Telecom Partners Say Cloud Security Is Top Of Mind In Wake Of Verizon Breach
Verizon Enterprise Solutions is the latest victim of a data breach that affected more than a million of its enterprise customers, news that partners believe will have wide-ranging implications on telecom and cloud security solutions.
First reported by security journalist Brian Krebs, the breach allowed hackers to collect information on an estimated 1.5 million enterprise clients, including basic contact information. Verizon said in the report that no customer proprietary network information or other data was accessed. The data was found for sale on an underground cyberforum.
The breach drives home the point that no company is immune to data security breaches, said Andrew Pryfogle, senior vice president of cloud transformation for Petaluma, Calif .-based Intelisys, a Verizon master agent partner.
[Related: CRN Exclusive: Verizon Channel Chief Famularo Is Moving On, VP Schijns Set To Lead Carrier Channel]
"If one of the leading providers of cloud security solutions in the world can itself be compromised, then anybody can be," Pryfogle said.
The exact cause of the breach remains unclear, but the Basking Ridge, N.J.-based company told CRN that it had recently found and fixed a vulnerability in its enterprise client portal that a hacker used to collect basic contact information on the carrier’s enterprise clients. No consumer customers were impacted, a spokesperson for Verizon said.
Verizon said that it is now notifying the affected enterprise customers. The carrier did not respond to CRN’s question regarding whether any partners were working with the enterprise customers impacted by the breach.
Verizon isn’t the only telecom company to be hit by a data breach in recent months.In October, British telecom company TalkTalk disclosed a breach that affected approximately 4 million of its customers, exposing credit card information, names, addresses and dates of birth. TerraCom and YourTel America were also hit by breaches in 2015, although they were not as extensive.
However, despite multiple recent telecom breaches, Jane Wright, senior analyst covering security at Technology Business Research, said she doesn't view the incident as a foreshadowing of more breaches in telecom providers.
’I don’t see it as the beginning of a trend toward more breaches at telecom providers. Like so many other companies that hold customer information – not just telecom providers -- Verizon was a target for hackers looking to profit from reselling contact information such as names, titles and email addresses,’ Wright said.
Wright added that there is also likely an element of hackers looking to ’outsmart’ security researchers. Verizon has established itself as both a thought leader in security with its annual Verizon Data Breach Report and making security offerings available through the channel, such as its Rapid Response Retainer that VARs and agents can use to help customers respond to vulnerabilities and breaches with assessments, forensics and professional services.
What the breach does point to is a continued trend toward attacking large companies, while many security experts expected to see attacks start moving downstream in 2016, said Michael Gray, vice president of technology at Tewksbury, Mass.-based managed service provider Thrive Networks.
’I think we were wondering if attacks were going to start going downmarket from the bigger companies, just because their radar is up just a little bit more. But, clearly they’re not shying away,’ he said. Thrive Networks is owned by telecom services provider MetTel.
While the cause of the breach has not been officially confirmed by Verizon, Thrive Networks’ Gray said the telecom giant, like many enterprises, is in a tough position when it comes to security because of its extensive network of agents and third-party partners. Gray said this could point to a continued trend toward breaches caused by and for third-party attacks, comparing it to the infamous Target breach in 2013.
’It’s just such a massive network to keep track of. Even just beyond the ISP services, everyone is working with Verizon,’ Gray said.
For partners, the Verizon breach emphasizes the opportunity around cloud security for telecom agents, Intelisys’ Pryfogle said. He said cloud security needs to be top of mind for every CIO this year, and those who don’t heed the call will regret it.
"Sales partners who don't start having these conversations with their customers will miss out on a massive revenue opportunity," he said.
From an MSP standpoint, Thrive Networks’ Gray said the breach also emphasizes the opportunity around security training services, which can help clients combat attack vectors such as phishing that often are the cause of many data breaches.
’This space that’s opening up is great. It doesn’t so much concentrate on how I can have a trickier lock, but how to train the people inside the house to be more aware of where the breach would occur. ... You need to focus on both,’ Gray said.
David DeCamillis, vice president of sales and marketing at Denver-based Platte River Networks, agreed, saying said in an email that the breach shows companies of all sizes need to be more proactive about protecting their infrastructures and data.
’They need to deploy multiple security tools to block, detect, isolate and remove these ongoing threats. The cybercriminals are continually developing and improving their methods so companies need to be just as aggressive on their end,’ DeCamillis said.