For years, cybersecurity has been a closed industry – and it doesn’t have to be that way. As cybersecurity business leaders, we can help drive positive change by setting a good example within our own organizations and providing tools that help make security accessible to small and medium-sized businesses and enterprises.
Why is cybersecurity a protected industry?
Several factors play into barriers to entry and exclusivity in the cybersecurity industry. Confusing and ever-changing acronyms (which sellers often arbitrarily invent in hopes of differentiating themselves) make it difficult to understand the market and determine what each product does.
Acronyms like SIEM, XDR, NDR, EDR, SOAR – or even the more obscure HDR or ROAR – shroud the cybersecurity industry in secrecy and complexity, making it inaccessible to the average consumer. What’s even more confusing is that analysts, practitioners, and vendors have different definitions of each acronym, making it nearly impossible to figure out what products you need.
Additionally, an excessive focus on credentials and certifications creates elitism in the cybersecurity hiring market. Certifications are expensive to obtain and maintain. Simply attempting a Global Information Assurance certification, for example, costs nearly $1,000 and then costs $469 to renew. This leads to a talent shortage, which is especially true for small and medium-sized businesses (SMEs) that don’t have the budget to offer competitive salaries.
SMBs are particularly affected by access control and elitism in the cybersecurity industry, and not just from a hiring perspective. Expensive and complex cybersecurity tools lead people to believe that robust cybersecurity defenses are out of reach, only feasible for companies with large budgets and skilled employees.
All of this makes cybersecurity inaccessible for small businesses. Many don’t even know where to start. Indeed, according to Accenture study on the cost of cybercrime, only 14% of small businesses are ready to defend themselves. Equally alarming, Accenture’s study found that 43% of cyberattacks target small businesses. Good cyber hygiene should be as accessible to small businesses and startups as it is to companies with dedicated security teams.
How to make cybersecurity more accessible
Business leaders at cybersecurity companies are uniquely equipped to help SMBs improve security by providing tools that don’t require advanced IT or security knowledge to deploy or maintain.
Here are three ways cybersecurity vendors can make cybersecurity more accessible:
1. Use plain language, without using complicated terminology or assuming someone’s budget or knowledge level. Clear communication enables business leaders from diverse backgrounds to understand the tools and processes they need to protect and defend their businesses. Providing products at a reasonable price helps ensure that even those on a budget can achieve good cyber hygiene. Approaching customer conversations and even product development with budget constraints in mind can help small businesses feel prioritized and supported.
2. Prioritize internal efforts that bring new and diverse voices to the security world. Professionals often assume they need cybersecurity experience to get in any employment in industry. This assumption leads qualified candidates – those at the top of their respective fields – to avoid applying for jobs at cybersecurity companies because they feel ill-equipped. When business leaders prioritize internal efforts that bring diverse voices into their companies, it helps the industry as a whole. For example, it can lead to skilled people with valuable experience and/or great potential applying for cybersecurity jobs. With the increase in cyberattacks and the increasing sophistication of cybercriminals, it has never been more important to have qualified and equipped business leaders with varied skills in the industry.
3. Be transparent when talking about internal security – for example, how vulnerabilities affect your product. Being open and transparent with employees at all levels of your organization is important to creating a culture of safety within your company. Transparency also sets an example for other organizations to act responsibly when an incident occurs.
Technologies to work smarter, not harder
In addition to the tips above, there are several ways cybersecurity companies can provide products that make security more accessible to SMBs and/or those with limited security budgets.
Provide context to alerts
Avoid offering products that warn users if there’s a problem, but don’t explain how to fix the problem. Another challenge is that many security technologies today provide an abundance of alerts, many of which are unnecessary. This creates security noise and little actionable information.
Level the playing field with automation
Automation helps level the playing field by saving time for busy administrators. It can also allow people to work smarter, not harder. Automating and setting appropriate rules based on network traffic goals and history can create better long-term results.
Offer products that are easy to use, easy to deploy and affordable
Provide products that potential customers can try for themselves and at their own pace, such as a free trial or a free version. This can help break down barriers to entry that typically keep advanced security out of reach for organizations with limited resources.
Focus on providing tools that offer easy ways to solve problems
Offer ongoing support to customers when needed. By acting as an extension of customers’ existing team, cybersecurity companies can scale the investment for smaller teams.
Cybersecurity companies must work alongside enterprises, partner with SMBs, and provide tools that make security widely accessible. By making cybersecurity more inclusive, vendors can expand their customer base, improve collective cybersecurity knowledge, and create a global ecosystem for success that includes users of all levels.
Jim Simpson is CEO of the detection and response platform provider Blumira.