How to stand out from the crowd in Cybersecurity Awareness Month

National Cyber Security Awareness Month takes place every October in the US, originally started by the National Cyber Security Division within the Department of Homeland Security and the non-profit National Cyber Security Alliance. The month aims to raise awareness of the importance of cyber security and, this year (2021), is themed “Do Your Part #BeCyberSmart’ to encourage individuals to play a role in protecting their part of cyberspace and stressing the importance of a proactive approach.

The US is not alone in raising cyber awareness in October; the European Cybersecurity Month (ECSM) also runs at the same time and is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations. Across the month, ECSM provides online security information to raise awareness and shares advice on best cyber practice. The initiative began as a pilot scheme in 2012, and this year is themed around cybersecurity at home, the importance of thinking before you click, and cybersecurity first aid.  

These awareness campaigns spanning much of the western world ensure that cybersecurity is currently front of mind for a lot of businesses. However, while Cyber Awareness Month will certainly help cybersecurity consultancies and solutions providers share their messages even further, with so much noise in this market, how can organisations stand out from the crowd and guarantee it is their content that is seen first? The Sotiria partners have had their say and provided insights from their regions…

Piers at Finzel PR says local market trend reports are one of the best routes to go in Spain:

Cybersecurity is one of the hottest topics in the Spanish media and will continue to be so for the foreseeable future – not just because it’s a concern for big blue-chip companies, but also because it concerns all of us as members of the public. Even more so following the pandemic that saw a massive rush in the digitalisation of businesses of all sizes, from office-based organisations adopting remote working almost overnight, all the way down to the local grocery store or the restaurant on the street corner who had to rapidly switch to an e-commerce model to survive, continue selling their wares and start using social media to promote themselves. However, it is also a crowded market, with lots of multinational vendors jostling for share of noise both in the specialist cybersecurity publications as well as in the general interest media.

Many brands successfully use tools such as thought leadership or market trend reports to generate awareness directly or indirectly of the solutions they offer, but in most cases the insight they provide is based on data from markets outside of Spain – the US more often than not, or from the bigger European economies such as France, Germany or the UK. Very few take the trouble to research and provide data on cybersecurity issues specifically relating to the Spanish market. Those few that do, that actually offer the journalists data, for example the percentage rise in ransomware attacks on Spanish businesses, or smishing tactics used on Spanish mobile users, are the ones that are best able to engage with the media because that is what the journalists want to offer their readers. It’s by far one of the most effective ways to get a brand’s messages heard locally, and for the brand to stand out from the competition.

Sophie at BPR adds that a localised approach is also key:

Cybermonth is not the same in all countries and client should pay attention to having a localised approach. Take the example of France, the main topic for 2021 cybermonth is passwords. So, it means that if clients want to make noise, they should develop content on this topic mainly. And if they want to be in mainstream media, the best way is either to give tips or find a batch of testimonials ready to use.

Evan at Fortress Strategic Communications argues a look to the future will help companies stand out in the US:

Cyber Awareness Month presents a unique opportunity for cyber security – and companies in related fields – to showcase their capabilities, position their companies, and let spokespeople discuss threats. While many cyber security companies are utilizing these strategies and associated tactics, the question is always, how you not only stand out, but differentiate yourself from the ‘herd’ of cyber security companies all communicating value propositions and opinions that they consider ‘bigger, better, faster’ than anyone else? Take the road less travelled is our approach. Don’t tell your target market and the media what is happening now, tell them what is going to be coming down the line and how businesses of all sizes – and government agencies and consumers – are going to be impacted… and what they need to do to get ready!

Geraldine at Say Communications suggests a proactive approach to PR is essential:

“For cybersecurity brands seeking to stand out from the crowd, CyberSec awareness month is a great platform to express an original point of view – but it must not stop there. Enterprises must ensure that they prioritise consistent and proactive pitching regarding cybersecurity trends, issues, breaches or attacks, as this is crucial for becoming part of the ongoing conversation and establishing a company’s lead spokespeople as trusted thought leaders. Jumping on the back of news stories, national security announcements and market reports will demonstrate that the spokesperson is knowledgeable in their field, and eventually journalists will start coming to them for first response.

