August 12, 2015 By Vijay Dheap 2 min read

We all read the headlines — large airlines, major banks, well-known retailers and even critical government agencies being compromised by cyberattacks. Not only is that just the tip of the cybersecurity iceberg, but in many ways our attention within this sphere is diverted to just the symptoms of a much broader problem.

Cybercriminals Start Small

Consider this: Smart attackers will not start their malicious enterprise going after the big brands, let alone a guarded government entity. They will start small and attempt to take down easier targets to mitigate the risk of detection. They will learn techniques, understand linkages and perfect their trade. Small and midsize organizations that do not have the resources or the awareness of cyberthreats become the ideal training wheels for cybercriminals and organized crime rings.

Compounding this issue are all the nefarious tools pervading the Dark Web. They lower the skills barrier necessary for perpetrating cyberattacks, shorten the time for acquiring experience and increase automation to create broad attacks. To better balance the scales, we as an industry need to place greater focus on extending the reach of cybersecurity, especially security intelligence, to strengthen the collective security posture of our business ecosystems.

Cybersecurity is a sophisticated practice, and the economics are stacked up against small and midsize organizations. Smaller organizations have to perform cybersecurity assessments to evaluate their security requirements; acquire the necessary technology; establish appropriate processes and budget for staffing to operate; and manage those acquired tools effectively. As a result, cybersecurity vendors from startups to massive organizations have traditionally catered to large-scale enterprises that are able to make big investments and have some established cybersecurity practices. Cybersecurity vendors then turn to service providers to access the volume market.

Catering to Smaller Cybersecurity Environments

While service providers have always been eager to assume the role of distributors for cybersecurity vendors, there is a more prominent potential position in the value chain. Many service providers behave as an extended sales team, others deliver incremental value by providing add-on services and a few advanced ones invest in building enhancements to deliver unique offerings.

Although small and midsize organizations have increased access to cybersecurity capabilities, there are still limitations on knowledge transfer, effectiveness of implementations and the security value derived. To fully unlock the potential of the volume market, it is necessary to formulate more standardized deployments of security technology that are more easily consumable by small and midsize organizations such that they practice good security.

There’s an opportunity here for service providers: They can fundamentally transition from being mere distributors to hubs of security competencies. Through rigorous standardization of best practices, diligent accumulation of security content and investment in the development of reusable assets, service providers will be able to deliver differentiated security value and tap into greater economies of scale. Service providers that seize this opportunity become more lucrative partners for cybersecurity vendors and in turn extend the reach of best-in-class cybersecurity solutions to small and midsize organizations.

Promoting the evolution of service providers into being force multipliers of cybersecurity will enable our industry to build greater global intelligence and more successfully balance the current advantage held by malicious actors.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today