Skip to main content

“Sophisticated phishing and social engineering attacks are on the horizon”

6 MINUTEN GELESEN
Insights Cybersecurity

James Harrison

Marketing Consultant

To dissect the cyberattacks that are on the horizon and the cybersecurity solutions we offer, we asked Daniel Hurel, VP Cybersecurity and Next Generation Solutions, how partners can enable a secure path to digital transformation and unlock recurring revenues in a cloud-first world.

The growth of technology and the acceleration of digital transformation have raised new security concerns. Fraudsters are focusing their efforts on unwary users, implementing increasingly sophisticated scamming techniques to perform malicious online acts. At the enterprise level, threat actors are taking advantage of the changing work environment to attack companies. Luckily, companies have been architecting ways to enable a secure path to digital transformation and help organisations unlock recurring revenue in a cloud-first world.

How has Westcon-Comstor’s approach to cybersecurity evolved?

The truth is – the world has been overwhelmed with years of disruption – from Brexit through to Covid. Because of this, the business has built a strong foundation of resilience, meaning that when the pandemic hit, we were already prepared. We had 90% of our 3,000 people fully and securely working from home within 48 hours of the lockdown being announced, with all logistics centres remaining open and operational.

Unlike the other broadline distributors, we’ve grown into a specialist. Meaning that we only work with best-in-class vendors where we’ve got the people and resources to support them.

In addition to the impressive growth these vendors are experiencing, we’ve received 11 vendor awards this year, including Distributor of the Year for Mitel, Palo Alto Networks, Check Point and Cisco. On top of expanding our relationships with current vendors, we’ve also added 15 new vendors including AttackIQ, CrowdStrike, Claroty, Menlo Security, NoName Security, Pure Storage, Infoblox, Ruckus, and Zscaler to the roster this year.

Over the last year, we’ve had significant success in the security marketplace by attracting and retaining a record number of UK security VARs/SIs/MSPs compared to any previous year. We’ve increased our Palo Alto Networks market share and have become the fastest-growing Cisco Security distributor with a 45% market share.

What challenges do you help navigate?

Westcon’s Next Generation Solutions (NGS) provides the channel with solutions to enable a secure path to digital transformation and help partners unlock recurring revenue in a cloud-first world. We help unlock new security opportunities for our partners and identify areas of the security market which are set to grow and create the most value for the industry.

What new threats have arisen as a result of the pandemic?

The pandemic forced organisations and individuals to embrace new practices, such as social distancing and remote working. As a result, this generated a renewed focus on cloud acceleration and a shift to greater workplace flexibility. With these changes, significant security challenges came along.

In 2020, home networks and devices became an attractive attack vector as workers stayed at home. More devices and more access to public networks (not just at home but in cafés and on public transport) meant a larger attack surface. This led to an increase in phishing attacks and device exploitation through public Wi-Fi. Many businesses opted to implement Zero Trust Access (ZTA) models for the first time.

Even as the hybrid work model brings employees back into the office, businesses will be looking to expand this further as they invite potentially compromised devices into their network.

Despite the risks, why do businesses still hesitate to upgrade their security?

A big part of this issue is an over-reliance on MSPs (Managed Service Providers). Many businesses rely entirely on MSPs and MSSPs to keep their IT infrastructure secure. While these service providers do indeed have a big role to play, they are not fully responsible for the security of every business.

Putting the entire responsibility on MSPs’ shoulders makes companies complacent. But every business needs to make sure they understand the responsibility that they have to protect their cybersecurity posture themselves.

In addition, any business that hasn’t been breached can feel invincible with minimal security protection. And because they’ve not been breached, they feel the investment in additional resources might not be necessary. In a time when budgets are tight and companies struggle to expand, it’s especially difficult for the business owner to justify putting additional resources into security if they can’t see the ROI. It’s unfortunate as this attitude leaves them open to attack.

What other challenges do business owners face today?

A major challenge for businesses is understanding the cybersecurity landscape and what threats they’re under. While some businesses might be able to hire more specialist security staff, the current talent shortage is making this increasingly difficult. As a result, many companies are unaware of how to safely manage their security environment, leaving them open to a breach.

The good thing is the opportunities for MSPs and MSSPs have been growing. Large enterprises which are unable to get specialists who understand future cybersecurity threats, will be looking to the MSP community to act as a consultant, giving them the opportunity to explore new security solutions and embed themselves better in their partners’ businesses.

What are the worst security habits?

Poor password hygiene. While there have been some innovations in credentials such as 2-FA and biometrics, single-use passwords still represent the most popular access token for people to use. The number of new collaboration tools and platforms that have been made available has given threat actors a gold mine of new vectors where they can steal user credentials.

Sharing personal details over instant messaging. Credential sharing is another nasty habit users have picked up over the pandemic. The rise in new tools and particularly the use of instant messaging collaboration tools has unintentionally given workers a false sense of security when sharing credentials. All a threat actor needs to do on a compromised device or account is search for “password” or “username” and they’ve instantly been given access to an even larger dataset.

Insufficient email protection. Many businesses forget the importance of good email security and instead rely on their provider’s built-in protections. While basic email protection will filter out the most dangerous phishing attempts, other more sophisticated malware phishing attempts backed by intelligent social engineers can still make their way into an employee’s inbox. Businesses must deploy comprehensive email security solutions, like malware scanning, and anti-spam.

What threats can we expect to see more?

More sophisticated phishing and social engineering attacks are definitely on the horizon. The biggest security threat in any business is its people. Everyone represents an entry point and human error is the most direct and cost-effective route for hackers and it’s the one that’s most targeted.

The first port of call for combatting this kind of threat should be the implementation of more endpoint security protection tools, such as multi-factor authentication. This not only acts as an initial buffer against bad actors but also provides a robust shield against ransomware and supply chain attacks.

We’re seeing this happen more and more, as businesses come out of the pandemic, and start to adopt these practices as part of their ZTA architecture. However, like any arms race, this will result in more sophisticated phishing and social engineering attacks.

Therefore, businesses should start having open conversations with their staff about cyber resilience and cyber education. Every individual that knows and understands how to protect themselves is another endpoint protected.

What will the future of business technology look like?

The acceleration of digital transformation and cloud adoption has created a bigger appetite for 5G adoption and represents a huge opportunity for the industry. Faster speeds and better connections mean that businesses will be able to manage more devices and make better business decisions based on richer, more abundant data.

On the flip side, from a cybersecurity perspective, businesses’ eagerness to take on a relatively immature technology could put them at risk as many will be ill-equipped to handle the security requirements of 5G. This would make the early adopters of 5G the perfect target for bad actors testing new vulnerabilities and exploits. SIM-jacking is one avenue that we expect hackers to take advantage of. Mobile devices are going to be expanded for use as authentication tools and hijacked SIM cards can give bad actors all they need to get into a business email account as the hardware is regarded as “trusted.”

Although many are excited about monetising this next generation of technology, its security must remain a priority. 5G security will be a new and exciting area that will certainly grow as we learn more.

What’s next our security offering?

Our aim is to position Westcon-Comstor as a true cybersecurity solutions and services aggregator, enabling partners at every stage of the sales cycle via a single digital platform. To do this, we’ll be improving our sales process and developing a frictionless sales model to accelerate end-to-end integration with vendors.

Our company mantra is built on partner success, meaning when our partners succeed – we succeed. Improving the integration experience, making it more seamless, and improving access to best-in-class solutions helps everyone.

This blog first appeared in CyberNews