Niels at Discus Communications recommends social media engagement is prioritised: 

Everybody seems to “rush to the October-security angle” with their PR/earned media. This creates fatigue and can even create bad will among journalists. Instead, we advise our clients to maximize and utilize the awareness month on their owned media including social.

To find our how the Sotiria network can support your organisation and help you stand out from the crowd, get in touch.


How to find your Brazilian Communications agency

If you have a product or service that needs to be better-known by customers, suppliers and other stakeholders in Brazil, it is essential that you find a local PR agency as a partner.

Press relations can be a straightforward process for companies that already have experience in the field, but very complex for those who have never before required such specialized support, especially in different countries, where the culture has a strong influence on business.

Roughly speaking, we can view countries around the world as either having high-context cultures or low-context cultures. This refers to the value cultures place on indirect and direct communication. For high context cultures, communications are implicit and rely heavily on context. By contrast, low-context cultures rely on explicit verbal communication, documents, evidence. High-context cultures value interpersonal relationships that are build slowly and dependent upon trust. As Brazil is an example of a high-context culture, issues may arise that make doing business hard if the company has no previous experience with the country.

If you have already decided to partner with a local communications specialist – congratulations, you are on the right path! However, there are more steps required to ensure success, and this is what I want to recommend by listing three vital tips for those looking to work with a Brazilian agency.

Firstly, and most importantly, you need to hire a PR firm that suits your business in terms of expertise. An agency that works with construction clients, for example, cannot perform properly if you want to launch a new TV cookery channel. The firm must have track-record experience and success within your core industry. One obvious benefit here is that the PR firm will already have links to key journalists, influencers, executives, associations and trade events related to your line of business.

Secondly, I would recommend asking for proposals from at least three different agencies, preferably of different sizes. Each one will offer differing benefits and prices and you must assess their value to you, rather than just bargain for a price . Larger agencies naturally tend to employ a bigger workforce, and the person in charge of an account is normally a junior member of the team. Midsize agencies are different. Normally, the account is run by a more experienced professional, so he or she will talk to your company and the journalist, which greatly facilitates the dialogue. Small-sized agencies tend to deal well with companies that needs more brand awareness. They offer a “boutique” service and will not be as interested in expanding their profile with famous clients. Your account matters to the small agency and you will be served by senior staff or the agency owner, which brings a lot of value to your business.

The third and final tip concerns creativity. The creativity of the agency’s attendant and planner is as or more important than the list of contacts she holds, because there’s no point in having anything to sell without having the right arguments to do so. Therefore, ask your prospective partner to talk about their business cases, how they deal with big topics in your field and to describe the creative process in the agency. This can help you to make a decision about their suitability.

Becoming a trusted cybersecurity partner

Cybersecurity attacks and threats are making global headlines every day. Alongside industry reports of IT leaders lacking confidence in their security posture, we are seeing daily stories about the latest brands or industries to fall victim to sophisticated cybercrime. Recently, news broke on Fat Face’s £1.45million ransom following a phishing attack, while research has found that the UK Higher Education institutions are repeatedly targeted by ransomware attacks. In a time where retail brands have been making just a quarter of typical revenue, and educational facilities are challenged by remote learning demands, cybercrime is an added knockback that could have devastating financial repercussions.

It is no coincidence that the expanding threatscape coincides with society’s increased reliance on technology. Yet, despite the fact we are all turning to digital solutions for work, communication and entertainment, the skills gap remains rife. In fact, according to recent studies, the UK is heading towards ‘a digital skills shortage disaster’, as the number of young people taking IT subjects at GCSE level has dropped by 40% in the last six years. This means that finding the in-house expertise that will ensure a business is protected both day and night is becoming more of a challenge. Not only are there less trained experts available, but the growing level of cybercrime sophistication means that internal SecOps teams struggle to cover all the necessary ground. It will therefore come as no surprise that two thirds of organisations are planning to increase their amount of outsourced cyber resilience in 2021.

