Managed security service providers (MSSPs) along with global systems integrators that focus on security have a unique marketing and sales challenge. A recent global survey of 2,404 business decision makers conducted by B2B International on behalf of STANLEY Security, a division of Stanley Black & Decker, finds the top thing executives focus on when evaluating a service provider is technical support and expertise, followed by timely service, brand reputation, delivery performance and accurate cost estimates.
The challenge security service providers face is one high-profile breach can wreak havoc with how they are perceived, no matter how much technical depth they may have. A security service provider could have successfully thwarted millions of intrusions, only to find their credibility challenged because cybercriminals managed to compromise a single chink in their proverbial armor. As these breaches gain notoriety, the entire cybersecurity services sector clearly suffers.
It may be tempting to take some satisfaction when, for example, a rival gets hacked, but the fact remains the reputation of the entire cybersecurity services sector suffers with each high-profile breach. Business leaders can now be more easily swayed than ever by internal IT teams that say cybersecurity should be left to them because it’s too critical to be left in the hands of an external service provider.
Arguably, IT services providers that specialize in security clearly have a vested interest in working together to not only share intelligence but also contribute the resources needed to, for example, harden attacks on the remote desktop protocol (RDP) that have become widespread. Right now, there are plenty of way to share intelligence.
Conversely, there doesn’t seem to be many mechanisms through which cybersecurity service providers can collectively work together to specifically harden the enabling technologies on which they all depend. The collective weight of such a body would exercise a lot of influence over what issues get tackled first by, for example, an open source governing body. It may even be in the interest of cybersecurity service providers to create a fork of a project that addresses their specific requirements. As Benjamin Franklin once sagely noted, it is better to hang together than it is to surely hang separately.
Walk a fine marketing line
In the meantime, security services providers would be well advised to walk a fine marketing line. They almost invariably have more cybersecurity expertise at their disposal than internal IT teams. However, cybersecurity service providers also have a much bigger target painted on their backs.
Cybercriminals know they can spread all kinds of malware downstream if they can somehow compromise the systems of a service provider. Service providers would do well to temper whatever claims they are making about their individual prowess given how fragile cybersecurity as whole really is.
After all, it’s invariably pride that goes before the fall. The higher that fall the harder it is to regain customer confidence no matter how compelling the sales pitch may be. As such, cybersecurity service providers should set some more reasonable expectations that in the event of a major breach doesn’t result in nearly as much lost business.
Photo: Phonix_a Pk.sarote / Shutterstock