85% of cyberattacks start with the human factor, but 80% of employees do not feel sufficiently warned or trained.
SoSafe helps organizations solve this problem with a cybersecurity awareness solution, based on behavioral science and learning psychology, employees receive trainings with regular learning content as well as phishing simulations that help them identify cyber threats and react accordingly.
At the same time, management can access risk on a daily, data-driven scale. They can measure the likelihood that their employees will click or interact with a phishing email, take the appropriate measures to avoid being the next victim of a cyberattack and permanently limit the risk.
Our data shows that after one year, click-through rates can be reduced by 70%, interaction rates even by 80%. In terms of my role, I lead our channel efforts here at SoSafe.
Our focus right now is on growing our international footprint and a big part of that strategy is working with channel partners and MSPs.
We opened new offices in London, Amsterdam and Paris earlier this year and have found that the fastest way to market is through local partners
I joined SoSafe at the end of 2021 to grow SoSafe’s channel program and since then we have grown the team by 700% to double down on our core market, DACH, and make the first investments in our European expansion. We currently have a trend of 300% year-over-year growth for our distribution business, so now is the perfect time for new partners to come on board while we set up the first partnerships.
Why is cybersecurity awareness training an important offering for resellers and MSPs?
Competition in the VAR and MSP/MSSP world is getting tougher.
Many VARs and MSPs look to the security space. In today’s economy, as many businesses reduce spending in many areas, cybersecurity continues to be one of the areas where investment will continue and even increase.
KPMG found that 76% of CEOs view cybersecurity as a strategic function rather than just an IT issue.
This is great news for the awareness space, as every business needs awareness measures, whether for compliance, certifications, cyber insurance, or simply to mitigate risk.
And SoSafe’s approach is not only to tick the boxes for compliance, but also to provide an effective and efficient means of meeting all of these requirements in a sustainable way.
Currently, the SME segment is really interesting for our MSPs. Small companies, which account for around 65% of total employment in the EU, tend to have fewer security resources and expertise. This makes them prime targets for cyberattacks.
Successful cyberattacks can cripple the business for a long time and cause enormous financial damage. A study by IBM Security, for example, showed that the average cost of a data breach is 4.5 million euros.
For MSPs looking to enter the security space, awareness training has a lot of visibility in an organization because it is something that every employee comes in contact with. This makes it a great entry point before talking about endpoint security, firewall and network monitoring, which tend to sit in the background.
For medium and large companies, our resellers have had great success with awareness as a gateway to other types of projects. It’s only natural that when you train employees online, you also need on-site trainings for more in-depth topics.
If you have phishing emails being reported more often, you need incident response management, or even see a security operations center. How would you describe your partnership strategy?
The cybersecurity industry is growing extremely rapidly. We seek to partner with VARs and MSPs who want to learn with us along the way.
There are many partner programs that are very complex. We seek to keep things simple, sharing knowledge and best practices with our partners so that we can all grow our business together.
Our approach is threefold:
1. Treat partners as if they were colleagues: if your sales team has access to sales materials and resources, your partners must have access to them too, so that they have as much chance of success as your own internal teams .
2. Help our partner grow: Many programs fall apart here. If you can’t find the win-winscenario in the partnership, you will have a hard time scaling it. Of course, it takes time to find the formula, but once you find it, double the bet.
3. Expertise: Leverage your expertise and find partners to complement it. As a company, you can’t be the best at everything.
Let your partners be the experts at what they do best and join forces. Your strengths will help you win together. How do you plan to grow your channel’s footprint over the next 12 or so months? We want to continue our strong growth trajectory. We know that most partnerships take a little while to get started: we assume that much of the effort we have put into our partnerships will accelerate over the next 12 months.
For now, our biggest contributors are more on the VAR side. But given that many MSPs are looking to become MSSPs (if you follow Jay McBain, you know he’s very optimistic about that), then I can imagine that our MSP offering might also start to pick up steam.
As mentioned, the SME market in the EU is huge.
This could be a great opportunity for early major MSPs who want to hit the market with an upcominggeneration awareness solution that has a strong presence in the DACH market.
How has the cyber threat landscape evolved in 2022?
From global social changes to geopolitical challenges, cybercriminals are taking advantage of the latest societal events for their own criminal purposes.
Besides the waves of event-driven attacks, such as the instrumentalization of the war against Ukraine by social engineering attacks, one can observe a general professionalization of cybercrime – at full speed. Organizations are facing an innovative dark economy in which cybercrime as a service is a common business model.
Tactics are changing almost by the minute. In our “Human Risk Review 2022”, we spoke with IT and cybersecurity experts. Nine out of ten experts confirmed that the cyber threat landscape has worsened. One in three companies experienced a successful cyberattack in 2021. There are several drivers for this development – certainly technologization and digitization are opening new doors for attackers.
For example, hybrid working models have expanded the range of attacks and success rates for cybercriminals. In our increasingly interconnected world, so-called supply chain attacks are also on the rise.
And the rise of artificial intelligence is enabling cybercriminals to use insidious new attack tactics such as deepfakes, voice cloning and large-scale automated spear phishing. It is therefore particularly important that we are aware that cybersecurity will never be an “over” issue.
We constantly need to learn about new strategies deployed by cybercriminals. Security awareness is therefore essential – and our survey confirmed this. 99% of all respondents said that strengthening the safety cultures of their organizations will be essential for them.
What advice would you give to resellers and MSPs looking to grow their cybersecurity business in 2023?
Humans are the first and last line of defense.
A technical solution alone is not enough and we advise you to keep this in mind when selling solutions to your customer: even if you have all the technology, monitoring and automations of the defender, cybercriminals can still enter out the door via the emotional manipulation of employees.
This human approach is also the one we adopt in partnerships. We aim to build long-term relationships with our partners, creating win-win scenarios for both parties.
For us, the ultimate goal is to create partnerships that feel like an extension of our team, growing our businesses together. Once you unlock it, double back and see where it takes you.