Outsourcing security solutions to expert agencies and Managed Security Services Providers (MSSPs) can offer business leaders un-matched peace of mind, allowing them to focus on what really matters. However, as a cybersecurity solutions provider, how do you stand out from the crowd and demonstrate that you are the trusted partner that organisations need to invest in?

Communication is king in becoming valued as trusted partners

Trust in a security vendor isn’t solely about the product, it’s also about reputation and experience. This is where an integrated thought leadership communications programme that engages across multiple platforms, plays a crucial role in showcasing knowledge, expertise and insight, and is a key influencer within any security buyer’s decision making process – the majority of companies consume between 3-5 pieces of content before even engaging with a salesperson.

Becoming seen and heard as a trusted advisor means offering unique points of view on  industry topics, upcoming trends and addressing customer pain points, and is educational content which exemplifies the company’s authority in its field. Prospective clients are ultimately looking for an authoritative voice that can impart industry knowledge and demonstrate why they should be trusted with ownership over the protection of a business’ key assets. Through digesting these insights, prospects begin to realise they may need more information and support. They may also recognise that the services they are currently receiving are not matching up to the knowledge imparted through the content they are consuming. From here, business relationships can be established, and the opportunity then presents itself to convert into long-term customers.

Show where you have succeeded before

Storytelling is a powerful communications tool. Security vendors looking to demonstrate their capabilities to prospective clients should quantify the results of current and previous projects and compile case studies that narrate success and key learnings. Previous success stories should also include proof of the measurable ROI that comes with any investment; the cost of a data breach now currently stands at an average $3.8million, while the expense of implementing in-house 24/7/365 protection is often far beyond what the typical business can afford. So, by highlighting palpable cost savings, alongside improved business security, potential customers will not only see where a security vendor has succeeded before, but be able to relate this success to their own challenges.  

By pairing success stories and quantifiable ROI, alongside quality thought leadership that offer advice and support to the industry and further afield, cybersecurity vendors can begin to establish themselves as trust-worthy partners that have the knowledge, skills and capability to help businesses overcome the increasing threats that lie in cybercrime.

It’s a Matter of Trust: How Security Vendors can Build Trust using PR

Trust and communication are essential to a successful relationship, particularly in business. A company may have a market-leading product, but without the correct promotion, the target audience may be unaware of the brand – let alone trust them – and the offering is redundant. Unfortunately, security vendors aren’t immune to this. In fact, they feel this burden more acutely as they need to build and sell trust.

In light of Cybersecurity Awareness month, we are sharing some of the key takeaways from our survey that investigated buyers’ criteria for selecting a security vendor. It identified communication as a key influencer in securing trust. If you consider that almost 64% of C-Level executives cite cybersecurity as a top priority, you can see why these vendors should seriously rethink their communication tactic, if indeed they have one.

In the battle to win sales, perception is everything. In fact, over 70% of respondents highlighted that a vendor’s media presence is critical in building their trust and loyalty to a particular brand. This doesn’t mean that companies need to dominate the mainstream headlines. Prospects regard trade titles in high esteem as they comprise comprehensive, technical articles specific to their market. For vendors, although offering a fraction of the readership, trade publications provide a targeted approach, often resulting in stronger conversion rates. Manufacturers should also consider who to accredit the content to. Almost 60% of those surveyed favoured articles from technical experts such as CTOs, Security Directors and CSOs. With a deep understanding of the company’s solution, they are considered to have a personal responsibility in the quality and reputation of their company’s offering and therefore more likely to be trusted.

Trade titles are only one piece of the communication puzzle. Being present in industry analyst reports, participating at trade shows and publishing customer case studies all emerged as crucial factors too, indicating the importance of an integrated communication and PR strategy. In fact, almost 50% of respondents considered analyst reports as a reliable source when selecting a vendor. These, along with case studies, comprise informative, accurate and impartial information about a product. In the instance of a case study, this third-party testimonial shines an insightful light on how a particular solution is being deployed by an existing customer.

