IT environment remains fairly dynamic. "Compliance at a point in time isn't sufficient to protect valuable data and their reputations; organizations must make being proficient at maintaining security controls in a dynamic environment a strategic imperative," the reports explained. "Being able to say that you were compliant three months ago will be of little solace when dealing with the aftermath of a breach." Most of the data being stolen is accessed with credentials that have either been stolen or are easily cracked. Also, much of the stolen data is unencrypted, showing that companies still have work to do to move toward compliance.

  • In distributed denial-of-service (DDoS) attacks, an IT infrastructure, Website or network becomes overwhelmed with requests, making it impossible to deliver services properly. The majority of 129 service providers surveyed by DDoS protection provider Black Lotus have experienced such attacks, with a large percentage reporting "customer churn" as a result. The study shows a disparity between how threatened providers feel about potential DDoS attacks and how prepared they are to mitigate an attack. While the report shows that 92 percent of service providers have some form of DDoS protection in place, it's often not enough to stop an attack before the damage is done. Plus, there seems to be a disconnect between what customers and their service providers believe are their responsibilities during a DDoS attack. Nearly half the service providers said they are solely responsible for the viability of their infrastructures during an attack, but they also believe the direct impact of the DDoS attacks are the customer's responsibility. The bottom line is that DDoS attacks can result in significant revenue losses.

  • While demand for mobile applications is growing at astronomical rates, so too are the security vulnerabilities that affect those apps. Although most companies consider the risks to be significant, just a small percentage of mobile application development budgets is being allocated to securing those apps, according to a survey of 640 IT professionals conducted by the Ponemon Institute on behalf of IBM. Worse yet, only 29 percent of those polled said they have the resources they need to address the issue, and only 14 percent gave high ratings to their capabilities in this area. "For a variety of reasons, companies find it difficult to improve the security of their mobile applications," the study stated. The report recommends frequent testing of mobile apps, ensuring the "rush to release" does not have a negative impact on coding practices, conducting training and education programs for development teams, increasing budgets for mobile app security, and implementing policies and procedures to control employees' risky behavior. For solution providers across the channel, testing and securing mobile applications represents a major opportunity.