Ransomware has swiftly become one of the biggest cyber threats for businesses. The criminals behind it don't discriminate; anyone is a potential target, regardless of sector or size.
The primary goal of attackers is financial gain. Yet, if successful, a ransomware attack can have even further reaching consequences than simply putting an end user organisation out of pocket. It has the potential to damage brand, reputation and relationships.
Everyone's heard the horror stories and, thanks to last year's notorious WannaCry and NotPetya attacks, ransomware is set to remain well and truly in the public eye.
It's no wonder then that recent Barracuda Networks research discovered that 90% of EMEA organisations placed it as their number one concern – a sentiment which was echoed by 37% of the channel partners who are often being charged with dealing with these customer concerns.
Yet, despite both the channel and end-user organisations agreeing that ransomware is the biggest security threat out there, our research revealed some disparities in their beliefs around just how widespread the problem is.
What ransomware?
Despite agreeing on the devastating impact of ransomware, our research revealed a striking difference in opinion between channel partners and their end-user customers when it came to the number of organisations that are being targeted by cyber criminals.
Whereas 48% of EMEA organisations admitted to being hit themselves, over half of channel partners (54%) told us that less than 20% of their customers have been victims – 7% even reported that none of their customers have been attacked by ransomware.
What's more, while only 41% of organisations admitted to being able to identify the source of a ransomware attack, more than half (51%) of channel partners think that their customers are always able to identify the cause.
Missed opportunity
The reason behind our statistics is not all that clear. Perhaps customers are too embarrassed to admit to channel partners that they've been a victim? Perhaps partners have too much faith in their customers' ability to detect the cause of ransomware?
But the figures don't lie. Instead, they point to a much wider potential problem. They beg the question: is the channel out of sync with end-user organisations when it comes to ransomware? And if so, are partners missing out on opportunities to increase revenue and add real value to their customers?
Barry Mattacott, Cyber Security Marketing Director at Nuvias Group and one of our channel partners, says the survey highlighted a "misalignment between what people in the channel believe and what end users are actually admitting to experiencing".
"Perhaps the anonymity of a survey means that end users can more candidly express what they're experiencing – something that they wouldn't feel comfortable admitting to within general conversation," says Mattacott.
"These are interesting findings for the channel and, rather than asking customers whether they've been a victim of an attempted ransomware attack, perhaps we should be making the assumption that they have, and proactively offer solutions that safeguard against future attacks," he adds.
Asking the right questions
So the general consensus is that, in our current ransomware epidemic, the channel needs to adopt a new way of thinking. After all, it's everyone's problem and no one is immune, with all organisations being a future target for attackers. Adopting this attitude can help to broaden security conversations for partners, enabling them to ask their customers different questions and opening up doors to new opportunities.
It's also about more than just technology. The channel has an opportunity to deliver security consulting as well as solution expertise. With the right vendor support, partners can play a pivotal role in educating end-user organisations and help to plug the security gap with ongoing access to a team of experts who can advise as and when they are needed.
This, in turn, can help to establish and build long-standing relationships with end-user organisations which are based on honesty, trust and true value.
If channel partners want to increase revenue and add value, they need to take note of the opening presented by the findings above. Never assume that end-user organisations are safe, or that they know more than they do. Instead, act as a safety net by asking the right questions, building strong relationships and ensuring customers never feel judged.
This is how partners can make themselves invaluable and, after that, the opportunities are endless.
Chris Ross is SVP sales, international at Barracuda Networks
