For years, cybersecurity has been a gatekept industry – and it doesn’t have to be this way. As leaders at cybersecurity companies, we can help drive positive change by setting the right example within our own organizations, and by providing tools that help make security accessible to small and medium-sized businesses and enterprises.
Why Is Cybersecurity a Gatekept Industry?
Several factors play into the barriers to entry and exclusivity in the cybersecurity industry. Confusing, constantly changing acronyms (which vendors often arbitrarily make up in the hopes of differentiating themselves) make it difficult to understand the market and to determine what each product does.
Acronyms like SIEM, XDR, NDR, EDR, SOAR – or even the more obscure HDR or ROAR – shroud the cybersecurity industry in secrecy and complexity, making it inaccessible for the average consumer. Even more baffling is that analysts, practitioners, and vendors have different definitions of each acronym, which makes it nearly impossible to understand what products you need.
What’s more, a hyperfocus on credentials and certifications creates elitism in the cybersecurity hiring market. Certifications are expensive to obtain and maintain. Simply attempting a Global Information Assurance Certification, for example, costs nearly $1,000 and then costs $469 to renew. This leads to a talent gap, which is especially true for small and medium-sized businesses (SMBs) that don’t have the budget to offer competitive salaries.
SMBs are particularly affected by gatekeeping and elitism in the cybersecurity industry, and not just from a hiring standpoint. Expensive, complex cybersecurity tools lead people to believe that robust cybersecurity defenses are out of reach, only attainable for enterprises with large budgets and knowledgeable employees.
All of this leads to cybersecurity becoming unapproachable for smaller businesses. Many don’t even know how to get started. In fact, according to Accenture’s Cost of Cybercrime Study, only 14% of small businesses are prepared to defend themselves. Equally alarming, Accenture’s study found that 43% of cyberattacks are aimed at small businesses. Good cyber hygiene should be as attainable for small firms and startups as it is for enterprise organizations with dedicated security teams.
How To Make Cybersecurity More Accessible
Business leaders at cybersecurity companies are uniquely equipped to help SMBs improve security by providing tools that do not require advanced IT or security knowledge to deploy or maintain.
Here are three ways cybersecurity vendors can make cybersecurity more attainable:
1. Use clear language, without using complicated terminology or assuming someone’s budget or knowledge level. Clear communication helps equip business leaders from diverse backgrounds to understand which tools and processes they need to protect and defend their businesses. Providing products that are priced reasonably helps ensure that even those operating on a small budget can achieve good cyber hygiene. Approaching customer conversations and even product development with budgetary constraints in mind can help smaller firms feel prioritized and supported.
2. Prioritize internal efforts that bring new and diverse voices into the security world. Business professionals often assume that they need experience in cybersecurity to enter any job in the industry. That assumption leads qualified candidates – those at the top of their respective field – to avoid applying for jobs at cybersecurity companies because they feel ill-equipped. When business leaders prioritize internal efforts that bring diverse voices into their companies, it helps the industry overall. For example, it may lead capable people with valuable experience and/or great potential to apply for jobs in cybersecurity. With the uptick in cyberattacks and increasing sophistication of cyber criminals, it has never been more important to have qualified, equipped business leaders with varying skill sets in the industry.
3. Be transparent when talking about internal security – for example, how vulnerabilities affect your product. Being open and transparent with employees at all levels across your organization is important for creating a culture of security within your business. Transparency also sets an example for other organizations to act responsibly in the event of an incident.
Technologies to Work Smarter, Not Harder
In addition to the tips above, there are several ways cybersecurity companies can provide products that make security more accessible to SMBs and/or those with limited security budgets.
Provide context to alerts
Avoid offering products that notify users when something goes wrong but don’t explain how to fix the issue. Another challenge is that many security technologies today provide an abundance of alerts, many of which are unnecessary. This creates security noise and not much actionable information.
Level the playing field through automation
Automation helps to level out the playing field by saving time for busy admins. It can also enable people to work smarter, not harder. Automation and setting proper rules based on goals and network traffic history can create better long-term outcomes.
Offer easy-to-use, easy-to-deploy, and affordable products
Provide products that prospective customers can try out on their own and in their own time, such as a free trial or free version. This can help eliminate the barriers to entry that typically keep advanced security out of the hands of organizations with limited resources.
Focus on providing tools that offer simple ways to fix problems
Offer ongoing support for customers where needed. By acting as an extension of customers’ existing team, cybersecurity companies can extend the investment for smaller teams.
Cybersecurity companies must work alongside businesses, partner with SMBs, and provide tools that make security widely accessible. In making cybersecurity more inclusive, vendors can expand their customer base, level-up the collective cybersecurity knowledge, and create a global ecosystem for success that includes users of all levels.
Jim Simpson is CEO of detection and response platform provider Blumira.