Opinion article: Only Ferraris and smart cars: Cybersecurity failures in the mid-market

Opinion article: Only Ferraris and smart cars: Cybersecurity failures in the mid-market

The cybersecurity industry faces a particular problem. He has no idea how to create products, sell them, and service them in the middle market.

The world’s largest security companies are well-positioned to secure massive contracts with the top 5% of companies. Likewise, small businesses are usually run by freelancers and small service providers. Or, frankly, they have neither the budget nor the inclination to improve their security. Most mid-market companies find themselves stuck in point solutions and piecemeal consulting services and are exposed to potential threats, lack of guidance, governance, planning and improvement.

The industry is extremely incapable of helping the huge demographic of businesses that fall in between. These companies have become large enough to take security seriously, but don’t have the huge budgets or dedicated security resources needed to work with large security companies.

Mid-market companies are prepared and incentivized to buy, but they don’t like what most security companies are selling. It’s a bit like trying to buy a car, but the only options are Ferraris or smart cars. These are perfectly suited vehicles for the right buyer, but they don’t fit the needs or budget of the average family household.

Not understanding the needs

The biggest problem is that security companies don’t understand what mid-market businesses need. They don’t recognize the problems and try to sell as if they are just smaller versions of larger companies or offer self-service tools that require a lot of training, configuration, and ongoing support.

Companies that purchase products or services because they are interested or excited about technology are the exception, not the rule. For most mid-market businesses, security is something they pursue as a byproduct of their compliance processes, or have been victims of some sort of breach or cyberattack. They seek penetration testing and managed detection and response services because it is a regulatory requirement that allows them to operate in compliance with their industry – not because it This is good practice.

It is important to remember that certification does not equate to security; it is simply a point-in-time assessment of security policies, processes and controls. However, you have to meet customers where they are. Some of the best accounts I’ve worked on, where we took companies on a journey from zero to 100, started as a compliance exercise. If you can demonstrate to mid-sized businesses how taking security seriously can ease their compliance burden, they will take security more seriously.

Selling problems, not solutions

Speaking of understanding customer needs, I think the cybersecurity market struggles to recognize the additional workload and costs their products and services can impose on already stretched security teams.

Security companies often encourage users to deploy solutions without truly understanding their problems. This leads to multiple solutions, multiple vendors, and internal teams tasked with becoming experts in all areas. Every new product involves training, new configurations, new management, new alerts and new mitigations. The cost of professional services to manage all the additional controls can far exceed the cost of the tools/licenses themselves.

Mid-market companies simply don’t have the resources, staff, or budgets to deploy all of the latest controls. You can’t add to a company’s pile of cybersecurity problems; you need to sell solutions that remove them.

Too complicated technology and jargon

Security brands constantly confuse the market and their users. They overcomplicate the challenges they think their customers face and the solutions that will solve them. What businesses really want is simplicity.

Rather than focusing on technical specifications, mid-sized businesses want a high-level cybersecurity strategy that gets them from point A to point B as quickly and efficiently as possible. They must establish clear objectives, costs, deadlines, potential obstacles and alternative paths. The technology used is largely irrelevant unless it is specifically mentioned in their mandatory regulations.

Future success in the mid-market

We need security companies to address their failures in the mid-market, because we need a more secure Australian mid-market. When these companies are hacked, they may not make national headlines, but the large businesses they may serve may be in the spotlight. We’ve seen too many small businesses undermine the security of the larger businesses they provide services to. These small businesses are important to an overall healthy economy. A breach can stop a business from operating, it can be devastating to customers, and ransomware campaigns targeting small and medium-sized businesses help fund cybercrime around the world.

In the future, if major security players cannot sell their products to the mid-market, they should partner with companies that can. More products should also be aimed at middle-market organizations rather than those at the very top and bottom of the chain. Finally, mid-sized companies must recognize that they also share some responsibility in this area. They need to invest more in security, and if the service of a major security brand is not beyond the budget, look for alternatives in the market.

Inside the Cult of the Haskell Programmer

Inside the Cult of the Haskell Programmer

Stack Overflow users revolt against OpenAI deal

Stack Overflow users revolt against OpenAI deal

Leave a Reply

Your email address will not be published. Required fields are marked *