What are the most pressing cyber-risks that channel partners should prepare for and how can they best mitigate these threats?

We asked two industry experts what are the most pressing cyber-risks that channel partners should prepare for and how can they best mitigate these threats? Filipe Grahl, Cybersecurity Specialist, Dfense, and Marco Oswaldo Freitas, Channel Manager Tenable Brazil, give us their views.

Filipe Grahl, Cybersecurity Specialist, Dfense

Today, the main risks are ransomware, poorly configured or outdated systems, credential theft, social engineering, supply chain attacks and ‘insiders’.

In the case of ransomware, many companies face the moral and practical dilemma of whether or not to pay the ransom, as data recovery remains uncertain. Additionally, the extortion perpetrated by these cybercriminal conglomerates can branch into different aspects, as evidenced by the BlackCat group, which employs a quadruple extortion – communication with partners, directors and stakeholders; DDoS attacks; data encryption; and threats of public leaks – with the aim of intimidating their victims. From the point of view of preventive strategies, to protect against these threats, there is the establishment of robust backups, intensive employee training and rigorous system maintenance.

On the other hand, vulnerability generated by poor configuration or outdated systems creates an avenue for cybercriminals to act. Illustratively, an improperly configured repository on GitHub uncovered 38 TB of Microsoft data, highlighting the critical importance of intensive and regular patch management and security audits.

As for ‘Credential Stuffing’, the exploitation of previously leaked credentials allows illegal access, especially when we consider the common practice of using the same password on multiple platforms. By having knowledge of a user’s credentials, an attacker can exploit this information to identify patterns in the passwords used and orchestrate dictionary attacks. These, in turn, use such patterns to perform brute force attacks and potentially compromise a system. Implementing two-factor authentication and encouraging the use of distinct and robust passwords appears as an essential shield against these attacks.

Furthermore, social engineering and phishing directly target the most vulnerable link: the human being. By manipulating people through fraudulent messages or direct persuasion, criminals aim to gain access to crucial information, making a solid investment in ongoing employee training and awareness imperative.

Supply chain attacks aim to compromise products or services at some point before their delivery to the end consumer. The iconic 2020 SolarWinds case illustrates this type of occurrence, where software was compromised, impacting thousands of customers, including government entities. Security, in this context, must extend beyond the company’s boundaries, encompassing the entire supplier network.

Finally, insiders are individuals with privileged access who, motivated by revenge, financial gain, or simple negligence, can cause immense damage. The response to this threat encompasses detailed monitoring of systems, the implementation of clear policies and the promotion of an intrinsic culture of responsibility in the field of cybersecurity, ensuring a safer and more intact digital environment for everyone.

Marco Oswaldo Freitas, Channel Manager Tenable Brazil

Today, I contend that the main risks are: a shortage of experts in cybersecurity; complex and extensive attack surfaces; lack of vision of all assets that make up the company’s production process, including suppliers and outsourced workers; the lack of clear indicators for better management; and the reactive stance, in which we see that the vast majority of companies are still waiting to be attacked before taking action.

The deficit of specialized expertise is a global challenge, not confined to Brazil.  In the post-pandemic era, while demand has surged, so has flexibility, enabling businesses to source talent from anywhere in the world.

Another aspect that I see as a critical concern is the fast pace in which applications and systems are developed. The plurality of surfaces where the assets that support the companies’ production process are located. These assets—ranging from endpoints, servers, workstations, and printers to data centers, databases, and IoT- can be stationed on-premises, within public or private clouds, or in hybrid settings, with a significant number tailored for cloud deployment. Taking mission-critical systems like Microsoft’s Active Directory as an example, each highlighted asset serves as a potential attack vector, which, if compromised, can result in a security breach.

From a security manager’s point of view, the equation becomes convoluted. Limited number of professionals, a plethora of assets across various platforms creates extreme difficulty in saying what is safe and what is unsafe, what is at risk in the infrastructure that supports the business. Often, professionals see infrastructure only in terms of what they directly manage, overlooking service providers and third-party applications vital to corporate initiatives. This equation becomes complex to manage, adding to the lack of management indicators.

The role of partner channels in navigating these challenges cannot be understated. Primarily, these channels possess the capability to amalgamate solutions, curating a comprehensive offering by harnessing the pinnacle of technological defenses.

The channel is in the customer’s daily life, so they can be more effective in dealing with security problems in advance, with a holistic vision that can look at all scenarios at the same time. The key is a platform capable of aggregating data into a unified dashboard, facilitating decision-making in environments that are heterogeneous.

Moreover, the channel can apply the best tools to do better, more assertively, but with less work and more efficiency. Companies no longer have enough professionals, there are several environments at the same time and it is extremely difficult to have indicators to manage, especially when we apply a proactive management perspective and it is worth remembering that proactive action is cheaper than reactive action, where a security incident is already underway. So that’s where I think it will make all the difference, when the channel can combine technologies, simplify companies’ routine operations and support them in decision-making.