For many, this advice may seem obvious. Perhaps you’re already deploying PR to a degree although, it’s worth considering how a PR agency can quickly establish trust in your brand, helping you drive sales.

A good PR agency will have knowledge of the wider industrial landscape and relevant target markets, although a great agency will want to truly get to know your business and become an extension of your marketing team. This is in our DNA at Say. We’ve worked with many of our clients for several decades now, helping them to become the trusted provider in their respective fields which we will address in our next blog. For now, I leave you with one final consideration during cybersecurity month – it’s a manufacturer’s responsibility to build trust, while it’s an individual’s decision to trust in it. If you’re considering your marketing plan for next year and want to learn more about how we can help you become the go-to, trusted vendor, contact us.

Augen auf bei der EU-DSGVO: Gesetzliche Neuerungen im Bereich Videoüberwachung

So viel ist klar: Wenn im Mai 2018 die EU-DSGVO anwendbares Recht wird, drohen all denjenigen, die sich nicht an datenschutzrechtliche Vorgaben halten, empfindliche Bußgelder. Bei leichten Verstößen sind es zwei Prozent des weltweiten jährlichen Konzernumsatzes oder 10 Millionen Euro, bei schweren Zuwiderhandlungen vier Prozent oder maximal 20 Millionen Euro. Zum Vergleich: Aktuell werden bis zu 300.000 Euro fällig, erfüllt ein Betrieb nicht die gesetzlichen Anforderungen. Das Thema Videoüberwachung beispielsweise hält einige Aspekte bereit, mit denen es sich für Unternehmen lohnt, genau hinzusehen. Sonst kann es teuer werden.


Die Datenschutz-Folgenabschätzung

Bisher regelt § 4 d Abs. 5 BDSG (Bundesdatenschutzgesetz) die Vorabkontrolle. Dabei handelt es sich um eine Prüfung von Datenverarbeitungsvorgängen, die bezüglich der Rechte und Freiheiten der Betroffenen ein hohes Risiko bergen. Aufsichts- oder betriebliche Datenschutzbehörden prüfen dabei die Voraussetzungen einer geplanten Überwachung auf ihre Rechtmäßigkeit. Die EU-DSGVO enthält einen vergleichbaren Passus – Artikel 35:Dort schreibt die neue Verordnung eine „Datenschutz-Folgenabschätzung“ vor. „Hat eine Form der Verarbeitung, insbesondere bei Verwendung neuer Technologien, aufgrund der Art, des Umfangs, der Umstände und der Zwecke der Verarbeitung voraussichtlich ein hohes Risiko für die Rechte und Freiheiten natürlicher Personen zur Folge, so führt der Verantwortliche vorab eine Abschätzung der Folgen der vorgesehenen Verarbeitungsvorgänge für den Schutz personenbezogener Daten durch.“ Artikel 35 Absatz 3c führt aus, dass eine solche Abschätzung beispielsweise immer dann erforderlich ist, wenn systematisch und weiträumig öffentlich zugängliche Räume überwacht werden. Bei der Datenschutz-Folgenabschätzung unterliegen die Verantwortlichen außerdem einer umfassenden Dokumentationspflicht, bei der sie beispielsweise die identifizierten Risiken nachvollziehbar bewerten und die Verarbeitungsvorgänge systematisch beschreiben. In Zukunft ist also jedes Verfahren genau unter die Lupe zu nehmen. Nur so können die Verantwortlichen entscheiden, unter welchen Umständen eine Datenschutz-Folgenabschätzung nötig ist.

Wann ist eine Datenschutz-Folgenabschätzung angezeigt?

