"Just trust me on this one" is a poor sales pitch. When selling cybersecurity solutions, you want your customers to know what they're buying and why. There's no point in keeping the people who support your business in the dark. Transparency will always get you farther with the customer.
One area where transparency is of the utmost importance: The dark web.
Unindexed means that you can't find it on Google or other conventional search engines. The deep web itself refers to any number of unindexed websites. Every time you check your email, for instance, you are accessing the deep web. This portion of the internet is said to contain more than four hundred times as much content as the surface-level Internet, although that number is difficult to measure for obvious reasons.
There is nothing inherently sinister about the deep web. It's just the part of the internet that doesn't show up on Google. It's how that feature is taken advantage of that makes it so scary from a security standpoint.
How Dark Web Businesses Operate
On the dark web, scammers proliferate in their own cottage industry. They have business ratings, reputations to maintain, branding with logos and slogans, everything else you would expect of a legitimate business. As a managed security solutions provider, you are not up against a handful of renegades and crooks, but an entire industry of cyber-criminals.
Dark web businesses gather and sell passwords, emails and credit cards in bulk to people who then put those assets to use in running scams.
Who Is At Risk?
Small businesses can be hard for security brands to reach because they tend to assume that nobody would bother targeting them. Browse these dark websites, though, and you'll find people explicitly asking for small and medium-sized business information. If you have data that you don't want getting out, you are a target. It's an industry, and we know that, in legitimate business, there is no hobby so niche that it can't support a magazine and a few Youtube channels. Someone out there has built their entire criminal enterprise around your niche.
Dark Web Scams
The dark web typically refers to the portion of the deep web devoted to illegal or unethical activity. You'll find a number of scams being run through the dark web. Two that your clients need to be aware of are Ransomware and Sextortion.
Civilian-grade ransomware usually focuses on locking a user's system until a ransom is paid. More sophisticated ransomware, the type that will target business owners, will generally threaten to release sensitive data.
Sextortion is similar to ransomware except that the sensitive data might not be professionally compromising so much as embarrassing. In sextortion efforts, the attacker will threaten to reveal the user's adult-content browsing history. Sextortion scammers will send a threat out to users in bulk, often using old passwords that the user might recognize. Sextortion is usually a clever bluff, as there's not much that can be proven with an old password, but many users will fall for it.
The general theme you're going to find in dark web scams: They get their hands on sensitive information, a lot or a little, and they show you just enough to scare you before demanding money.
Where Do They Get This Information?
A US Federal Government breach threatened the identity and credit of over four million people in 2015, and it all started with one compromised credential. That's how it always happens. One compromised credential is all these dark web businesses need to work their way in and attack everyone in a given database.
This is where dark web scanning comes in.
Dark web scanning can give you a significant edge over the competition. It's a relatively new concept in security solutions, and not all security companies are offering it. Dark web scanning is pretty simple: You scan sites on the dark web to see if your client has any information up for sale out there. When their data pops up, an instant notification is generated so that passwords can be changed and security clearances calibrated.
If you've been working in managed security solutions for any amount of time, it may be that none of the information we're giving you here is new. Your clients might not be so familiar with how these scams work, some of them may have never heard of the dark web. This is a challenge we face in cybersecurity solutions: How do you sell something that the customer doesn't know they need?
Education Is Key
Teaching your leads and prospects is the first step to turning them into customers. They need to know what's happening, what threats they need to be aware of, how to stay safe. They don't need to be an expert, that's your job. They do need to know enough that they can see what makes you an expert. Luckily there are a lot of ways to teach the public so that they understand why the dark web is a threat, and why you're the company to handle it.
The problem here: Your audience isn't exactly captive. Trade show floors are crowded and the Internet is even worse. You can crank out Facebook posts all day and night, but most people will scroll by without reading them. The same goes for your Youtube channel, convention table, blog posts. If the prospect doesn't care, then it's hard to teach them.
So the first step to educating the customer is grabbing their attention. We all have our own approaches.
Free brochures with attractive designs are a great way to generate leads at trade shows. People might not have time to stop and chat with you on the floor, but when they pick up a brochure with a cool looking cover, they'll probably find a minute to give it a read-through and get in touch.
Networking is always important. You can generate leads on golf courses, at parties, and Chamber of Commerce events.
Free webinars and seminars are appealing. The same information that gets ignored in a blog post might gain more traction if you package it as what it is: Valuable information being offered for free.
Offering free dark web scanning and consultation can be one of your biggest lead-generators. Anyone can say they're the best at what they do, but if you can show a prospect what you've got, you can prove it.
The news is one of your best co-sellers. When a high-profile breach takes place, get your bloggers and social media people to create some content reporting on the breach and leading customers to your website.
One of the most effective ways to grab a prospect's attention: Show them the numbers. Don't tell them what information you turned up with your dark web scan, show them the amount of data compromises. Do this at trade shows, seminars and during consultations. When they see their company name next to the number of breaches, they're going to want to know what the dark web knows.
Think along the lines of a high school teacher. The information that you're trying to impart is valuable, but how do you get your students excited to learn?
The Art Of Selling
Quite a bit of what makes for good salesmanship comes down to instinct and experience. The advice you find here will set you off in the right direction, but the human element is always in play. With further training, study and trial and error, you will naturally get acquainted with what people will respond to. You may find that it doesn't always make perfect sense. Why do they like the red brochure cover more than the blue one? Why do Facebook users stop and read your posts when you publish them in the afternoon, but not in the morning? Who knows. There are brilliant marketing experts who couldn't always tell you the how and why of what works and what doesn't.
The basics are easy to grasp, however. You can't sell the customer something until they know why they need it, and you can't tell them why they need it until you have their attention. Once that's in place, it's just a matter of proving that you can deliver on what you've promised.