Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs
Selling cybersecurity solutions is all about understanding the risk to your client’s business.
In this webinar from security experts Huntress, they explored the threat landscape facing small and medium-sized businesses (SMBs) today. Then, they explored the ways managed service providers (MSPs) can bolster their tech stacks without breaking the bank or overloading your engineers.
Andrew Meier of Huntress covered the topics with Morgan Aspinall, Product Manager for Halo PSA, and Harry Boyne from UK MSP Chalkline Solutions.
When it comes to packaging and selling cybersecurity, it’s important to be aware of the multitude of threats facing the small and medium-sized (SMB) market today.
Hackers today operate as businesses, and they can do so on a much larger scale than most MSPs, or their clients. Furthermore, artificial intelligence (AI) has opened up opportunities for us as technology providers, but it’s also done the same for threat actors.
So, when it comes to educating our customers, how can we demonstrate the need for good cybersecurity practices? And when we do so, how can we carry this out so that it’s not intrusive or expensive for them?
We should ask ourselves, what happens if they object or refuse to comply? Are they worth the risk to our reputation, or should we cut them loose?
And how can we utilise our professional services automation (PSA) tool or ticketing system to keep on top of alerts?
Speakers:
Andrew Meier, Sales Engineer, Huntress
Morgan Aspinall, Product Manager, Halo PSA
Harry Boyne, Co-Founder & Technical Director, Chalkline Solutions
Cybercrime is rapidly growing as a business.
According to the 2023 IC3 Report, over the last five years:
3.26 million complaints (reports of hacks) were received by the Internet Crime Complaints Centre$27.6 billion in losses were reportedCyber criminals earn their money through numerous methods, or attack vectors, and there’s a whole ecosystem where data is gathered and brokered and tools engineered for malicious purposes.
And just like a modern business, they have excellent customer service teams.
They’re even hiring! With all the conditions you’d expect with a normal day-to-day job, such as leave entitlement.
Artificial Intelligence is Raising the StakesAdoption of AI chatbots has upped the game for threat actors, which has made phishing much easier, and more widespread.
Harry and Morgan said they were using AI in their businesses, though finding it hit and miss. AI is making accessibility much easier, especially for threat actors. Andrew said that we need to be smarter and faster in detecting and responding to threats.
The speakers discussed ways we should be educating customers about the type of threats we’re facing today.
Some of the key takeaway here were:
It’s important to use straight-forward relatable language.It’s much easier to explain threats to customers who have already been a victim of cybercrime.Explaining it in terms of the risk to their business and the consequences of not acting on it is a good start.If you can demonstrate how a compromise could affect their bottom line it could provoke them into taking steps to become more secure.When it comes to cybersecurity, people, processes and technology are the three tenets that go hand-in-hand.
Framing the Need for Security and Strategic RecoveryStarting with a recognised framework can help you start the conversation with your customers:
The NIST framework structures security into five areas: Identify, Protect, Detect, Respond and RecoverCIS controls – a prescriptive, prioritised, and simplified set of best practices that you can use to strengthen your cybersecurity postureCyber Essentials – is a UK certification to show that an organisation has achieved the minimum level of protection is cybersecurityWhen an event does occur, having better security in place means better controls around recovery.
Depending on the level of compromise, there could be just a few steps you need to take, or there could be whole areas you need to quarantine and restore.
Therefore it’s essential that you discuss with your customers a priority plan. This lets you know what you need to focus your efforts on getting operational again first. This is what resiliency is all about.
For any customer you onboard, you need to ensure that they opt-in to a minimum security stance, and they keep up their obligations.
It’s as much a risk to your reputation as it is to theirs if they don’t act on your recommendations, and suffer a serious attack as a result.
Selling cybersecurity solutions is as much about risk to your customers as it is to you.
Andrew said that regardless of what’s in your stack right now, there is no excuse to not do what you can with what you’ve got. There’s no need to try to boil the ocean.
You can make a good start by following these steps:
Conduct a risk assessmentLeverage your existing partnershipsArm your teamThe speakers discussed what’s best when it comes to keeping customers safe and the impact to their businesses.
Harry said that the landscape is changing so quickly, and it can be hard to keep up with all the updates we need to deliver. However, by not telling customers exactly what’s in our stack, we have the ability to make changes to it fairly quickly if the visible impact to their business is minimal.
The client has to come first and you need to have their best interests and the user experience in mind too.
As well as the customer, your team also needs to be behind your stack. Plus, they should have confidence in their toolsets.
Some of the common tools used in security stacks are:
PSA Tool or Ticketing SystemAntivirusManaged Detection and Response (MDR)DNS SecurityFirewallMulti-Factor Authentication (MFA)Password ManagementMorgan Aspinwall gave us a brief demo of Halo PSA in how it records and manages a security alert ticket, from assignments and escalations to workflows for actions and responses. However, we ran out of time to explore it in any great detail.
The stakes are continually being raised by threat actors, and as MSPs we are challenged to not only to develop more robust stacks, but to sell these expensive solutions to customers.
The secret to this is: we can start by ensuring we demonstrate the standards shown in security frameworks. And to impress upon customers that what we offer is a way of reducing the risk to their business financially, operationally and reputationally.
Furthermore we need to make sure we have the confidence in the tools we are using to protect our customers. One of the best ways to do this is to use the tools to protect our own businesses first.
The post Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs appeared first on Tubblog: The Hub for MSPs.
