Early in my career, when I was just starting out in this industry, I was tapped to speak to a group of new colleagues. I gave what I thought was an impassioned and productive speech. However, as soon as I stepped off the podium, a colleague pulled me aside and told me point-blank, “”Nobody understood 90% of what you just said.””
In the cybersecurity world, acronyms, insider phrases, and buzzwords are part of everyday jargon. In that moment, however, I learned they fall flat and sound like a foreign language to customers and even colleagues in different departments, leaving them confused, frustrated, and disconnected. That’s why managed service providers (MSPs) need to explain cybersecurity technologies in a way that’s easily understood and can be conceptualized outside of a security control room. Doing so ensures you’re providing the services most needed by your customers and, in turn, preserves the integrity of what you’re ultimately trying to achieve—keeping them protected, informed, and equipped with solutions.
To build trust with customers and provide the services they truly need, explain the concepts and technicalities behind the acronyms. The adage, “”Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime” applies here. Be intentional in how you convey the long-term benefits behind the nuts and bolts of cybersecurity practices.
When customers ask questions that go beyond “”What’s the cost?”” it’s exciting to know they’re becoming more knowledgeable about the technical side of security and are seeking out ways to be better informed about cybersecurity risks. However, recognize that this new knowledge is the result of a worrying trend: Businesses that may not have an established cybersecurity team are increasingly becoming the victims of cyberattacks. Therefore, they are seeking high-level specialists to manage their security.
Adding to this sense of urgency, the number of workforces operating on home networks as a result of the global pandemic opened up a breeding ground for a new wave of cyberattacks. While businesses around the world were navigating the work-from-home model, cybercriminals were busy developing more sophisticated approaches to already vulnerable workforces. Companies woke up to that fact that prioritizing their internal security systems is an essential part of their business and began anxiously looking for outside help to manage their security. Through this accelerated process, MSPs became technical advisers as well as business advisors, with the C-Suite and customers alike looking to them to answer, “”How does this work? and, “”What does this mean?”” which ultimately, I believe, accelerated our industry forward five to seven years.
Getting the Message Across
Like I learned in my speech, MSPs need to break through the acronyms so many rely on in the cybersecurity industry and find other ways to get the message across. Metaphors, for instance, can help explain to customers the difference between solution disciplines.
For example, imagine the scenario of a criminal robbing a house. Every access point in the house, the windows, the garage, etc., is like an IP address. And everything nowadays has an IP address—from your computer to your fridge. Allowing the thief to walk into the house and then trying to stop them once they’ve begun to steal things is akin to reactive cybersecurity. Locking your doors and ensuring every access point is secured is like prevention technology. Endpoint detection and response (EDR) and managed detection and response (MDR) are the video cameras, the fence, the dog, the extra layers of protection.
At the beginning of a technical conversation with a customer, define the acronyms relevant to the conversation and put them into context for their business. This will allow the customer to realize what this concept means for them and their specific needs. It is also important to emphasize how MDR, EDR, extended detection and response (XDR), cloud workload security (CWS), and other emerging markets are all different.
For example, EDR is predictive and focused on identifying threats and new malware, as well as making sure cybersecurity teams are equipped and ready to proactively handle cybersecurity threats. XDR provides accurate alerts to security teams by collecting and correlating data across various network points. MDR is not a technology, but a managed service, enhancing a company’s existing cybersecurity platform or creating one for them. Emphasize which options are a technology vs. a service, and which are proactive vs. reactive.
While all these markets may seem like simple threat detection to the customer, it is important to ensure that they understand the differences so that they choose the right fit for them.
Finally, stay away from canned demos; these recordings show the best that a product is capable of, but it may not fit your customer’s needs in practice. When you have that cybersecurity discussion, instead of saying, “”This is what you need and why you need it,”” ask your customers, “”What are the pain points you’re dealing with?”” Build that trust and listen to the way their business runs. As professional advisers, your customer’s success is your success. Help them make sense of the alphabet soup.
JASON EBERHARDT is vice president of global cloud and MSP at Bitdefender.