I am starting new cyber security consulting firm called Element Security Group so of course I am working with a bunch of wonderful marketing folks and going through their processes for creating marketing copy. I often enjoy this process as it really helps to clarify my offers but this time around something is off.
I keep seeing copy that says things like “we keep you safe from hackers”. Safe from hackers? That’s ridiculous. Businesses are complex systems made up of processes, software, data, and people. The more of those four things a company has the more likely a hacker will find a way in. Something WILL go wrong. Something goes wrong in every other aspect of your company so why do people think this business system will be any different? Then it hit me.
It’s the Cyber Professional’s fault.
Yup. I wouldn’t say we have been lying to you all these years but we sure haven’t put the effort in to show you the big picture. It’s because we like having the right answers.
You ask “How do I secure my website?” and we show you how.
You ask “How can I be PCI compliant?” and bam! PCI loves you.
You ask “How do we avoid clicking on bad stuff in email?” and we train your people and install filtering software.
Now you believe you’re safe because you don’t have any more questions and the sales guy hit his quota of product / service XYZ. So you give a referral and the general sense of goodwill and safety spread through the business world.
Meanwhile the cyber professionals know you’re not but most of us are introverts and no one asked us about the big picture so we don’t say anything.
Folks, the truth of the matter is the business owner needs to take responsibility for the business system of cyber security just like they did for sales and marketing. I’m sure you’ve bought a bunch of marketing tools and have no idea what worked and what didn’t but you felt good because you are doing something. The end result was no new leads.
How did you fix it for marketing? You took a step back and made a plan that took into account everything. You stopped buying point solutions and actually put a system in place.
This is the myth. You can buy a bunch of products and services and you can keep the hackers out. The truth is you need to build a system that will limit the damage and recover quickly after the hackers get in.