Here’s a common question that came up in our class yesterday…

Question: What about clients who understand there is a risk, but are comfortable with their current solution?

Answer:  If a company really has what they need, there is no reason to up-sell them.  However, it is rare to find a company that has a reasonable security solution, particularly in the mid and smaller market companies.  Reports from the WSJ and other sources tell us that even those who are under strict compliance regulations such as PCI are far from compliant, and experience tells me that if were to conduct a simple risk analysis, not only would there be many vulnerabilities, but it is highly likely that desktops and servers would be compromised by bots – something some dismiss as trivial, but shouldn’t take lightly.

An article this week from Wall Street underscored the importance of having more than just protective barriers in place.  75% of employees admit to stealing data when leaving a company, and 75% of those involved in a recent study gave into online predators (disguised as a 25 year old female,) to the point of giving up online passwords in some cases, and other sensitive information in all cases!  And a review of 2011 news articles reporting data compromises will tell us that bot technology and web threats are behind a high percentage of all hacker attacks.

Looking back on the marketing events I have conducted this year, far more that half of the business-level attendees have agreed to conduct risk assessments, and while these assessments were often provided as a complementary service, they almost always led to remediation projects and managed service contracts when performed and presented correctly (Key point here.)

So for the few companies out there that don’t want to know, and don’t really care – either you are talking to someone who is not really an asset owner, or the person you are talking to is suffering from a case of “foolish thinking” – time to move on to another prospect.

© 2011, David Stelzl