In this first of a two-part Q&A, Jay Ryerse, vice president, cybersecurity initiatives, ConnectWise, reacts to the recent spate of ransomware attacks on the dealer channel and surmises why these events are occurring and likely to continue happening. This is an edited transcript of our conversation. In Part 2, next week, he’ll highlight measures that can reduce the risk.
CR: I understand there have been as many as ten, if not more ransomware attacks on dealers, including some high-profile dealers. Why?
Ryerse: It doesn’t matter whether it’s a dealer or any other business, in today’s times, they have no idea what really happens when a cyberattack occurs. There’s just no understanding of what this process looks like and how bad it can really be. The one thing that always comes out of it is the impact on reputation. Their clients expect them to meet a certain threshold, which includes protecting them from cyberattacks, and yet dealers, many of them, who don’t even dabble in security, or only do it a little bit, don’t think that they’re at risk. Yet the reality is that anything that plugs into a network potentially introduces risk, but they don’t see it that way. Financially it’s a major hit. If the dealers themselves get hit, their operations are down with no access to data, which is a major concern. That’s happened several times. When you think about the dealer potentially opening up that vulnerability to their client, it’s almost indefensible in 2021.
CR: Are you surprised that there is still a need to raise awareness and educate the channel about cybersecurity in 2021?
Ryerse: Sadly, I’m not. If you start following what Gartner and IDC and others have said, we’re going to keep facing these challenges for the next several years. I don’t think that we will get to a level until probably 2025. After that, we’ll start to take over and be in a much better position. Some little things could happen right now in the technology space that would help, but everybody is land grabbing for their newest technology. No one’s thinking about the impact of security is on those land grabs. Until that changes, we’re going to keep seeing these new cool products, and six months later or less, we’re going to find out that there are new ways to break into those new tools.
CR: Shouldn’t there be more awareness and measures taken on the part of the manufacturers creating these new tools? I would have thought they were doing that already.
Ryerse: Well, you’d like to think that, but then you look at some of these recent attacks and you scratch your head. I know what ConnectWise has done recently. In the last several years, we’ve deployed a shift-left mentality on writing code where security is placed first in all code development. We’ve hired a bug bounty program called, HackerOne to review our code and look for ways into our systems before the attackers find them. We spent a lot of money building a trusted site and communicating to our partner community what we’re doing with security. And yet, as of, mid-Q2 this year, we were the only one in our space to have done all these things. Everybody else talks about it, but they couldn’t show that they were actually doing it.
CR: Should a dealer notify their customers when they’ve been a victim of a ransomware attack?
Ryerse: They probably have an obligation too. Different states have different rules, and you want to do the forensic work as quickly as you can to figure out what the impact was. If I have data, I’m responsible for protecting it, but some dealers don’t think that their data is valuable. Yet, if you’re a dealer and I’ve got access to your client list and all the contact information, all the billing information, I can use that information to start working my way into attacking those businesses because I can basically spoof your business and act like you. If in your network, your tools allow access into your client’s networks, I’m going to use that to shortcut my way into attack those businesses and drastically increase the size of my payout as a threat actor. I just don’t think that the dealer community is willing to admit that there’s a problem.
CR: What’s the solution to the problem, beyond admitting that there’s a problem?
Ryerse: It’s a willingness to look. Anything that’s measured can be improved, but if they’re in denial, I can’t solve that. They need to get their heads out of the sand. And it’s not just dealers, it’s everybody. Start looking at this from a business risk perspective. What you don’t know about security can hurt you. Start asking the tough questions now of your teams as a dealer to understand how a threat actor could use your tools and systems to cause harm to your clients.
Access Related Content