This week’s Security Central takes another look at the FCC privacy rules repeal now that President Trump has signed congressional legislation, peeks inside the new partner program from Kaspersky Lab aimed at MSPs and VARs, and examines five common cybersecurity myths.
On Monday, President Trump signed congressional legislation that repeals the Federal Communications Commission’s (FCC) internet privacy rules that would have prevented providers from tracking and selling their customers’ online information to marketers. The signing of the repeal occurred despite sharp criticism that it threatens to undermine online safety and make users vulnerable to mass surveillance.
The repeal will abolish the privacy protections that the Obama administration put in place, allowing broadband ISPs to share personal information (such as browsing history, app usage history and location details) with advertisers and other third parties without user consent. Needless to say, not everyone is thrilled by this news.
“The only people in the United States who want less internet privacy are CEOs and lobbyists for giant telecom companies who want to rake in money by spying on all of us and selling the private details of our lives to marketing companies," said Evan Greer, campaign director of Fight for the Future, in a statement to Newsweek.
The repeal is also a huge blow to privacy groups such as the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union. The EFF is one of the many organizations against the repeal, and has been adament about continuing to fight for privacy protections. “We urge state lawmakers and technology providers to look for ways to shore up individual privacy until Congress is ready to listen to the consumers who don’t want to trade away their basic privacy rights in order to access the internet,” said Kate Tummerello, policy analyst with the EFF.
Interestingly, there are two sides to this coin. While many security experts and consumers are expressing outrage at these privacy rules being snatched away, others are saying that they were essentially a dangling carrot - something we never really had to begin with.
On one hand, experts like Scott Petry, CEO of security and privacy firm Authentic8, say that the repeal is ludicrous. “Rolling back this legislation is an assault on the core tenets of consumer privacy," states Petry. On the other hand, Lance Cottrell, chief scientist at Ntrepid and founder of Anonymizer.com urges consumers to take a beat and pause for perspective. “The sky isn’t falling," states Cottrell. "For years ISPs have had the ability to do this. It’s only been recently that there was legislation that was set to go into place to prevent this type of spying.” (As reported by Threatpost).
Cottrell also noted that major ISPs such as Comcast, ATT and Verizon have made informal "pledges" stating that they will in fact not sell customers’ individual internet browsing information. “Because there is so much light being shone on this issue, we may in fact see ISPs pressured to contractually offer the type of privacy protection that they are not legally obligate to offer,” Cottrell said. But, what happens when people move on and they aren’t paying attention in six months?
Our second story takes a look at another organization that is looking out for MSPs and VARs (see last week's coverage of Microsoft's 451 Research survey findings). Our pals at Kaspersky Lab just announced a new program designed to provide managed services providers with a full range of security technologies for cloud or on-premise. Dubbed Kaspersky Endpoint Security Cloud, the program is designed to allow smaller MSPs to manage cloud infrastructure from a multi-tenant console.
“In January, we touched on our commitment to focus on MSPs this year and now we are excited to reveal what we have to offer our valued partners,” Michael Canavan, senior vice president of business-to-business sales for Kaspersky Lab North America, said in a statement, as reported by Talkin' Cloud.
Canavan also stated that Kaspersky Lab’s MSP Program was launched to provide more opportunity to partners – especially those that are VARs who are looking for ways to grow their business and migrate to managed service offerings in cybersecurity. “Our program provides the necessary training, resources and access to cutting-edge security solutions to make it possible for MSP partners to completely secure the customer infrastructure.”
The ever-rising importance of cybersecurity cannot be ignored or downplayed, as it is one of the biggest challenges facing MSPs and VARs today. Providers have expressed optimism regarding Kaspersky Labs’ active participation in promoting managed security services.
We close out the week with a few tips from Forbes cybersecurity contributor, William H. Saito. In his lineup of 10 tips. Saito uncovers and debunk some misconceptions about cybersecurity itself. Here are our top picks:
- Myth #1: Protecting yourself is good enough. Organizations must be aware of others in their community and how they’re acting when it comes to cybersecurity questions. Some of the biggest headline-grabbing breaches of recent years involved third parties or organizations subordinate to the entity that was hacked. Everything in your ecosystem, from subcontractors to subsidiaries, vendors and accounting firms, can be a threat vector. Security is only as strong as the weakest link.
- Myth #2: Going back to paper (or disconnecting from the internet) minimizes risk. No. Nope. Disconnecting, implementing “air gaps” or going back to paper can actually increase vulnerabilities. One can’t know if paper copies of data have been illicitly copied or removed. Air-gapped and disconnected networks are harder to monitor because of less logging of data, and are not updated with security patches as often. Ironically, increasing your attack surface this way makes it easier for criminals to find the valuable information and strike unnoticed.
- Myth #3: Using antivirus software is enough. Hackers have found multiple ways to subvert antivirus software and hide their own attacks in a system, in many cases for long periods of time. With the advent of ransomware, the timeframe from infection to damage has become almost instantaneous. In today’s world of quick and persistent threats, a prevention mindset to mitigate both known and unknown threats is essential. AV is outdated.
- Myth #4: Cybersecurity is just a form of defense. Security needs to be positioned as a strategic advantage since it can boost efficiency and save money. Not only is security vital for protection, creating an integrated implementation will enhance usability products and services and generate a competitive advantage. It allows us to utilize the benefits that ICT provides, and in a safe and secure manner. Stop thinking of cybersecurity as merely a cost center and understand its value as a business enabler.
- Myth #5: You’ll never get attacked or breached. This kind of thinking – that it will "never happen to me" – is almost a guarantee that it will. It’s equally unwise to have total confidence in the strength of one’s security and especially one’s security devices. There’s no such thing as perfect security – the key here is resilience. That’s the ability to take a hit and keep going, or in certain cases failure, to default to a protected state. You should architect security with a prevention-first mindset, and also view attacks as an opportunity to learn about vulnerabilities and grow stronger based on that knowledge .
There are many cybersecurity myths, but Saito stresses that an accurate understanding of these 10 is critical to your cyber posture as an individual, as a business, or as a government. To see the full list, check out the Forbes article.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.