ROUND TABLE: SPONSORED BY CENTURYLINK


Assessing attitudes to Security

With the increase in high profile cyber security attacks and the introduction of GDPR, the cyber security sector has been alive with new threats and reports. But how are businesses of all sizes reacting to the headlines?

TBT: Are businesses taking the cyber security threat seriously?
SCOTT COLEMAN (SC) – ACCOUNT MANAGER, MB TECHNOL
OGY: “From my preliminary dealings, I would say no one is taking security threats seriously. If I was to ask my biggest customers questions about their policy no will be able to answer it or they say they don’t deal in that. Even though they're always interested because there is money in it for them, they are not paying attention and they’ll just go down the easiest route to make the most money.”


KRASEN DZHUNGUROV (KD) – DIRECTOR, MATCHLESS IT: “I think enterprise are aware of the risk, with the small businesses, they're not. SMBs don't think about security as a risk today. The first thing in their mind is, ‘it’s happened to big companies, it is not something that is going to happen to us’. The thing they don't realise is that majority of the smaller companies will get malicious software or get hacked, 80 - 90 percent of the time, because the hacker was trying to get one of their partners.”


ANDY PARSONS (AP) – BUSINESS DEVELOPMENT CHIEF EXECUTIVE, CENTURYLINK: “Big public facing companies understand the risk because, even if they don't actually trade over a public facing website, be that just a store or a magazine, even if they don't have any portal or customer logins, if anything goes down for a day that will impact the share price. Customers think ‘if you can’t keep your own website up, how are you securing the rest of my information?’


I think there's more recognition out there and I guess as you go down the stack more people will say ‘Why am I a target? Why would it affect me if my website goes down? Who cares?”

TBT: What sort of impact has regulations and accreditations had on attitudes towards cyber security?
KD: “I think it was a Cisco piece of research recently that said that half the companies are now realising that partners are looking into what sort of accreditation they have because organisations are asking what their security level is like.


That will sway whether they do business with you or not. But it's not widely adopted yet and still a lot of companies just embrace the ‘it won’t happen to us’ approach, they're more reactive than proactive and until something happens, they won’t do anything.”


AP: “GDPR has been a big catalyst for people to start recognising that you need to have threat protection. The threat is if you haven't done it by now, or if you're found culpable, you are open to X amount of fines and I think that's helped.”


LEE RAPER (LP) – SENIOR SALES EXECUTIVE, LINK UP COMMS: “But GDPR is not doing the correct analysis or the correct work because customers just say ‘have you got this?’ and the company will say ‘yes, we are compliant’. That system might not necessarily work but as long as the company ticks the box for GDPR they’ll be covered.”

TBT: Is there still an education piece that needs to happen in the industry?
ALAN KINSEY (AK) – REGIONAL SALES MANAGER, OPENGEAR: “It worries me that you could be selling through a reseller who's just trying to make some margin. But then they are shipping it onto an amateur customer and there's no value in the solution if it is not going to be implemented correctly and will leave them open still despite the spend.


Elsewhere, human error, for example, hasn't been done purposefully but the maturity of the customers and the size of the customers, I think, is quite key. We get some people who really know what they want, and others that even if you tell them what they need they struggle to understand.


That is worrying given that the maturity of the market has been telling businesses for a very long time that security is key. Mature companies, in theory, have large-ish IT departments and they have a security specialist. In which case, they just buy the equipment they have evaluated themselves and install it in the right way.”


SC: “At the moment, because of the lack of education, businesses are not going anywhere and they don't really like to go outside their comfort zones. We deal with all the Top100 VARs and the smaller ones are usually better than the big boys. The larger resellers say that they don't want to go near cyber security but I can guarantee that the customers they are dealing with need it, and they've got to get it from somebody. That’s a real missed opportunity for what you can get but it does come down to education. If they understood, they'd be able to give advice and sell and make some money.”


“The larger resellers say that they don't want to go near cyber security but I can guarantee that the customers they are dealing with need it, and they've got to get it from somebody. That’s a real missed opportunity for what you can get but it does come down to education. If they understood, they'd be able to give advice and sell and make some money.”

SCOTT COLEMAN – ACCOUNT MANAGER, MB TECHNOLOGY


TBT: How far does the culture within an organisation define its security policy?
KD: “It depends on your audience. If you're talking to an IT person, these projects are never going to get anywhere. You have to speak to the senior management level, CEO or Managing Director to be able to get this approved and pushed down.

It's not about the technical controls, it's about the principles and policies that you have in place and by design and by default with GDPR. We have to work from the beginning, not try to add security to an already built system.”


AK: What is also important is the recovery. In the past, we’d expect to get it running in eight hours, then it becomes four hours which became two hours, then you are evaluating the commercial risk of when you say it's going to be up in an hour.


Businesses need to mitigate, plan against their risk and have the ability to get you back up and running, no matter what your outages. They have to minimise that risk these days because at the bottom line, it impacts income.”


AP: It's making people understand how they can be manipulated. Its becoming more and more apparent, if you understand the habits of enough people, those people are effectively an algorithm. We all like to think that we're our own special snowflake but the thing is, we're not. If you have enough data and enough people, you can work things out.


Everybody's probably had the experience of saying, “hang on, I didn't search for a shed. I've only spoke to my friend about wanting a shed” and all of a sudden there's adverts all over Amazon and Facebook so your phone must be listening to you.


The thing that people don't realise is how algorithms have taken the last 10 actions that you searched and found that 100 other people who did those last actions also searched for a shed. So all that's happened, the algorithms worked you out.”


It's making people understand how they can be manipulated. Its becoming more and more apparent, if you understand the habits of enough people, those people are effectively an algorithm. We all like to think that we're our own special snowflake but the thing is, we're not. If you have enough data and enough people, you can work things out.

ANDY PARSONS – BUSINESS DEVELOPMENT CHIEF EXECUTIVE, CENTURYLINK


TBT: What are the challenges of selling a security solution?
TOM PATTERSON (TP) – SENIOR ACCOUNT DIRECTOR, CENTURYLINK: What I've seen turnaround in the last five or six years is this idea of security as an enabler coming to the fore. You are going to give yourself 10 times more credibility than if you go in and talk about a solution.

If you've got an opening you need to build security up from a discussion point, start from the bottom up and ask what do you want to achieve? Because the whole discussion has flipped round in the last few years, everyone's seen the news stories. A few years ago you’d say you're in cyber security, then you tell a few war stories and say that really does go on. You don't have to tell those war stories anymore.

If you tackle these things up front as an enabler and give yourself that credibility by telling customers they need to think through these issues, or they have no business. If you're talking about the SME space, that's going to give you so much more credibility in terms of initial conversation and if you've got a solution that is baked into your thinking, suddenly, you've gone up in their estimation.”


AK: “You have to think about what happens in an attack, you have to be prepared for it and you have to evaluate the risk. I believe Opengear’s solution is incredible value for money when ‘it’ hits the fan. However, if it never hits the fan just like most security stuff, then businesses think ‘ why did I spend the money?’”


AP: “Because of all the news stories that are going on, security is on the mind, or at least it should be on the mind of MDs, CEOs and CTOs. If it's not then then they're in trouble. If you're a reseller in the market and you've got a customer who has a need for security and you don't offer that, because it’s not part of your service or portfolio, then you're basically opening yourself up to somebody else coming in who does do security and does everything else you do.”

Image credit: © joyfotoliakid - stock.adobe.com

To understand how we process, use & safeguard your data, please read our Privacy Policy.

If you would like to update your marketing contact preferences, then please click here.