Skip to main content

What is the role of the channel in the fight against ransomware?

Ransomware
(Image credit: Image source: Shutterstock/Nicescene)

Ransomware is an ongoing issue as the sophistication of these attacks continues to increase. With new tactics being used by threat actors in recent years - including, double, triple, and even quadruple extortion methods – the consequences of a breach are greater than ever before. With organizations stretched to the limit, the channel has an important part to play in mitigating this threat. 

Ransomware attacks and Covid-19 

The shift to homeworking due to the pandemic has given ample opportunity for cybercriminals to conduct these attacks. This is exemplified in the 2021 Global Security Insights Report by VMware. The report found that those working within cybersecurity globally have seen a 76 percent increase in ransomware attacks in the past 12 months due to remote working.

In addition to this, in June 2021 the National Cyber Security Centre (NCSC) released a report stating that in August/September 2020 and again in February 2021, there was an increase in ransomware attacks against schools, colleges and universities in the UK. These attacks mainly led to the loss of coursework done by students, school financial records and data related to Covid-19 testing.

Make sure employees are trained

With ransomware attackers using email as the main way to gain access into a company, increased cyber awareness training is needed for employees to protect businesses – the human element is the weak link here. As exemplified in the April 2021 ransomware attack on Merseyrail which was a victim of Lockbit ransomware. During this attack, the threat actors forged an email impersonating the Director of Merseyrail, Andy Heath. This attack illustrates one of triple extortion, where the attackers allegedly stole employee and customer data. 

To make matters more complicated, threat actors are not standing still with their techniques. Increasingly, ransomware gangs are moving more towards complex phishing techniques, and employees need to be trained to spot these. For example, attackers are using social media to contact and build up a rapport with their targets, before tricking them into downloading a malicious payload.

Those within the channel working to protect customers from ransomware attacks should help the organizations they work with implement training processes and protocols. This is not something new, but not enough organizations have robust and regular training in place. It isn’t enough to host a training session once every couple of years and hope that will be enough. With the majority of ransomware attacks relying on human error for their success, it is unavoidable that training should be a top priority.

Where are the weaknesses?

Vulnerability testing is a central part of ensuring that any potential weak points are rectified before they become an issue. Fortunately, it is fairly easy for channel partners to see if their customers have the right systems and processes in place. These tests can be done through vulnerability scans and penetration testing, which will identify the technological issues within an organization that needs to be solved. 

However, much like training, testing has to be robust and regular. How often they are carried out depends on the nature of the organization. This is largely contingent on how often the IT environment of the organization in question changes. For example, a cloud-based developer, that updates their environment constantly, would need to check their IT systems on a more regular basis than businesses that do not use the cloud.

With so many vendors and products, it is important the channel works with their customers to help them navigate the complexity of the market to create the best overall solution. When choosing technologies to use, most organizations want to implement a multi-layered, multi-vendor approach in order to meet the specific needs of their organization. But, assessing the efficacy and suitability of each and every product is impossible, even for well-resourced enterprise IT teams. The channel has a critical role in making sure that the combination of products is one that allows each system to work effectively to protect each business. Partners and vendors should be working together to keep their training up-to-date and provide solutions to these threats and attacks. 

Collaboration within the organization

Ransomware is an issue that impacts everyone across an organization, it is not solely an IT issue. Therefore, channel partners should be working with their customers in order to ensure there are processes in place which set out the actions to be taken in case of an attack. A way to do this is through intra-organization collaboration to assist with the design and implementation of a practical response to an attack. Having a defined mitigation strategy can help buy valuable time for victim organizations and allow them to keep better control of their data and third-party stakeholders, such as customers, should the worst happen. In doing so, they should be able to respond to a breach more effectively and reduce the ransom demands being placed upon them. 

Breaking into the cybersecurity market

Given the complexity and fast-moving nature of the cybersecurity market, resellers or managed service providers that do not currently operate in this space face a high barrier to entry. One way of mitigating this is for a partner to make use of pre-built, click-to-run solutions whilst they build out their cybersecurity business. These solutions typically focus on common business requirements and use cases, such as protecting business data security, and are customizable to the individual needs of each organization. As well as reducing the amount of upfront investment needed to build a cybersecurity offering, it can also massively reduce the deployment time of these solutions to minutes instead of hours. It is for this reason that sometimes even mature cybersecurity partners will sometimes use these ready-built solutions, allowing them to focus on value-added offerings instead. 

Continued collaboration between partners is needed in order to deal with the ransomware issue and to close the cybersecurity gap, which continues to exist across many organizations. The channel is able to provide support to businesses looking to improve their cybersecurity methods, through training for staff, testing and offering ready-built solutions. Each organization needs unique solutions to prevent these ransomware attacks, and the channel has the tools to provide this individualized support and can help those organizations that are new to cybersecurity. Especially now, as the sophistication and complexity of these attacks are increasing, more organizations are still needed to help with addressing the challenges which are brought on by ransomware.

David Ellis, Vice President, Security and Mobility Solutions, Tech Data EMEA

David Ellis
David Ellis is Vice President, Security and Mobility Solutions for Europe at Tech Data.