The rise of cybersecurity and managed services plays into the channel’s hands – but with the channel handcuffed by a cybersecurity skills gap, what can resellers do to meet security demands?
Jez Turner, Cyber Security Sales Director at Chess, provides some answers.
A challenge for resellers wanting to up their game in security is to gain a low cost of entry with low risk levels, while focusing on core business. “The fastest and least risky option is to partner with an experienced security provider,” said Turner. “This way resellers avoid having to grow security revenues to hit the right vendor discounts, and they sidestep the battle to retain skilled staff who often get headhunted. Working with vendors directly could also see resellers lose out to bigger established players. It is also a much harder route. To sell security effectively you need 100 per cent dedication. It can’t be done as part of another role. So partnership in some form is the best route.”
The must-have elements of a security solution for SMEs can be categorised as ‘basic security’ and ‘advanced security’. Basic elements include next gen’ endpoint, gateway solutions and encryption, while the advanced category may encompass SIEM, visibility and MFA. “The tricky part for ICT resellers is the knowledge and skill set they need to implement the appropriate security options,” stated Turner.
Security providers need to get the basics covered before they start to look at the advanced options available to them, and the best way to baseline this is through an effective audit, pen test and accreditation. “Cyber Essentials and Cyber Essentials Plus are the two accreditations to consider, and are a great badge for any organisation,” explained Turner.
“Penetration tests are vital, but it is more important to make sure the test is appropriate to the customer. Chess has five qualified pen testers and we have learnt on our journey that all pen tests are not equal: You pay less for someone to plug in a standard tool and print out a report; and pay more for someone with the right knowledge, who is CREST qualified like Chess Cyber for example, to interpret that outcome and use human skills to think like a hacker. This is what the market wants and resellers should partner with the right people that have the correct accreditation.”
The main threats faced by SMEs include ransomware, data loss, hacking and the subsequent loss of business and reputation. “Many SMEs simply don’t realise their information is just as valuable as larger companies and often they are easier to breach,” said Turner. “This tends to follow the 80-20 rule, with just 20 per cent of SMEs being highly secure. In SMEs there is likely to be limited resources and a lack of understanding of security risks at senior management level. So cybersecurity needs a consultancy approach.”
As with every technology area there is always the next big thing and security is no exception. Currently, pointed out Turner, the hype is around AI. “There is already talk of aggressive AI to overcome the defensive options,” he added. “No doubt we will see this escalate in the coming months and years. There is a need to constantly evolve against the motivated and highly resourced threat actors.
“Furthermore, many vendors are constantly expanding their portfolios and Chess Cyber tracks these advances and is fast to market by talking to customers regularly, running webinars, events, demos and proof of concepts. The next big area will be how different point solutions in security can work together to form a holistic single picture of threats. This requires software platforms that work well together, with managed services and security expertise to look at how to develop and deliver SOC (Security Operations Centre) type solutions.
“The future will see larger security vendors expanding into more security areas to create their own view of this bigger picture. The best ones are already some way down this path. It also means the market needs the right skills to deliver, implement and manage those solutions.”
Against this backdrop of technological change and challenge, and with the industry shift away from tin towards software and managed services, resellers must address the security needs of their customers large and small. “You need to get it right otherwise customers will move away rapidly,” warned Turner. “Security is visible even if you get it a tiny bit wrong. So make sure you know your base and talk to lots of established players about the challenges and how they can help with a partnership.”