Resellers Beware: Hackers Are Using You To Get To Your Clients

By Sean Berg, Shift4

According to a February 2018 White House Report — The Cost of Malicious Cyber Activity to the U.S. Economy — cyberattacks cost U.S. businesses as much as $109 billion in 2016. A 2017 Ponemon survey found a typical firm experiences 130 security breaches each year.

Because of this, business owners are turning to resellers to provide cybersecurity protection from hardware using point to point encryption (P2PE) to security services such as Tokenization. Resellers are becoming the first defense against distributed denial-of-service (DDoS) attacks, phishing and spear-phishing attacks, and password and malware attacks.

As a result of having implemented these robust defenses, businesses have made the hacker’s job all the more difficult. So, what is a hacker to do? Turn their attention to the next largest and weakest link, of course. Unfortunately, that link is all too often resellers and IT providers and, as a result, technology resellers hold an extreme amount of liability.

Why Are Resellers In Hackers’ Crosshairs?

Why do people shop at Sam’s Club, Costco, and BJ’s? One-stop shopping. The same principle applies to hackers targeting resellers that maintain a connection to each business environment they service. With so many businesses relying on resellers to protect them, resellers themselves are controlling an incredible amount of data. Breaching a single IT provider can give a hacker access to each and every one of a reseller’s clients, resulting in tens of thousands of chances that someone will fall victim to their ransomware.

Something as simple as learning a password can gain the hacker access to all of a reseller’s clients, potentially billions of conveniently accessible records. Resellers are a much larger attack surface, an easy road to a big payday. Ironically, because of their own efforts securing their customers, resellers are often easier to compromise than their clients.