Cybersecurity is one of the hardest variables to control, with the rapid acceleration of technology and the constant emergence of new attack vectors.
It’s key for Infosec experts, IT consultants and advisers to remain agile and work with organisations to constantly challenge, re-develop and refine security strategies that are as multi-faceted as the infrastructures they protect and as the threats they aim to mitigate.
COVID-19 is a good example of this need to be agile, with the pandemic reminding us how quickly global events and disruptions can have a significant impact on shifting priorities. Almost overnight, businesses scrambled to enable remote workforces to work securely, demanding cybersecurity solutions and strategies that could not only help mitigate the amplified security risks facing a remote workforce, but also improve productivity and collaboration. It forced Infosec professionals to re-think their cybersecurity posture, and to question if what they were doing was enough. For the forward thinking and progressive, it wasn’t such a stretch, but for others who had resigned themselves to more traditional ways of operating, it was more stressful. If it wasn’t already, this in fact, is “the new norm.”
A recent Microsoft survey revealed that when asked to identify their best pre-pandemic security investment, most businesses identified anti-phishing technology to combat the rise in COVID-19 themed phishing emails. However, during the pandemic, the top security investment made was multi-factor authentication (MFA). That’s because “providing secure remote access to resources, apps, and data” was the top challenge reported by security leaders.
This is an example of a situation where cybersecurity consultants and IT partners had to review and re-define existing cybersecurity strategies to help businesses navigate a changing cyber threat landscape, depending on their existing cybersecurity posture. And with new cybersecurity technology emerging every day, they may also find themselves in a situation where they must propose different solutions to exec teams, leveraging smarter and/ or different capabilities in order to respond in an agile manner to incoming threats. But pushing for new solutions after previously convincing and leading businesses down a different path may result in a tough or awkward conversation. The arguments in favour of spending money on a particular solution are not always self-evident to the average business decision-maker, especially when competing against other priorities for business and sales growth. Executive decision makers need context to clearly understand the value of security products as they relate to everyday commercial realities and the bottom line – a process that can be frustrating and complex if the recommended solutions keep changing. How can tech partners do this without losing trust and credibility with those that they are advising?
It doesn’t hurt to remind ourselves that selling cybersecurity services is a delicate dance between recommending solutions that are well placed to mitigate the current threats facing businesses and being able to honestly communicate the need to change tack, and to take a different approach. Below are three reminders as you continue meeting this balance. While these reminders aren’t too different from the tactics typically used to sell cybersecurity solutions, they take into consideration the shift in mindset that is required by businesses to accept new solutions and approaches over previously recommended ones, specifically in an era of heightened cybercrime.1) Be transparent
No one vendor or solution can guarantee 100% security from all incoming cyber threats, and as self-inflicting as that statement is when trying to sell a cybersecurity solution, it helps in the long run. Decision makers understand this and appreciate when you are upfront about the solution's efficacy and execution, and it helps in situations where you are trying to explain why a particular solution you had recommended in the past is not as effective as another one. Remind your clients that while cybersecurity solutions help place their businesses in the best position to mitigate the risks of incoming attacks, they don’t guarantee a complete defence, and that as the landscape is changing so to do they need to reconsider their security stack.
When it comes to recommending technologies, a multi-layered approach is the best, especially when it comes to email security. Nine out of 10 businesses are impacted by phishing emails, even when most have an email security solution in place. That’s why I firmly advocate taking a ‘defence-in-depth’ approach to email security. This means looking at security from all sides, in the event that if one defence fails, the others will stop the incoming threat. It’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
2) Educate them about the latest cyber risks
Every day, we read news about a new ransomware attack, or a new phishing scam that has disrupted organisations – especially since the advent of the pandemic. Every country in the world has seen at least one COVID-19 themed cyber-attack over the past few months. As you know, educating clients about ongoing cyber risks positions you not just as a vendor, but as a trusted adviser who is aware of the latest in the threat landscape and is therefore well placed to guide them about the right solutions that are able to mitigate these risks. It doesn’t hurt to remind ourselves that this fact reinforces itself too - every time your client sees a news alert about a ransomware attack or data breach, they will remember how your recommended strategies and solutions have kept them safe. Ultimately, business decision makers will be reminded of the valuable service you’re providing them. Plus, when businesses see that new attack vectors keep emerging, they are likely to be more flexible and understanding when it comes to embracing different solutions or layering previous solutions with new ones. Remind them that new, evolving cyber threats require new approaches to mitigate them.
To assist customers in staying abreast of the latest in cybersecurity, I recommend visiting the MailGuard Partner Blog regularly. Here, my team and I collate the latest threat intelligence, key cyber learnings & valuable lessons in a variety of resources – in the form of thought leadership, whitepapers, case studies, infographics and many more. Sharing these with your customers can help to develop more strategic & well-informed discussions on navigating existing and/or incoming cyber challenges and may even help in building your case for implementing a new approach or solution.
In order to adapt to the many business implications of the pandemic, 81% of businesses leaders have reported feeling pressure to lower overall security costs. In this situation, convincing businesses why they need to invest in another security solution to replace or complement their existing ones can get tricky, especially with some security solutions also requiring additional time and resources for training and implementation.
We can remind customers that paying for cybersecurity services is typically a fraction of the cost it would take to recover from a cyber-attack. Google says it intercepts 18 million COVID-19 scams phishing emails every single day, and we know that all it takes is an innocent click on a single email to cause catastrophic damage. With reports stating the average cost of cybercrime to a business in Australia is around $276,000, the financial repercussions of not paying for the right cybersecurity solution can outweigh its costs.
Reminding customers of the value of investing in the right cybersecurity solutions can also go a long way in making the case for a new solution. Demonstrating how a particular solution is better placed to address the vulnerabilities present in that business’ overarching cybersecurity strategy can help convince your customers of the efficiency of investing in that solution. I always recommend doing a risk analysis and seeing where most incidents occur in their businesses.
Along with expertise and skill set, agility is, as we know, fundamental in truly supporting our clients. The disruptions caused by the pandemic have amplified this need for us to review and redefine our approaches and solutions, specifically when it comes to enabling secure remote work and business continuity. While actively guiding our clients to adopt new technologies amid an environment of budget cuts comes with its challenges, it gives us a better chance of keeping their businesses safe from emerging, sophisticated and targeted threats. Let’s not shy away from meeting these challenges and continue embracing innovation, flexibility and agility in order to become better trusted business partners to our customers.
Do you have any other tips for partners who are proposing new or alternate cyber solutions for your clients? Write to us below.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993