When I was a kid, no one talked about "careers." We talked about "jobs," and every child had a definitive --and often popular-- answer to the question, "What do you want to be when you grow up?" My aspirations changed a few times through the years, but they always focused on work that had a profound and positive impact on the world, not just the job itself. Instead of being a doctor, I wanted to find a cure for chicken pox. Instead of training as a chef, I wanted to create the next classic American meal.
As an adult, my aspirations on work have not changed. I love technology and working in cybersecurity, but the impact I want to make is to keep organizations protected from cybercrime and enable our technology partners to play an active role in safeguarding the world.
I have been in technology sales most of my career. Whether through direct or channel sales, there is one constant attribute that determines success or failure, and that is trust. Trust can be explained in many ways. It is having the knowledge and expertise to recommend a technology solution that fits the customer's needs, not yours. It is building and maintaining a track record of doing the right thing on a consistent basis. It is about possessing intelligence of emerging trends and having the confidence to advocate change.
For the hundreds of technology partners we work with every day in the Channel, that trust was put to the test during this pandemic. Companies relied on their technology partners to help them implement remote working solutions alongside new and untested virtual collaboration styles, as well as establishing new supply chain processes and assistance with rethinking conventional strategic planning.
Despite all the collaborative innovation to keep global economies going – as well as ensuring safety for companies and livelihoods – threat actors were ready to take advantage of this creative goodwill. In the recent Secureworks Incident Response Report, our incident responders share lessons from hundreds of engagements conducted during the pandemic. Although we did not see an increase in the volume of attacks, many threat actors used COVID-19 as an opportunity to employ familiar tactics such as phishing.
Healthcare, pharmaceutical, and government organizations were targeted by both nation-states and financially-motivated cybercriminals. These threat actors recognized the large sums of money funding pandemic-related work and targeted the underlying data for financial gain. These industries rely heavily on technology partners, so this is personal to me. In contrast to my love of technology, I hate cybercriminals with the same fervor.
I believe technology partners are in an ideal position to help organizations mitigate the risk posed by threat actors during this pandemic and beyond. Our findings point to specific actions I believe partners can employ to increase their level of trust with their customers:
- Enforce or develop policies to protect remote work equipment, the consumption or transport of sensitive data and establish technical controls to help monitor and enforce these policies. For example, install technical controls such as a Mobile Device Management (MDM) solution.
- On-premise testing can now be performed remotely by several security providers. Organizations should conduct frequent vulnerability, penetration, incident response, and simulated attack testing to validate the safety of their remote technology investments, procedural changes, and internal security vigilance.
- The same can be said about the stable of vendors who help organizations achieve their goals. As all supply chains are connected online, vendors need to demonstrate equal or stronger security postures than the organizations they serve.
- Threat actors continue to use proven tactics such as ransomware, malware, and business email fraud. Organizations should deploy advance threat detection and response solutions to constantly monitor their now expanded network footprint.
- Using multi-factor authentication for internet-facing resources, encrypting sensitive data, and disposing of information securely remain vital best practices to protect against credential abuse.
So many different types of industry played an essential role during this pandemic to help us all rise above. I believe technology was one of those. I am proud to work in an industry where every day my efforts and those of my colleagues dramatically improve lives, create endless opportunities for personal growth and achievement, while advancing humankind to uncharted and exciting possibilities.