One of our MSP partners recently contacted me for guidance on how to sell malware protection to a customer. Knowing the partner and how technically sophisticated they are, I was prepared to arm them with data on fast-flux domains, exploit kits and pitching a differentiated offering with predictive security - to my surprise, the phone call was about a completely different topic.
“The customer isn’t concerned with malware”
To an IT professional this seems like a ridiculous idea. After all, we have seen the damage malware causes first hand. We take pride in protecting our customers and understand the importance of security. However, the customer is not an IT professional and even if they are tech-savvy, their understanding is often outdated and limited. It is therefore the MSP that not only protects the customer, but also educates them about today’s threat landscape.
“The customer thinks malware is just an annoyance that slows down your computer a little or shows pop up ads”
This statement might have been true 10 years ago when a virus’ main goal was to cause grief and bring the creator infamy and bragging rights. Viruses used to take time to spread before causing damage, giving anti-virus time to reactively catch up and remove the infection before the worst damage took place. While scary, this type of virus seems quaint compared to today’s malware.
Today’s malware is written to generate profits quickly by extracting credit card numbers, banking information or pieces of data useful for identity theft. The malware does this by capturing keystrokes, tracking online activity (such as banking and ecommerce sites visited) and looking for files that contain identity information. The data leakage begins immediately and unless they have network layer security protection, like Umbrella, real financial damage is done before anti-virus can catch up.
A big reason for the explosion of malware today is the evolution of the underground criminal economy. The malware author doesn’t need to commit identity theft themselves, because the data extracted by their malware is sold, in wholesale, to organized crime rings who have decades of experience in stealing and laundering money. Malware makes gathering this data from smaller targets very efficient while the underground economy gives a quick profit motive.
The Financial Motive
“But what do I have that would warrant a hacker’s time?”
If the customer business or its employees have a bank account, credit cards or even a good credit rating, there is plenty to steal. Crime TV and movies have created an image of organized hacker groups trying to steal secrets or break into large financial institutions. The far less glamorous reality is that today’s cybercriminals can efficiently cast wide nets and extract plenty of money from small businesses and individuals. Malware protection is not just about stopping the uber-hacker, it’s about protecting customers when they buy airline tickets, bank or shop online, or submit sensitive data.
What do customers need to understand?
When talking to customers about security, an MSP needs to explain that the risks are very real and can be even more damaging to smaller businesses. By adding network layer malware and botnet protection to anti-virus, the MSP is protecting the customer’s business and employees from fraud and identity theft.
Dima Kumets is Product Manager at OpenDNS