Während einige Fälle in Zukunft schwer einzuschätzen sind, gibt es dennoch einige Situationen, in denen eine Datenschutz-Folgenabschätzung höchstwahrscheinlich notwendig ist. Es ist derzeit noch nicht möglich, eine Garantie zu geben, unter welchen Umständen eine Datenschutz-Folgenabschätzung zwingend ist. Aufsichtsbehörden werden gemäß Art. 35 Abs. 4, 5 DSGVO ermächtigt, Listen mit Verarbeitungsvorgängen auszuarbeiten, für die eine Datenschutz-Folgenabschätzung unumgänglich ist. Ob diese Listen vor Mai 2018 erscheinen, ist noch unklar. Doch wenn auch ohne Gewähr, soviel sei gesagt: Die Artikel-29-Datenschutzgruppe   ̶  das unabhängige Beratungsgremium der Europäischen Kommission bei Datenschutzfragen   ̶  ist der Meinung, dass eine Datenschutz-Folgenabschätzung angebracht ist, wenn beispielsweise der Straßenverkehr intelligent überwacht wird und Autokennzeichen erfasst werden. Auch die Überwachung von Mitarbeitern in Unternehmen erfordert eine Datenschutz-Folgenabschätzung. Die beiden Beispiele können als Anhaltspunkte dienen, wann eine Datenschutz-Folgenabschätzung durchzuführen ist. Prinzipiell gilt: Im Moment ist es noch nicht möglich, eindeutige Aussagen darüber zu treffen, wie bestimmte Paragraphen der EU-DSGVO tatsächlich auszulegen sein werden. Die Praxis wird es zeigen.

Is France the Promised Land for cyber security start-ups?

Today, cyber security has become a major stake for the world of tomorrow. The protection of personal data as well as the defence against cyber-attacks targeting businesses became top priorities. And everyone, from the most humble of individuals to the most powerful government, is concerned. Faced with a dizzyingly fast evolving threat, innovation has become a prerequisite.

Whilst countries such as the United States or Israel are known to be dominant in cyber security, France is becoming pivotal to the sector thanks to a focus on breeding agile start-ups.

A dynamic sector 

France currently has more than 110 start-ups or SMBs specialised in cyber security, which equals a little over 1,000 jobs. While these numbers seem a little low at first sight they are constantly increasingly, and the size of the market will probably more than double in the years to come.

Of these, around 60% entered the market to further develop existing types of cyber security technology such as network security or identity management. The rest are pushing beyond into new sectors and either creating new cyber security solutions or securing new technological uses for cyber security.

These start-ups and SMBs are not afraid of market consolidation. Despite strong competition in the cyber security sector, new entities are created each year, and we are seeing lots of new innovative solutions in the field of application security (Sqreen) or industrial systems (Yagaan, Sentryo and Seclab in particular). France is also very well positioned in the field of reverse engineering or cryptography with companies such as Cryptosense calling France home in part thanks to the French School of Mathematics, which allows start-ups and SMBs to have access to leading experts.

A favourable environment

In France, people have also taken full measure of the importance of cyber security, with numerous events that highlight and support innovative start-ups.

For example Assises de la Sécurité, which has become world renowned, has its own Innovation Award, for innovative SMEs and there is also the promiment innovation competition organised by Société Générale and Wavestone. These events also serve as matchmakers between start-ups and their investors which are mostly public and private players from the defence sector.

Les Assises de la Securite

In addition several government programmes, sponsored by the ANSSI, exist to support start-ups, such as the “Programme Investissement d’Avenir“, which invests €22 billion euros in research, the Cyber Defence Pact and the Young Innovative Company status which reduces R&D costs, social security contributions and corporate tax. Numerous other associations are present in France in the field of cyber security, such as the Alliance for Digital Trust, Tech in France and Hexatrust. To tie all of this together, there is the “France Cyber Security” label, created to promote national cyber security solutions in France and abroad and increase their visibility and use.

Thanks to all these aids and initiatives, cyber security start-ups are doing well in France. But there is still a lot more to do.

Exploiting its full potential

However, whilst France has 228 national incubators and about fifty start-up accelerators, none are explicitly dedicated to cyber security. This is a weakness that must be corrected as soon as possible, especially since some aspects of cyber security, such as “deception” (providing false information to an attacker to slow him down) are still relatively ignored in France, whereas Israel and the rest of Europe have made it one of their priorities.

