Chad Kelly (Trend Micro); Chris Rowley (SolarWinds MSP); Zoaib Nafar (The Missing Link); Leonard Kleiman (RSA); James Sillence (Juniper Networks); James Henderson (ARN); Robert Kingma (ICT Networks); Tony Vizza (Sententia); Richard Tomkinson (Cloudten); Ken Pang (Content Security); Martyn Young (F5 Networks); Daniel Johns (ASI Solutions); Samantha Gotting (Kaspersky Lab) and Malcolm Salameh (Airloom)
“WannaCry drew attention to cyber security and brought the conversation into the mainstream,” Cloudten principal infrastructure architect Richard Tomkinson said. “Everyone got a call at a very high level over the weekend following the attack, and I’ve never seen purchase orders get approved so quickly for mass renewals of anti-virus and endpoint protection on the Monday.
“From the channel’s point of view that was a positive step in that it’s helped raise the awareness.”
Awareness has risen because this was previously a hypothetical debate, a debate based on little local experience, rather takeaway snippets from the cyber frenzy unfolding globally.
But as 2016 and now 2017 have demonstrated, cyber attacks have reached Australian shores en masse, with ransomware raiding organisations across the country.
“WannaCry puts the ball back in the IT court because they can’t say ‘don’t click on this’ because they didn’t have to,” Rowley added. “You still have end-users clicking on the classic ransomware threats that have made millions of dollars but now it’s moving towards the IT level where they need to take more responsibility.
While WannaCry didn’t unleash its full carnage on the country, the nation is no longer relying on standard Sony and Target type breach stories to communicate its message.
Instead, the industry has a sobering reminder that Australia is well and truly in the game, emphasised through the Red Cross Blood Service data breach in October 2016, which impacted over half a million donors nationwide.
“Why is Australia such a target?” Kaspersky Lab North Australia territory channel manager Samantha Gotting asked. “We’re more likely to pay these ransoms and therefore we’re more likely to be targeted again.
“We’ve seen a lot of businesses reaching out after the attack trying to be proactive. Partners must talk to the users about processes, risk management plans and back-up as a trusted advisor.”
With government interest spiking, the stakes for a cyber breach will soon get higher in Australia, creating a new dynamic for the channel as a result.
“As an industry, we must be pragmatic and put in stringent measures to protect ourselves,” Juniper Networks senior manager systems engineering James Sillence said. “The onus is on security vendors to make the security message more digestible because it’s so complex.
“In some respects, some organisations say that this is all too hard, let’s give up and deal with the consequences. And that’s rather than trying to deal with the problem.”
Servicing the security market
In 2017, enterprises are transforming security spending strategies, moving away from prevention- only approaches to focus more on detection and response.
According to Gartner, worldwide spending on information security is expected to reach US$90 billion in 2017, an increase of 7.6 per cent over 2016, and to top US$113 billion by 2020.
Specifically, spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020.
“The conversation is now changing as the industry realises the tactics of these cyber criminals are changing, so it’s not just about protect it’s also about rapid detection,” Kelly said. “There’s no guarantee that businesses can stop threats 100 per cent so the next move is what are the technologies to help remedy that.”
The shift to detection and response approaches spans people, process and technology elements and will drive most security market growth over the next five years.
While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability.
“Threat levels are reflective of the scale of the business,” F5 Networks senior manager system engineering Martyn Young explained. “There’s obviously a lot more risk the higher up you go while at the lower end of town, there’s more of a hope strategy.
“Large organisations are more prepared and have better security posture. We leverage other vendor technologies and form alliances to meet the demands of the customer, and the value of the partner is in pulling that all together.”
Unsurprisingly in Australia, skills shortages are further driving spending on security services.
“Many organisations lack established organisational knowledge of detection and response strategies in security because preventive approaches were the most common tactics for decades,” Gartner principal research analyst Sid Deshpande said.
Consequently, skill sets are scarce and, therefore, remain at a premium, leading organisations to seek external help from security consultants.
“Our work boils down to instilling basic practices,” The Missing Link cyber security sales executive Zoaib Nafar said. “Regardless of the size of the organisation, businesses always have problems with security.
“We take the pain away from the customer and provide a schedule around priorities.”
In assessing the local market, Nafar acknowledged that most organisations “don’t know where to start” when it comes to threat management and security, creating a role for the service provider to offer digestible information and clarity.
“We take care of the neglected and difficult areas that customers forget and that’s the opportunity for the channel,” Nafar added.
Specific to managed services, the emergence of specialised managed detection and response (MDR) services represents a threat to traditional MSSPs.
The rising number of point solutions in the security market that address detection and response is creating sprawl and manageability issues for CISOs and security managers, driving spending for management platforms and services that are better integrated with adjacent markets.
“Flexibility remains the key,” ICT Networks CEO Robert Kingma added. “If we go back five or six years ago businesses were very segmented and we could focus on that segmented nature to extract a good return.
“Customer organisations are more dynamic today and we need to also be more dynamic. We can’t be all things to everyone and we need specialist security organisations to work in conjunction with us and our managed services customers.”
Specifically, and according to IDC research, services will be the largest area of security-related spending until 2020, led by three of the five largest technology categories: managed security services, integration services and consulting services.
Together, companies will spend nearly US$31.2 billion, more than 38 per cent of the worldwide total, on these three categories in 2017.
“We build a business not on products,” Salameh added. “I’ve worked for vendors for 20 years but they are becoming less relevant to me. The vendor go-to-market model for the channel is ‘teach the channel how to sell more product’ around partner enablement but that’s turning the channel into an extension of their sales people. That doesn’t help.”
