A growing bevy of cyber crime threats show that the old vendor-led model of selling security has collapsed.
Why? Because breaches will continue to prevail unless a consultative approach to the security landscape is adopted, argues Steve Burden, Security Product Manager at Daisy Group.
A full and quantified assessment of the security threats faced by particular customers must be understood before proposing a solution, any other tactical approach is doomed to failure. “The worst aspect of the security market is resellers and vendors looking to push a specific product without understanding the overall needs of their customers,” stated Burden. “While this approach may have worked in the past the market is changing and calls for a consultative strategy rather than a product-led sales pitch. Resellers need to concentrate on what they can do to add value in this space.”
User education can often produce the best return on investment, noted Burden, along with getting some of the basics right such as firewall, anti-virus and regular patching. “Ironically, the biggest security threat faced by SMEs comes from their own employees,” he added. “Many are poorly trained in security and do not know how to use web and email safely. These threats often manifest themselves as phishing, ransomware and data privacy issues. Wannacry was a good example of how devastating a ransomware attack can be to organisations of all sizes. Phishing is becoming more sophisticated, with many targeted at siphoning funds from business bank accounts. Also, GDPR has become relevant and we’ve already seen mistakes being made by employees accidentally sharing personal information.”
Organisations can never do enough on security, and with limited budgets their resources must be concentrated in the right places. Not surprisingly, non security-centric resellers are currently struggling to keep up to date with the fast changing cyber security threat landscape. “It’s difficult enough for those large enough to dedicate full-time resources and departments to the job, let alone resellers who typically focus on other areas,” said Burden. “However, it’s crucial not to lose sight of how important security can be as part of any IT proposition. We’re seeing customers take security into consideration when purchasing a wide array of offerings such as connectivity, UC and cloud. If you are not protecting an asset or service you are providing to a customer then you are either leaving money on the table or risking losing a client and damaging your reputation.”
There’s pressure on all resellers to accept security as an important part of their core offering, rather than an add-on or nice-to-have. And according to Burden, everything needs to be looked at from a security perspective, not just traditional considerations like firewalls, anti-virus etc. “With security opportunities resellers need a consultative approach, working with the customer to understand their key risks and proposing a way to use their limited security budget in the most effective manner,” he commented. “The best aspect of the UK security market is its willingness to openly discuss challenges across organisations to create solutions that work for everyone. Security is not something that only affects a small number of organisations, it is an area of concern for us all.”
GDPR is a big talking point for everyone in the industry at the moment, and for good reason. It’s implications are broad and a GDPR-beater product doesn’t exist. “Another big issue is patching which is commonly overlooked and can have grave consequences,” pointed out Burden. “Just look at the Wannacry attack. The vulnerability it exploited in Windows had been patched months earlier but hadn’t been applied to a large number of devices. Furthermore, confusion surrounds how the security landscape is perceived. Customers are aware they are under threat but don’t know what to focus on.”
Sales people who can consult with customers and have a diversified portfolio to support them will be most attractive to SMEs, especially if they can display a capability to react to cyber events in an agile way. “We don’t know where the next threat may come from, but when it hits the organisations that suffer most will be those that take the longest to respond,” commented Burden. “By reacting quickly the impact can be minimised. Security sales is all about confidence, building trust and demonstrating that your organisation has the capability to provide a responsive end-to-end solution. The old scaremonger tactics no longer work.
“Daisy has adopted a consultative approach of Discovery, Prevention and Response – discovering the threats faced by the organisation, putting technological solutions and processes in place to prevent those threats from materialising, and ensuring that resources are in place to respond to events should the worst happen.”