Similarly, French start-ups are only located around a few cities: Paris, Lyon and Rennes for the most part, the rest being scattered in the south of France. It still lacks a real area dedicated to the field of cyber security, such as the UK’s cyber security hub in Cheltenham.

But for France, to distinguish itself at the global level, it is not the number of start-ups, but the export of these companies abroad that counts. Some, like Tetrane and Quarkslab, are already internationally recognised. Qualys and Linkurious are also two examples of start-ups that have been able to export themselves well. However, it is more of an exception than a rule. Many others have identified the same problem, an inability to communicate effectively. French start-ups are far from the level of their international competitors in marketing, and struggle to sell their ideas.

Improving the international transition, diversifying into all aspects of cyber security and creating an area dedicated to this field are some of the vital points for improving the efficiency of French start-ups. France is fortunate to have a pool of dynamic young bosses, a true culture of innovation and real support, from the authorities as well as the media, companies and industry. There is truly a card to play – it just needs to be played well.

Data Privacy in the Age of Alexa

Reading the technology media coverage of both CES 2018 and the post-Christmas sales, it feels like smart devices are finally having their much predicted moment. Every consumer technology vendor seems to have their own take on the smart device, from Amazon and Google’s smart home hubs to Philip’s connected lightbulbs and Samsung’s internet enabled fridge. The rate of ownership of these particular devices may not be that high, with only 18% of UK households reporting owning one, however, if we include other connected devices such as wearables and smartphones, then it becomes very clear that these devices are appearing everywhere.

Internet connected devices have certainly made our lives easier and even have wide reaching potential for making our cities safer and more responsive for example through monitoring pollution and optimising traffic flow. Yet, as Data Privacy Day approaches, it is vital that we consider how all these devices will affect the use and collection of personal data.

Continue reading “Data Privacy in the Age of Alexa”

A Monaco, les Assises de la sécurité grandissent et s’exportent

 Les Assises de la Securite

Pour sa 17 ème édition, les Assises de la sécurité, un évènement dédié à la sécurité de l’information, ont rencontré un succès inédit, que ce soit en termes de fréquentation ou de couverture médiatique.  Une amélioration due à l’intérêt croissant des entreprises françaises et mondiales pour la cybersécurité, au point que le salon s’exportera à Londres pour 2018. Retour.

C’est en tout début d’octobre, en plein mois européen de la cybersécurité, que se déroulaient les Assises de la sécurité. Organisées tous les ans à Monaco, ces dernières regroupent les meilleurs experts des SSI et proposent des conférences plénières, débats, ateliers, tables-rondes et autres espaces de rencontre dédiés aux éditeurs, constructeurs, opérateurs, sociétés de services et représentants d’entreprises.

Continue reading “A Monaco, les Assises de la sécurité grandissent et s’exportent”

Cybersécurité: des chiffres qui donnent le vertige!

Au cours des derniers mois, de multiples attaques par déni de service (DDoS) ou encore par des logiciels malveillants ont sévi un peu partout dans le monde. Le projet collaboratif Atlas révèle une augmentation assez franche des cyberattaques au cours du mois d’août en France : le pic des 28 000 attaques DDoS est atteint !

Image result for direct denial of service attack

Continue reading “Cybersécurité: des chiffres qui donnent le vertige!”

Security Implications of Blockchain Beyond Bitcoin

There is a new foundation being created for the internet, and it already looks like it will upgrade the very way the internet records and shares data. Moreover, many analysts believe this technology will shake up several industries, paving the way for user-to-user interactions without the use of a middle man. It’s called blockchain technology, and it was originally created to service Bitcoin transactions. But, what exactly is Blockchain technology?  Don and Alex Tapscott, authors of Blockchain Revolution, describe it as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”


Continue reading “Security Implications of Blockchain Beyond Bitcoin”