Just last weekend I wrote a blog about how the Biden Administration
has done (and hopefully will continue to do so) a better job with launching
Cybersecurity efforts when compared to past Administrations. In a way, he is trying to forge new business relationships
with the private sector, which of course will be a win-win for all involved.
But yet, there needs to be another key piece of the Cyber
puzzle that yet needs to be solved.
That is, relationships have to also forged with the public sector. Defining this can be a bit tricky, it just depends
on what you define as a “Public Sector”.
In my view, these are the smaller governmental agencies that are found
at the city and town levels.
Unfortunately, this grouping has long been ignored, due to the
fact that they are very low profit margin for the Cyber companies to make money
off of. While the primary goal of any
business is to make a profit, there comes a time when one sort of has to bite the
bullet in order to serve the greater good.
In this case, these public based entities really have don’t have the money
or manpower to truly fortify their defenses.
Because of this, stronger relationships have to be created
with the public and private sectors, so that these entities can have some
degree of security baked into them.
Remember, the Cyberattacker is not just after the high-net-worth companies
of the Fortune 500.
They are out to get PII datasets wherever they can. And because those entities that are in the public
sector barely have any defenses, they have now become a primary target.
So what can be done about this? Here are four ways that this can possibly be
accomplished:
1)
The private sector Cyber companies have to
adjust:
As I had just mentioned, Cyber
companies simply do not want to touch nonprofits and the miniscule governmental
agencies because they believe that there is no money to be made off of
them. But this is a very shallow way of
thinking. True, you may not do a lot
from the outset, but think about it:
This particular entity could very likely come back for more business, on
a repeated basis. That means in the medium
to long term, you have a source of recurring revenue, which is what so many
Cyber vendors are striving for these days.
Also, if they are happy with your work, they could refer you to other
public sector entities that need Cyber help.
So in the end, you could have a book of business that is not only ultimately
profitable, but one that will be with you for the long term.
2)
Educate them:
Because of the sheer lack of
security defenses that they have, many public sector companies truly have no clue
what even to look for in a Phishing email.
This could be a great opportunity for a Cyber vendor to offer all sorts
of training services, and to educate a plethora of individuals. Once again, there may not be a lot of money to
be made here, but just think once again of the long term: As you educate more people in this sector,
there are greater chances that word of mouth about your services will spread
like wildfire, with the resultant being new business coming in from different
directions that you never even thought of before.
3)
Start with the basics:
If you ever get an education engagement,
or even get a contract from a public sector company, remember to always keep things
as basic as possible. Quoting an old
marketing proverb, “Reduce it to the Ridiculous”. Meaning, there is no need to talk about Generative
AI or the Zero Trust Framework. Start
first with a simple Vulnerability Scan, and from there, point out any gaps or
weaknesses that have been found. From
there, show the nonprofit (as an example) what steps are needed to correct
them. This will most likely be using
passwords that are very weak, or those that have been used over and over
again. Have them start out with using a
Password Manager, and show the benefits it brings by creating longer and more
complex passwords, as well as resetting them on a prescribed timetable. Also, it will be very important to conduct a
basic Risk Assessment, just to get an idea of how vulnerable the digital assets
could be. When coming out with a new
Cyber strategy, try to use whatever existing security tools that they have and
try to reorganize them so that that maximum protection can be offered. Remember try not to get too many tools (if needed). Most likely, the nonprofit will not be able
to even afford them, much less have the staff to filter through all of those log
files.
4)
Share information:
Just like how the Biden Administration
is trying to foster a trusting relationship of information sharing between the
Federal Government and the private sector, the same holds true for the Cyber
Vendor and the nonprofit. Obviously, you
don’t want to give all of your trade secrets away, but simply sharing what you
see on the Cyber Threat Landscape good be a great starting point as well. This will be probably the very first step in
creating a trusting relationship that will last for the long haul.
My Thought On This:
There comes the time when a Cyber Vendor sees new market
opportunities and you want to seize them, but there is simply not as much money
to be made off of them as you would like.
A great example of this is the SMB market.
For the longest time, this remained an untapped one, for the
reason just described. But now many
Cyber Vendors are realizing the opportunities here, and have adjusted their
pricing and business models accordingly.
The same will hold true in the public sector, with the
smaller governmental agencies and the nonprofits leading the way. But until this happens, and if you the Cyber
Vendor want to tap into it before your competition does, you may have to offer
your services “Pro Bono” at least initially.
No comments:
Post a Comment