The regional cybersecurity channel is forever looking for inroads. How do we convince our customers that they need us and that we can add value? I would like to share a story about an up-and-coming monster — the initial access broker (IAB) — and its role in the threat landscape that won’t quit.
The GCC IT services market is expected to surpass $8 billion this year and rise by over 6 per cent (CAGR) to top $10 billion by 2028. Protecting these investments appears shrewd, given that the Middle East’s average breach cost is slightly more than $8 million, just shy of twice the global mean. But as we work with customers to deliver that protection, we must deal with a new threat landscape.
A Threat Industry now mirrors our channel of vendors, distributors, resellers, systems integrators, service providers, and others. It has its channel, albeit one considerably less salubrious than ours. Cybercrime is now big business, having (according to some estimates) made US$8 trillion globally in 2023 and possibly on its way to reaching US$10 trillion in 2025. If such figures are accurate, they would vindicate those who call cybercrime “the world’s third largest economy”.
It’s story time
Customers should be made aware of this. They should know that this industry of threat sells infiltration capabilities as IT services and even employs HR and marketing teams to support it all. Utilization of various skill sets; a supply chain of vendors, resellers, and end-user bandits — it’s all there. And then you can tell them all about the vendor end, where we find the initial access broker, an infiltration specialist with all the low-end knowledge necessary to sneak into your most sensitive data stores and plant a waypoint that can be sold to those who will do the real (multimillion-dollar, remember?) damage.
This is the message to customers: IABs have these successes every day, and it is just a matter of time before they vault your walls. But the good news is, we can help. We are adept at discovering the vulnerabilities and misconfigurations IABs use for breaches. We have experience in the methods IABs use to steal user credentials and plant malware. Much of what the IAB does is to target low-hanging fruit. They want easy paydays so that they will look for open doors and unlatched windows. Initial quick wins for the security function are often simple best practices that require little investment.
Now, let’s talk about patching. Here, in the channel, we know that IAB toolkits are continually updated with the latest vulnerabilities in devices, coding languages, and common business applications. Applying available patches in an automated, triage-based approach can enormously help maturing a customer’s cyber posture. Bigger vendors like Google and Microsoft publish patches more quickly and more often. This means it is important to (a) keep up to date with these patches and (b) not neglect more niche tools. Attackers will target those less commonly used products since they tend to yield more dwell time.
Thus starts a lasting relationship
When speaking with an anxious customer, explain the necessity of being aware of all Internet-facing systems. You could use the example of last year’s remote code execution flaw discovered in the file transfer tool MOVEit. MOVEit is the classic example of a nowhere-to-hide security problem. The tool has to be available on the Internet to a range of senders and receivers who may or may not be part of the same corporate network.
Awareness and our ability to monitor a customer’s external attack surface are our greatest protection. We provide infrastructure views for clients’ security teams that are similar to those an IAB compiles before they move. It is a huge selling point and rapport-building leap to reassure customers they can see misconfigurations and critical issues in real-time. And not only in real-time but in enough time to do something about it.
We can end our narrative by urging a continuous and automated monitoring process that means the customer is protected around the clock, year in and year out. You, the channel partner, can explain that this capability is just one element of your standard security service package and that you stand ready to assist them in real time if an incident occurs.
Winning hearts and minds
Customers are already anxious about the growing sophistication of threat actors. Taking IABs as an example, we connect with our customers by letting them know we have already considered this problem. But when we explain the step-by-step eradication of their anxiety, we start to win hearts and minds.
