Most likely you have already heard the devastating news of the cyber-attack against Equifax in mid-May. Although the world didn’t find out about the breach until mid-September, the impact to individuals was tremendous with the exfiltration of names, addresses, SSNs and birth dates for over 145.5M people. However, despite all the media coverage, CreditCards.com reports that only about 61 million Americans—just over a quarter of all consumers—checked their credit score or credit report in the two weeks following the breach. In other words, the majority of Americas are doing very little to protect themselves despite the clear warnings as a result of this catastrophic incident.
This begs the question…are we seeing small and medium-sized businesses (SMB), mid-size or even enterprise customers reacting appropriately to the daily barrage of media coverage from breaches such as Equifax or are they choosing to roll over and hit the snooze button? I had the privilege to speak at our Tech Data Tech Select conference in Vancouver, last week, with a panel of three loyal security customers. I took the opportunity to poll them as well as the audience to ask if they had seen an uptick in security sales or even customers talking about loosening budgets for security. Unfortunately, this informal poll showed 10 hands raised in a crowd of close to 100 customer executives. So it looks like even our customers in the channel are not taking action as they should.
5 Approaches for Security Action
What can the channel do differently to stir our customers into action? I would like to provide five approaches you should consider to excite your customer enough to turn off the alarm clock and roll out of bed.
- It’s All About Risk Mitigation – Too many times we offer a security assessment or service without tying the results back to how the customer understands their risk in doing nothing. We are providing steps to mitigate the risk without explaining the importance. Make sure you are giving your customer something tangible to sink their teeth into instead of just a boring technical network scan report that they don’t understand. If you want to make a sale, speak in the language of the CIO, CEO and CFO. Talk about risk!
- Ransomware Needs a Proactive Approach – Your customer has surely heard of ransomware at this point and many are frightened that they might be a victim soon, but many don’t know what to do about it. In addition to starting the conversation with an analysis of the risk to lost business, the best mitigation to a ransomware attack is a great backup/recovery strategy. Even the FBI is now recommending that companies NOT pay the ransom since you will rarely see a positive outcome from your Bitcoin. So that means if you want to see the data again, you need to have a solid backup. There are many options to sell your customer, but don’t forget this important aspect of security.
- Patches, Patches and More Patches – It turns out that 44% of breaches exploit known vulnerabilities in servers and applications, which implies that there is likely a patch available since the vulnerability is “known.” If Equifax had only patched the Apache Struts vulnerability back in March when the vulnerability was disclosed, they possibly could have avoided this nightmare that might spell their doom when this is all over. Make sure your customers have a solid patch management strategy and a process for prioritizing security vulnerabilities.
- Layered Security – Security is no longer the exclusive game of the firewall vendor. Help your customer understand that a layered approach to security includes the endpoint, network and data. It’s not uncommon for mid-sized companies to have 8-12 different security vendors in their environment performing different security functions. Leverage an assessment to determine where the opportunity is and help your customer cover the security bases, because there are many.
- Micro-Segmentation – Knowing that the firewall—while important—it is now only a small portion of a security posture, we must assume the bad guys are already inside the network. In fact, research shows that a bad guy is in the network an average of 140-180 days before they attack, so what should your customers do? Micro-segmentation solutions, such as VMware NSX, allow customers to segment their network into bite-sized chunks. If a bad guy compromises one portion of the network, they won’t necessarily have access to another. his also isolates employees’ access, which is a great security practice.
Unfortunately the security challenges that plague our customers will not be getting better anytime soon, which spells opportunity for the channel. If you need assistance with offering quality assessments to your customers, presales to sell a security technology, managed security services to bundle with your security offering or even technical product training for your end-users to ensure they are prepared to use the technology you sell them, Tech Data is here to help. or more information about how to leverage our many security solutions, please reach out to firstname.lastname@example.org.