Not every business is off to a great start in 2016. Some may be facing significant challenges implementing broad organizational changes, while many keep a close eye on the economic and other external forces that can affect end customers…and revenue projections.
For example, the drop in oil prices may offset increased costs in other areas of an IT firm’s business, but it is also, by many reports, fueling uncertainty in the stock markets. 2016 is also an election year, which normally makes entrepreneurs and investors a little jittery. Fear of the unknown is often more unsettling than negative plans or projections ̶ customers often delay major purchasing decisions when significant economic and regulatory decisions are at play.
Of course, the economy is only one of the many immediate concerns those in the business community face. IT security threats continue to garner attention and spending. With technology so crucial to so many businesses today, from the data it helps collect to the processes it automates, downtime is simply unacceptable. Just one employee slip up could cause thousands of dollars in damages to an organization’s systems and employee productivity if the proper protections aren’t in place.
The latest ransomware attacks spread so quickly and effectively, they can basically shut down an affected business. These infections travel readily through the intranet, the internet and virtually any other system linked to the device of the person who clicked the malware-laden link or downloaded the affected file. They attach to and encrypt every piece of data they can access, locking away everything from crucial documents and spreadsheets to images and personal information. CryptoWall and similar malware even have the ability to permeate online storage and backup systems (if an affected user hasn’t logged out).
All the company (or individual) has to do to get the key to unlock and restore all the files is pay a ransom. These attacks are so effective, according to an FBI agent speaking at a Boston conference last year, that the best course of action is to simply pay the $300-$600 fee. Of course, the “official” statement from the bureaudoes not include that recommendation, and the extortion fees aren’t always that inexpensive. There have been reports of the “ransom” message asking for $10,000 or more.
What the agent was pointing out is true. If a company decides not to pay the ransom, the costs may actually be substantially higher. Tally up what the replacement of affected hard drives and servers and the associated labor charges would be. In the event a company’s backup files are also locked down and are truly irreplaceable, what would it cost to replicate the most important information?
Sell Prevention and Training, Not Fear
If CryptoWall isn’t scary enough for your clients, let them know it has many relatives and friends. McAfee Labs and numerous other security firms are track a growing number of ransomware threats each year, and the complexity of these types of malware continues to increase. The names should be familiar to channel companies, including TorrentLocker, BandarChor and one of the latest, Teslacrypt.
Regardless of what they’re called, your customers need to avoid them like the plague (because, quite literally, that’s what they are). Whether they know it or not, effective proactive IT security protection has become “business critical,” and the providers who can deliver it are going to be in high demand as these issues gain traction and press.
The biggest current challenge? Not everyone understands the threat. Even those who have friends or family members who experienced the frustration of a CryptoWall attack don’t always understand the risks. Perhaps they were browsing hazardous websites or opening emails irresponsibly, or without anti-virus or anti-malware in place? Of course, they (and their employees) would never do that.
That perception can be a challenge for providers. There’s somewhat of a fine-line between selling based on fear (this is what will happen) and offering sage advice to customers and prospects. No one likes to be told their protection measures are ineffective or have gaps and could leave them exposed to potentially crippling malware, especially when they’ve already made IT security investments.
Great care should be taken to educate customers (and their employees) on the continually evolving threat landscape, how criminals are using elaborate schemes and trickery to gain access to their information. Assessments are a great conversation starter, allowing providers to evaluate systems and practices so they can highlight potential vulnerabilities and suggest solutions.
The uncovered issues typically fall into two categories: lack of effective protection software/cloud applications and/or employees failing to follow IT security best practices. The latter has been cited as largest problem in most industry research. For example, the IBM Cyber Security Intelligence Index suggests that 95% of all security incidents involve human error.
If you want to help customers really protect their businesses from CryptoWall and whatever other evil doers are out there lurking around their IT perimeters, help them build effective security policies and develop employee training. Everyone with access to the company’s email and business systems know and practice the industry best practices for preventing malware infections and breaches.
A New Channel Training Option
Most providers have a limited amount of time and resources, so building these plans could be a major challenge. The good news is that CompTIA just rolled out a top-notch program that its channel members can brand and deliver as their own. CompTIA CyberSecure™ is an innovative new training course covering the cybersecurity best practices every business should have in place, and the association’s premier members get 50 seats free to use as they please.
The new program uses video, animation and interactive scenarios to help each employee evaluate and reflect on their own security behaviors in real life situations. CyberSecure offers up various scenarios and highlights the actions each individual should take to assure their connections and communications are safe (and secure).
Whether you employ CompTIA’s latest tools, develop your own, or partner with other training organizations, take steps to ensure your clients are better protected from the evil doers. Aspire to be their “cyber super heroes,” a term (and reputation) your business will truly profit from.