IT Service Providers: Mind the Security Gap

Hackers will find a way in, and customers will then look for a way out.

Persistent threats affecting businesses of all sizes and in all verticals are becoming more consistent and hitting more frequently. The 2016 Verizon Data Breach report analyzed 100,000 incidents across industries and verticals, of which 3,141 were confirmed data breaches.

According to the report, phishing and point-of-sale (POS) attacks are still extremely common—but can wreak the most havoc.

Though these attack vectors aren’t new, phishing emails are becoming more and more convincing as cybercriminals improve the URL and domain appearances, colors, logos and email content, as not to raise red flags.

Once the phishing links are activated, either installing malware or stealing credentials, they can wreak havoc on the network, the company’s reputation (in the case of the infamous W-2 phishing scam that hit dozens of companies this year) or the compromised individual’s identity.

As for POS intrusions, do we even need to explain?

In the most recent cases of Eddie Bauer and a slew of hotels, including Millenium, Kimpton, HEI and more, once POS malware gets onto the network, it exfiltrates sensitive information, including customer card data, negatively impacting customer loyalty, reputation and company finances, especially once the news hits the media (and it almost always will).

These are just two examples. The breach report also names DDoS attacks, crimeware varieties and web app attacks as some of hackers’ evolving choice methods.

Cybersecurity firm Proofpoint specifically called out ransomware—where your device is locked down, and all of your files are encrypted until you can pay a designated amount of Bitcoin— as the most preferred malware type for cybercriminals in 2016.

As these methods progress, the underground world of cybercrime is becoming more industrialized. Hacker groups see themselves as full-on, functioning businesses. According to the 2016 Symantec Internet Security Threat Report, cybercriminals are forming professional networks and becoming significantly bolder in which targets they pursue… and the amounts of money they seek. The report states:

“Just as legitimate businesses have partners, associates, resellers, and vendors, so do those enterprises operating in the shadows.”

With all of these advancements lurking on the Dark Web, companies need a combination of the best security technologies and defenses to protect their sensitive data and brands. And IT service providers need to make these offerings available to their customers.

The Impact on IT Service Providers

IT service providers that don’t offer information security solutions are leaving clients highly vulnerable to all of the threats we know—and the terrifying amount that we don’t. This vulnerability, if exploited, could greatly impact clients—not only because of the immediate monetary loss in breach damages but because of future profit impact, decrease in customer loyalty and harm to overall brand reputation.

In turn, the IT service provider could also suffer. Most customers understand the risk that cybercriminals pose to their businesses, and they expect the outsourced providers to give them options to protect themselves. If the outsourced provider has access to a customer’s confidential information, and that company is breached, the provider could be hit with some of the financial burden.

In addition, if current and prospective customers find out that the provider is not offering sufficient data security options —they could take their business elsewhere, creating an overall recipe for reputational disaster.

Today, businesses are motivated to consolidate IT service providers to get as many services “under one roof.” The fewer vendors and providers they have to coordinate with and spend money on—the better. And security is top of mind.

CompTIA ran a survey earlier this year called Security in the IT Channel and found that customers are no longer just paying lip service to security—they’re expecting action and offerings along with their other IT services.

The channel firms surveyed said their customers expressed the most interest in firewalls and antivirus, with newly emerging interest in security information and event management (SIEM).

The Solution is in Partnership

It may sound intimidating for the service provider—but there is one way to make filling the information security services gap faster and easier: through partnerships. This approach leads to lower costs, higher profits and more effective solutions, since you’re pairing up with an expert in that security specialty.

If cybercriminals are forming partnerships to advance their ‘business success,’ IT service providers need to do the same with security services firms…so they don’t lose the fight or their customers’ trust.

Netsurion, for example, is partnering with IT service providers to help improve the state of security for businesses—and to help them stay ahead of the most advanced threats. Netsurion's solution partners provide merchants with payment processing and/or merchant technology solutions protected by Netsurion remote-managed network security, secure Wi-Fi and PCI compliance management services.

We are a partner channel-focused company because we realize the best way to safeguard consumers, merchants, and businesses alike is to deliver comprehensive integrated solutions resulting in strong, simple and affordable data security. We’re currently offering a variety of layered solutions, including:

  • Prevention: PCI and HIPAA regulatory compliance, managed firewall, policies, AV, backup
  • Detection and Response: SIEM, End-point protection
  • Orchestration and Automation

Netsurion’s managed security services are resold by established IT service providers including Resource Point of Sale, CoCard, DCR and POS Solutions.

Take it from our recently announced partners— adding security services to your offerings will only bode well for your business:

“At ReSource Point of Sale, we understand the importance that network security has in the POS industry. As a company whose priority is providing excellent customer service, we know how much our customers will benefit from having the peace of mind that their POS data is secured,” said Nik Parra, CTO, ReSource Point of Sale. “We are excited to partner with Netsurion to strengthen our customers’ networks and continue to excel in the services we provide.”
“CoCard is owned and managed by ISOs for the benefit of the individual ISO. Our mission is to provide a pathway for ISOs and agent resellers to maximize individual business strategies within the payment processing arena and enhance the overall economic return for all members,” said Ray Raya, a vice president at CoCard. “We’re excited to offer Netsurion’s services alongside our own—giving our customers state-of-the-art essentials for merchant processing, security and compliance, all under one roof.”

Interested in learning more about securing your customers? Visit http://www.netsurion.com/partners.

  • Protecting Against Ransomware Attacks: What Every Business Needs to Know

    July 11, 2017

    Ransomware attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now. Follow these tips to help avoid a ransomware breach at your business.

    Read More
  • Are there any weaknesses in your Point-of-Sale System?

    September 06, 2016

    News about a company being breached seems to be a regular occurrence nowadays. And it’s no wonder, with hackers getting more sophisticated and hungry for more.

    Read More
  • POS VARs -- Don’t be a Target!

    July 26, 2016

    When business owners start looking at Point-of-Sale (POS) systems, they may feel overwhelmed at the infinite amount of options they can find online. How does a business owner make a decision? How do they know it’s the right decision?

    Read More