I attended an event last night where an Army General gave a talk about cybersecurity. One of the things he said really struck me, “There are two types of companies out there. One that has had a data breach and is dealing with the repercussions of it. The other has also had a data breach, they just haven’t realized it yet.” If this generalization were indeed true for every company out there, you’d think that cybersecurity would be at the top 5% of every business leaders’ priority list. Selling cybersecurity services and tools that protect a company’s data should be the easiest thing in the world, right? I haven’t found that to be the case.
Everywhere I turn, I’m reading about some cybersecurity incident. There are articles on websites, television news, blogs, magazines, radio, social media, etc. that outline what happened, who did it and what information was leaked. Unless you’re living under a literal rock, it isn’t possible to not be aware of the cybersecurity threats that exist. Ignorance isn’t an excuse for not prioritizing the protection of your data. I got to thinking and maybe it’s one of these reasons.
· “It will never happen to me.”
Regardless of the weekly if not daily reports of cyber incidents, I have come across people that do not think something will happen to them. I often get “Oh, we’re not a target. We don’t have any data that would be valuable to hackers.” That may be the case but it isn’t necessarily your data they want to sell. Sometimes they just want to shut down your operation by stealing the data you rely on to operate your business and hold it for ransom That would be ransomware! There are others that might like to negatively impact your business and, I’m making a Batman quote, “Just want to see the world burn.” Never count yourself out for being hacked. Every company is a target.
Maybe it’s another reason.
· It’s not always obvious that a company has been hacked. People wait until they notice something abnormal.
As the General pointed out in his talk, this is very common. Malware can be dropped into a network and live for months without causing any harm. This is very common as the hackers need time to find the most valuable information before they extract the data and give away their position. Unfortunately, once a company is aware of the data breach, it’s too late. Data has been compromised, trust has been lost by their employees and/or customers and panic settles in. You have to be proactive in handling your cybersecurity stance. It’s all about establishing normal behavior on your network so you can identify abnormal behavior, which will highlight a threat or breach.
Here is another reason.
· Cybersecurity doesn’t contribute to the bottom line.
Fair point. Cybersecurity is a technical, more proactive insurance policy. It doesn’t create value for your customers and bring in revenue. I feel like this is a pretty obvious statement. However, what isn’t as obvious, is the trust that it establishes with your employees and customers. Being cyber aware legitimizes a company’s brand by saying “Yes, we care about their privacy, and oh by the way, we’re a technologically savvy company that is aware of the rapidly growing cyber threats.” Technology will only further imbed itself into the way a company operates. It’s a smart business decision to let the world know you understand the usefulness of technology but respect the threats that it brings.
Here is the last reason and probably most common.
· A lot of people are just simply overwhelmed by the complexity of cybersecurity.
No one can blame somebody for feeling this way. IT in general is complicated and so is cybersecurity, especially when there are new types of threats arising every day. How do you wrap your arms around what’s involved with cybersecurity? What are the different ways people can attack an organization? People don’t like being outside of their comfort zones, especially when it makes them look vulnerable by not knowing something. I honestly believe that if people could digest cybersecurity in a simplified, non-technical way, they would be more willing to act.
This is where I get to put my selling cap on. There are several different approaches to explaining what’s involved in cybersecurity but unless your IT organization and executive team are on the same page, nothing is going to get accomplished. At Think|Stack, we have developed a proprietary SaaS tool that bridges this communication gap. It organizes the complexity of cybersecurity, while communicating the parts in an easily readable interface, which allows a company to make a plan about their cybersecurity stance and schedule a budget around it. This tool is called GOMA and I’ve seen it have the most impact in getting companies to take cybersecurity more seriously. Once that happens, it will make the selling of cybersecurity services and tools much easier for all companies!