The IT reseller market is one of the most targeted industries when it comes to cyberattacks, ranking third only to software-as-a-service (SaaS) companies and the education sector. Today, IT resellers experience an average of 82 attacks per user, as hackers rapidly evolve their tactics to conduct malicious activity.
In the last few months, the industry has taken quite a hit. Just look at the massive ransomware attack that hit hundreds of U.S. dentist offices in August. In this particular incident, the REvil (Sodinokibi) ransomware took over the MSP providing services to these businesses, infecting all of its customers’ computer systems and preventing access to important patient data. Limited access or the inability to recover said data meant dentist and doctor offices alike were left without historical background on diagnoses and unable to properly treat patients—the backbone of their business.
With all this in mind, a cyberattack on an IT reseller is not a question of “if” but “when.” Given most IT resellers sell security solutions as a part of their portfolio, resellers must be the experts their customers can trust to have their best interests in mind. It’s up to them to “practice what they preach” and ensure that they’re taking care of their security systems in-house—and beyond.
Why are IT resellers targeted?
As an integral part of the supply chain, IT resellers are vulnerable because of the vast amount of personal and financial data, such as names and Social Security numbers, housed in their systems.
By attacking an IT reseller, hackers can gain access to networks they might not be able to reach otherwise. IT resellers are an intermediary party and because they have access rights to customer environments that typically only internal parties have, they can subsequently put customers at risk through their own systems.
How are IT resellers targeted?
Attack vectors on IT resellers run the gamut from malware installs to phishing to impersonation. In fact, a recent Mimecast Threat Report found that the sector experienced a significant uptick in different malware types such as Adwind, a form of “Remote Access Trojan” that installs malicious content onto software systems. As a cross-platform malware, Adwind can collect user information, conduct file transfers, VPN, and password theft, and more, making it extremely dangerous.
To gain entry into IT resellers, attackers often look to break through the human firewall of the organization—their employees. According to a 2017 study by IBM and the Ponemon Institute, human error, resulting from lack of knowledge, concern, and attention to security, is responsible for 90% of breaches. Let’s look at some examples of human error:
- An employee receives an email with a malicious phishing link. Not paying attention, they click on it. As a result, they open their organization to risk, as a malicious player now has control of their email system and files.
- A hacker visits an IT reseller’s website to learn about the customers they represent. Through a customer testimonial, the attacker finds information about a client executive and reaches out to the IT reseller claiming to be that executive. The attacker could then ask for a password reset as the fake customer, leading the IT reseller to unknowingly share sensitive information and provide access to the customer’s data.
The access to customer environments that IT resellers hold cannot be taken lightly. A customer could have the strongest security system in place, but if the IT reseller’s systems are weak, the customer is at risk now too.
How should IT resellers ensure strong cyber hygiene?
To avoid becoming the next victim, resellers need to prove their cyber resilience to customers by demonstrating that they have both proactive and reactive strategies in place.
First, IT resellers can make themselves more secure by implementing threat detection technology to reduce the attack surface. With active monitoring, organizations can identify and analyze threats and take appropriate action to block anything from compromising its systems. Blocking attacks in the first place lessens opportunities for human error down the line.
Second, knowing threat actors will often depend on human error to carry out an attack, IT resellers should implement awareness training programs to ensure all employees are knowledgeable and equipped to protect the organization. With frequent, engaging training programs like email threat simulations, surveys, and entertaining videos, employees can learn the intricacies of a potential attack and implement correct follow-up actions.
Third, resellers should ensure they’re clearly communicating their security protocols and practices to customers. Consistent and open conversations with clients about cyber history and resiliency plans will help assure that they are prepared to thwart potential attacks. Together, both parties should discuss whether or not they have the appropriate technologies in place and if awareness training exists for employees.
IT resellers have access to sensitive details of the organizations they support. As the industry becomes increasingly targeted by threat actors, resellers must have strong cyber hygiene to protect against potential attacks. By educating employees and working directly with customers to ensure they are prepared to thwart anything that comes their way, IT resellers can eliminate potential vulnerabilities and keep their businesses growing.
JOSHUA DOUGLAS, vice president of threat intelligence, joined Mimecast in 2019 after a stint as Chief Information Security Officer for TRC Companies Inc. He has two decades of experience in helping global organizations secure their most prized business/mission assets. Before TRC, Josh spent 12 years at Raytheon serving as the Chief Technology Officer for Forcepoint/Raytheon Cyber Products and Chief Strategy Officer for Raytheon Cyber Services. He is a forward-looking cybersecurity executive who creates advanced services and solutions that help protect enterprise from ever-changing risks and threats.