Dao Tran, SoSafe
85 per cent of cyber breaches start with the human factor but 80 per cent of employees do not feel sufficiently forewarned or trained.
SoSafe helps organisations address this problem with a cybersecurity awareness solution, based on behavioral science and learning psychology, employees receive trainings with regular learning content as well as phishing simulations that help them to identify cyber threats and react accordingly.
At the same time, the management can access the risk on a daily and data-driven scale. They can measure the likelihood that their employees would click on or interact with a phishing mail, take the appropriate action to avoid being the next victim of a cyber-attack and limit the risk sustainably.
Our data shows that after one year, click rates can be reduced by 70 per cent, interaction rates even by 80 per cent. As far as my role goes, I'm heading our channel efforts here at SoSafe.
Right now, our focus is to grow our international footprint and a big part of that strategy is working with channel partners and MSPs.
We have opened new offices in London, Amsterdam and Paris beginning of this year and have seen that the fastest way to market is via local partners
I joined SoSafe at the end of 2021 to build out SoSafe's channel program and since then we've grown the team by 700 per cent in order to double down on our core market, DACH, and make the first investments in our European expansion. We are currently trending at 300 per cent YoY growth for our channel business so it is a great time for new partners to get in while we are setting up the first partnerships.
Why is cybersecurity awareness training an important offering for resellers and MSPs?
Competition in the VAR and MSP/MSSP world is getting tougher and tougher.
Lots of VARs and MSPs are moving over to the security space. In today's economy, while many companies are cutting spend in many areas, cybersecurity continues to be one of the areas where investments will continue or even increase.
KPMG found that 76 per cent of CEOs see cybersecurity as a strategic function and no longer as only an IT Issue.
This is great news for the awareness space because every company needs awareness measures, whether it is for compliance, certifications, cyber insurance or just to mitigate risk.
And SoSafe's approach is to not only check compliance boxes but offer an effective and efficient way to fulfil all of these requirements sustainably.
At the moment the SME segment is really interesting for our MSPs. Small enterprises, which make up about 65 per cent of the total employment in the EU, tend to have less resources and security expertise. This makes them prime targets for cyberattacks.
Successful cyberattacks can paralyse the business for a long period of time and cause enormous financial damage. A study from IBM Security for example showed that the average cost of a data breach is €4.5m.
For MSPs who are looking to enter the security space, awareness training has a lot of visibility in an organisation as it is something that every employee has contact to. This makes it a great entry point before talking about endpoint security, firewalls monitoring and networks, which tend to sit in the background.
For the midsize and enterprise, our resellers are seeing a lot of success with awareness as the gateway to other types of projects. It is natural that when you train employees online, you may require onsite trainings too for deeper topics.
If you have phishing emails being reported more often, you need incident response management, or even want to look into a security operating centre. How would you describe your partnering strategy?
The cyber security industry is developing extremely fast. We are looking to partner up with VARs and MSPs who want to learn with us along the way.
There are lots of partner programs out there that are very complex. We are looking to keep it simple, sharing knowledge and best practices with our partners so that we can all grow our businesses together.
Our approach is threefold:
1. Treat partners like they're colleagues: If your sales team has access to sales materials and resources, your partners should also get it, so they have just as much chance to be successful as your own internal teams.
2. Help our Partner Grow: Many programs fall apart here. If you don't find the win-win[1]scenario in the partnership, you will have trouble scaling it. It of course takes time to find the formula but once you found it, double down.
3. Expertise : Lean on your expertise and find partners to complement it. As a company you cannot be the best at everything.
Let your partners be the experts in what they do best, and join forces. Your strengths will help you win together. How are you looking to grow your channel footprint over the next 12 months or so? We want to continue our strong growth trajectory. We know that most partnerships take a bit of time to get off the ground: We are assuming that a large part of the effort we have put into our partnerships will accelerate in the coming 12 months.
For now, our strongest contributors fall more on the VAR side. But given the fact that many MSPs are looking to become MSSPs (if you follow Jay McBain, you know he is very bullish on this), then I can imagine that our MSP offering might start to gain some additional momentum as well.
As mentioned, the SME market in the EU is massive.
This could be a big opportunity for the first larger MSPs who want to take on the market with a next[1]generation awareness solution that has a strong foothold in the DACH market.
How has the cyber threat landscape evolved in 2022?
From global social changes to geopolitical challenges, cybercriminals have been taking advantage of the latest societal events for their own, criminal needs.
Besides event-based waves of attacks, as for example the instrumentalization of the war on Ukraine through social engineering attacks, you can observe a general professionalisation of cybercrime - at top speed. Organisations are facing an innovative dark economy in which cybercrime-as-a-service is a common business model.
Tactics are evolving almost by the minute. In our "Human Risk Review 2022" we talked to IT and cybersecurity specialists. Nine out of ten experts confirmed that the cyberthreat landscape has worsened. Every third company experienced a successful cyberattack in 2021. There are several drivers of this development - for sure, technologisation and digitisation open new doors for attackers.
For example, hybrid work models have expanded the range of attacks and success rates of cybercriminals. In our increasingly interconnected world, also so-called supply chain-attacks are on the rise.
And the rise of artificial intelligence makes it possible for cybercriminals to utilise new, insidious attack tactics such as deepfakes, voice cloning, and automated, large-scale spear phishing. It is therefore particularly important that we are aware that cybersecurity will never be an issue that is "done".
We constantly need to educate ourselves about new strategies that cybercriminals deploy. Security awareness therefore is indispensable - and our survey confirmed this. 99 per cent of all respondents said that strengthening their organisations' security cultures will be critical for them.
What is your advice to resellers and MSPs that want to grow their cybersecurity business in 2023?
Humans are the first and the last line of defence.
A technical solution alone is not enough and we advise you to keep this in mind when selling solutions to your client: Although you may have all the defender technology, monitoring and automations in place, cybercriminals can still enter the door via emotional manipulation of employees.
This human approach is also the one we take in partnerships. We are aiming to build long-term relationships with our partners, creating win-win-scenarios for both sides.
For us, it is the ultimate goal to create partnerships that feel like an extension of our team, growing our businesses together. Once you unlock that then double down and see where it takes you.
This is a sponsored post by SoSafe. For more information for partners, click here.
