Sell customers cybersecurity stories, not fact sheets and PDFs, MSPs urged
Telling the stories behind recent data breaches such as those at BA and Pathe is the best ways to hook in customers, cybersecurity blogger Graham Cluley tells CRN Channel Conference MSP
Disseminating the gory details of how recent data breaches occurred can be the best way for MSPs to connect with customers around cybersecurity.
That was the message of award-winning cybersecurity blogger Graham Cluley in his keynote at the CRN Channel Conference MSP this morning.
Cluley claimed that people often see the latest breach headlines and assume it is "just another hack", but added that MSPs have a role to play to bring out the story behind these incidents.
"In many ways it's a bit dull. We're all suffering from data breach fatigue," he said.
"But if you get into some of the details of how it's happened, it fascinates people."
Cluley gave the example of the recent BA breach, which casual followers may well have assumed was a standard hack.
"The hackers did not need to hack BA's website or its infrastructure, but nonetheless they stole information about BA's customers and their payment information.
"Lots of large organisations are having their website security compromised not through a hack but through a third-party script that has been hacked and is stealing credit card information. And the headlines become ‘oh my goodness, BA can't be trusted with my credit card information'. This is the message the general public gets. Well, [BA] didn't really have them to begin with but the damage had been done to its brand."
Cluley also highlighted the case of the CEO and CFO of Pathe Netherlands, who handed over a total of €19.2m to a cybercriminal posing as Pathe's group CEO.
"It was really simple. It's not like the bad guys had to write some java script or ransomware. All they had to do was to send an email that was convincing to these people," he said.
Finally, Cluley laid out the tactics of FIN4, a criminal gang that compromised newswires to gain access to and then pass "black edge" information to crooked stock brokers.
"People connect with stories," Cluley said.
"There's a danger we can bombard customers with fact sheets and PDF when that's not something that engages with their emotion."