With 350,000 new malware threats and 80,000 cyberattacks detected daily in 2020, the reality for businesses is not if they get hacked, but when. Secuvant, incorporated in 2015 by founder Ryan Layton, with headquarters in Salt Lake City, Utah, applies its cybersecurity expertise and understanding of industry-specific verticals to avert the high cost of attack through risk and security gap assessment, security monitoring, managed detection and response, risk program management and other services.
Layton applies more than 20 years of background working with IT executives to solving security issues for other companies. “With large security breaches happening in 2013, I became acutely aware of the security challenge the industry faced and began thoughts of merging the managed network business model I had entertained a few years back with the current security challenge.”
One of those breaches, a Target hack, was caused by an HVAC vendor with network access, which led Layton to realize that large corporations and government regulations would begin driving security requirements at lower levels, providing an opening for him to connect with smaller companies that weren’t being served.
Secuvant has joined with AED in conducting a survey to identify issues in the equipment distribution industry and to establish a baseline of the level of risk the industry faces, as well as the level of protection it currently exercises. Even before the survey results were tallied, some common threads began emerging.
Frequent issues include ransomware. The estimated cost of ransomware attacks in 2020 was $20 billion, nearly double that of the previous year. “The threat of ransomware and its impact on companies’ livelihoods and ability to protect private company data and customer data and remain safe is ever present,” says Dale Rowe, CTO at Secuvant.
Fraudulent money transfers and data protection are other vulnerabilities that have been complicated by a remote workforce. Because many company owners assume they are too small or insignificant to be targeted, security is often lacking. However, those companies collect and retain information on their employees, financial details, and intellectual property such as trademarks or other company secrets that they may feel forced to pay to retrieve if stolen.
COVID-19 has “brought about a raft of new attacks known as ‘phishing,’” adds Eric Peterson, Secuvant’s director of security operations. These scam emails or texts might purport to be from health care providers, insurance companies, financial institutions or even government organizations processing stimulus checks. Combining legitimate-sounding phone calls with phishing emails, their goal is to extract passwords or other personal or financial information.
Statistics provided by Secuvant reveal that more than 80% of all reported security incidents are phishing attacks and that $17,700 is lost every minute because of them. In addition, 94% of malware is delivered via email. However, hackers continue to devise new methods of ingress into corporate systems.
Evolution of threats
A new threat has arisen with the introduction of computer automation. Sensors to monitor equipment health and performance are becoming standard practice. But while smart technology and the Internet of Things (IoT) have enhanced efficiency and streamlined operations, they have also introduced new exposure to cybersecurity issues because most of the devices don’t have embedded standardized security controls.
“Digital exposure and the use of computer automation create cyber risk,” Rowe says. Protecting digital data is a current and ongoing challenge. Companies that are not monitoring their infrastructure are at high risk of a security or cyber event. In fact, attacks on IoT devices tripled in the first half of 2019.
One aspect of IoT cybersecurity risk involves botnet attacks. A botnet usually enters a system through an email attachment, pop-up ad or software download. Once in a device, botnets access and modify information, steal data and attack other computers. For example, software developer SolarWinds Inc. incurred an attack last year. Hackers inserted malicious code into an update of the company’s software. After 18,000 SolarWinds customers installed the update, hackers were able to infiltrate them.
Cybersecurity is a moving target, with daily evolution. Rowe says that, in addition to monitoring intelligence and trends, as well as researching new threats and those on the horizon, Secuvant continually adapts its risk services, including its managed detection and response (MDR) programs, to align to business needs.
But cyber protection requires more than just technology. Preventing attack takes a combination of employee training, financial policies, and safeguards in addition to the technical controls like spam filters.
Most cybersecurity companies focus on delivering products and solutions, but Secuvant works to develop strategic relationships with its customers – going beyond learning about the industry to understand the customer’s strategic plan and their business drivers.
“What Secuvant does better is the personal touch,” Rowe believes, adding that they strive to make their customers feel that they are part of the customer’s team. One way they do that is by partnering with major associations in the industry to better align with the clients’ interests.
“We believe companies often waste money on risk reduction because the investment wasn’t properly aligned with business priorities,” says Don Ainslie, executive vice president, who adds that Secuvant can’t effectively address cyber risk without understanding a client’s business.
Secuvant connected with AED through Jim Walker, a 40-year veteran of the AG/CE industry who retired as the North American leader of Case IH and now sits on Secuvant’s Executive Board. “The business model of a full line CyberSecurity services provider at an economical cost is unique and will be a true value add to the Distribution network in the CE industry. I am excited to be a member of the Board and mentor the Secuvant team in the AG/CE Channel,” says Walker. Aligning with equipment dealers furthers Secuvant’s understanding of AED members’ business models, including sales of new and used equipment and parts, leasing, and maintenance.
“We want to add value every day through our risk program management and monitoring services,” Layton concludes. To do so, Secuvant combines its knowledge and experience with ongoing research, such as the results of the survey, to create a solution that’s purpose-built for AED members.
The AED & Secuvant Cybersecurity Preparedness Survey results will be published in the June issue of CED