The traditional thinking of cybersecurity as digital asset protection, while accurate, paints an incomplete and devalued picture of the service. As a result, many organizations consider their security investments a cost center rather than a form of risk management that allows them to grow and prosper. It all comes down to how you present your services to customers.
For example, one would traditionally sell malware protection to guard against viruses. Firewalls keep out intruders. Both are true, but selling this way won’t help you stand apart from your competitors or support your customers as deeply as you could. Instead, consider how security plays a risk management role in the overall business objectives of your customers.
Risk management leverages security to reduce risk so your customers can enter new markets, launch new products and services, and expand into new regions with less possibility of disruption or loss. In a way, it’s like insurance that can help your customers achieve their goals.
Risk management goes beyond security
While malware and breaches are certainly valid risks to your customers, they aren’t the only ones that can inhibit success. Apart from malicious cyberattacks, risk management also addresses threats like the loss or theft of physical devices, documents and credentials. Natural disasters such as fires, hurricanes, and even civil unrest are also risks. Then, there is the next generation of risks that we can’t even identify today.
Understanding risk exposure is essential to planning and implementing protective measures. The goal is to apply appropriate and adequate levels of security. Here’s a simple way to go beyond offering simple security solutions and calculate risk exposure for your customers:
- Identify the known and probable threats to all IT assets. For example, endpoint threats include physical theft or loss, malware and phishing attacks. For networks, threats include trojans, exfiltration (or data loss) attacks and DDoS attacks.
- After identifying threats, catalog the known and probable vulnerabilities. For many IT systems, this is a moving target, but aligning IT assets with known vulnerabilities in the Common Vulnerabilities and Exposures (CVE) List is a good starting point.
- Time is also a consideration. First, how much time does an attack need to be successful? Second, how frequently might the attack happen? Answering those questions will provide a sense of the requisite level of protection.
- Finally, the cost of a breach is a critical component of the risk equation. If a server is compromised and put out of commission, how much will it cost to repair or replace? How much business will be lost as a result of the compromise? How much of a reputational hit will the company take for having a breach? How much will the liability to customers, shareholders and partners cost?
Providing this type of assessment and calculation with each of your customers goes well beyond what most competitors offer. Such reviews also lead to conversations that uncover unaddressed customer needs and, often, additional service opportunities for you.
If you’re interested in adopting more of a risk management philosophy into your sales process, download Ingram Micro’s eBook “Security is about risk management” or contact Jacob White
or Curt Vurpillat
, Ingram Micro’s cybersecurity experts.