Why Companies are Smarter about IT Security

(This is the first of a two-part blog from W2 Communications Vice President Tom Resau, who has spent his career developing and executing PR/communications campaigns for leading information security companies. If you like this blog, please share it. Thanks!)

Resau: "A breach once signified utter failure – end of story. Today, breaches are more accurately viewed as a cost of doing business ... And this helps frame more useful debates focused upon how to make them rarer, shorter-lived and less damaging.”
Resau: “A breach once signified utter failure – end of story. Today, breaches are more accurately viewed as a cost of doing business … And this helps frame more useful debates focused upon how to make them rarer, shorter-lived and less damaging.”

If you’re a security vendor with a great track record of customer successes, you want to get your story out there. And if you’ve been working in this space for any reasonable length of time, you’re well aware of this reality: Telling “the story” of security today has profoundly changed in the last several years.

The general narrative used to be about keeping “bad guys” outside the perimeter. Today, of course, there is no traditional perimeter. Not with the surge of global commerce, cloud computing and Bring Your Own Device (BYOD) in the workplace.

However, there’s a more profound shift in “the story” of information security today that soon everyone – employees, executives, consumers and society at large – will be talking about (as opposed to only members of the security industry and those of us who work closely with them). I call it the “Age of Data Breach Enlightenment.”

The story is about enlightenment because describing the protection of information within an enterprise was once considered taboo terrain. Now, we’re much more candid about what we know and understand. The honest, sophisticated tenor of today’s dialogue opens tremendous doors for vendors and other experts. But your voice will sound out of step and dissonant if you do not tune your message correctly. As a professional who works closely with security companies to craft and execute their messaging – increasing brand awareness and positioning their executives as Thought Leaders – I’ve found that this enlightened age has completely changed the game of engaging customers, media, conferences and analysts.

How much has the conversation evolved? Let’s go back to 2002, when The Economist referred to IT security as “the province of geeks.” To the magazine’s credit, this story was prescient in acknowledging that business and government networks were simply growing too vast and critical (by 2002’s standards!) for the usual employee refrain of “Let the IT department handle security…” Back then, we were just starting to take stock of “digital security” in the wake of the 9/11 terrorists attacks – which sent minds racing in thinking of other looming, unconventional threats that could cause catastrophic losses. That’s when greater attention turned to hackers.

It has taken time to improve the dialogue, and the effort remains an ongoing process. But notable progress has been made. Back in 2002, hinting of any systems vulnerability – or even acknowledging the existence of a widely-recognized attack against you – was off-limits in almost any mainstream forum. It was embarrassing to admit you were attacked and compromised. It implied incompetence. Worse yet, it was simply too hard to rationally explain how security really worked for the masses. Not just for consumers – but for other executives, regulators and even policymakers as well. The mainstream narrative was still in “province of geeks” territory. Security seemed like alchemy, a black art waged against attackers whom few could picture; who were using tools most could not understand, with motives unknown.

Flash forward to today and organizations are less hesitant to engage each other – and the public – to talk about the complex, fast-shifting dynamics of security, from staving-off network intrusions to admitting where they may have failed to avert a compromise. To be fair, I have to acknowledge that some of this candor is driven by requirements of federal and international breach disclosure laws. That said, compared to earlier this decade, more are (hopefully) viewing IT security as an enabler, differentiator and continuing effort.

A breach once signified utter failure – end of story. Today, breaches are more accurately viewed as a cost of doing business. They’re all but inevitable, after all. And this helps frame more useful debates focused upon how to make them rarer, shorter-lived and less damaging. This is all healthier than stopping the conversation with “It won’t happen here.”

This is the upside of enlightenment. There’s more relevance at the table and more interest in goods and services that help solve security challenges.

This is why you can still visit the province of geeks. But broader audiences –including influential industry leaders from all verticals and professionals who oversee intellectual property, legal and compliance issues – are all much more attuned to security’s central role. And they are all looking for ideas.

The accompanying obligation, however, is to tailor the message, which is something we really enjoy working on with clients here at W2 Communications. In my next blog, I’ll bring you up to speed on what our high tech communications firm is doing.

@TomResau

Tom Resau is a vice president at W2 Communications, focusing on information security communications/PR campaigns for clients.