Industry Insights

How to Build a Robust Cyber Security Strategy

By Ideas @ AppDirect / December 20, 2022

Building a stable cyber security strategy is about more than paying for a third-party security service.

Businesses must be more proactive and commit to educating their workforce. While cyber-attacks have become more sophisticated, many are avoidable by adopting some simple measures.

We talked to our advisor community about this in more detail in our October State of the Union webinar. We welcomed Jay Kaplan, CEO and Co-Founder of Synack, Pierre-Luc Bisaillon, Chief Information Officer at AppDirect, and Frank Ferdowsian, Client Advocate at idea! Communications Group Inc.

Tune into our State of the Union episode to hear from these folks directly. You'll hear a special segment with Jay Kaplan and Dan Saks, AppDirect’s Co-Founder and President at 3:50 in the video.

The cybersecurity threats facing businesses today

The cyber threats businesses face today are increasingly sophisticated, and the types of threats prominent today have also changed. Part of the driving force behind the growing threat landscape is the adoption of mobile devices at home and work, as well as the proliferation of IoT devices. While mobile devices are powerful and convenient, their expansion opens our networks and data to potential bad actors. As companies look to stay one step ahead, the market for security solutions is also increasing at an incredible pace. According to Technavio, the global cybersecurity market is projected to grow by USD $203.5 billion from 2022 to 2027. In North America it’s estimated the market will experience incremental growth of 34 percent. ¹As an advisor, you have the unique opportunity to help organizations improve their security posture while growing your wallet share and solidifying yourself as a trusted technology partner.

Jay Kaplan has years of experience in government cybersecurity. In the video, he observes that the biggest threats five to 10 years ago were focused on state-sponsored attacks. Cyber attackers from some countries outside of North America and Europe had more resources dedicated to stealing intelligence and other sensitive information.

However, things have shifted in the past two to three years. The greater threat these days comes from crime syndicates.

People are increasingly recognizing that they can make money by hacking into foreign networks.

Ransomware is also on the rise, and in a lot of cases, businesses will pay the ransom rather than trying to claw the data back from backups. Since the popularity of cryptocurrency has also increased, it’s even harder to track where the funds are going.

With threat levels rising for businesses, cyber security advisors do what they can to help their clients become more proactive about security. This means being part of the conversation when it comes to choosing cyber security solutions and building security teams.

Tune into our State of the Union episode to hear more from these folks directly. Hear insights from Pierre-Luc Bisaillon at minute 21:38 in the video.

Choosing cybersecurity solutions

One of the biggest challenges for companies is choosing cybersecurity solutions that are aligned with their security criteria and budget. With so many solutions to choose from, it can be overwhelming for your customers to sift through them, and unfortunately, there’s no rulebook to help them make the right choices.

3 quick tips from security experts

1. Remember: Security is one of the most critical solutions you sell—Whatever vertical your customers are in, their systems, network, and data need protection.

2. Not sure where to start? Engage with channel managers and providers by attending educational security sessions. Taking these steps, you’ll know what’s available and get tips on how to start conversations with customers.

3. Your customer says: “Thanks, but I’ve got that covered” —If this is the case, be patient. Guide them through their journey. Stay engaged (check in every quarter), and ask about how their business is changing so you can help identify where any security gaps may be.

Jay’s advice on selling cybersecurity services starts with getting a clear picture of what customers’ cybersecurity framework currently looks like. What are their biggest risks and vulnerabilities? Are they doing the basics? What measures do they already have in place?

He adds that more companies today are becoming proactive in managing cybersecurity, and many are hiring more robust security teams to develop a plan of action. However, a lot of organizations are finding that those roles are very hard to fill. According to Jay, by the end of 2022, 3.5 million open cybersecurity jobs will remain unfilled.

With such a security skills shortage, third-party solutions are the most likely option for companies struggling to hire full-time talent.

As a technology advisor, when you’re evaluating cyber security solutions for your customers, consider their industry, vulnerabilities, and where the gaps in their system currently lie. Advisors should be prepared to shop around and speak with service providers to find one that meets all of your customers’ needs.

With Frank’s experience selling security solutions, his advice for advisors is to always be part of the conversation. He says advisors need to be willing to learn about each potential solution and what the customer really needs. That way, advisors can get the guidance they need from customers and learn more about their security worries. This is a win-win for customers as well because they get guidance and tailored solutions from advisors based on their individual needs.

In the video, Frank also explains his approach for when customers bring up common objections to getting cyber security advice.

A common objection is “we have that covered,” because they have some kind of cyber security package already. However, this isn’t a replacement for having an advisor on board guiding you through security processes or a tailored solution.

Frank’s simple advice for advisors is to “take your time,” hang in with them and guide them through the journey. In Frank’s experience he found that even when a customer would say no initially, he ended up helping them deploy a complete comprehensive solution.

At the same time, your customers shouldn’t solely rely on third-party tools. Make sure they also cover basics like updating systems and educating their workforce.

Making discussions about security requirements and compliance part of your customer conversations is just one among many steps that build trust with your customer, and it brings you closer to becoming their single trusted source for products and solutions.

How sophisticated are modern cyberattacks?

While there is no doubt that the potential for a sophisticated cyberattack has increased, Jay believes that a lot of them aren’t as sophisticated as they might seem, and they can be mitigated by adopting the right strategies.

The main reason that many cyberattacks are successful is because companies are not doing the basics to protect themselves. They’re not doing patch management, servers aren’t updated, there’s little code reviewing, and as a result, businesses are leaving themselves open to attacks.

Jay points out that phishing attacks are among the most successful types of attacks because human error is so common.

These types of attacks are also getting harder to spot, especially when they contain better information such as specific names and details that are convincing enough to fool people. Jay’s recommendation to advisors is for organizations to put in place the right training so that everyone knows what a malicious link looks like and what to look for in a suspicious email.

When preparing your customers for cyberattacks, Jay’s recommendation is to get them to think like a hacker. For example:

• What would a hacker do?

• What weak points in your system would they target?

This level of scrutiny and preparation should extend to your customers’ suppliers and other people in their network, such as third-party service providers. Any sensitive data that is passed between organizations is a potential point of weakness.

Other ways companies can protect themselves

Pierre-Luc Bisaillon, Chief Information Officer at AppDirect, echoed Jay’s cautionary advice, adding that a lot of the time, these attacks happen when the basics are not covered. The first thing businesses can do is to think about their business risk, he said. Sit down with the leaders in your customer’s organization and consider what a cyber threat could look like and how it could impact the business.

He recommends that customers uncover potential gaps in all of their security measures and determine whether they can protect those gaps themselves, and where they should turn to a third-party solution provider that can assist you.

Another important consideration is compliance. Depending on your customer’s industry, they may need to comply with specific security standards governing areas like how they handle personal information and financial data, how they ensure business continuity, and so on. Know what regulations and legislation they need to comply with, and ensure their security plan is designed to fully meet them. Failing to do so could result in serious implications affecting their business.

For more insights and advice on the best cybersecurity practices and solutions, tune in to the full webinar. 

Sources: 

¹ Technavio