Go on admit it. The security folks think the guys in marketing are full of froth. Over in marketing they see the security guys as the humourless bringers of doom, destined to put a stop to any and every project they attempt. Well if what we have learned is right, it’s time to get over it. Research conducted to develop the Marmalade Box SABC methodology suggests that learning the core principles of Marketing could well be central to the success of the security team embedding good security culture in their organisations. We’ll be exploring these topics in more details in upcoming posts, but as an introduction, let me explain…

The Nebulous Nature of Threat.

Articulating vectors of threat to the average employee is difficult. Too many badly scripted movies have confused the reality of how real hackers operate. More than that they hardly ever address the much bigger, but far less glamorous, issue of accidental data breaches. The other main challenge is that until an issue occurs the problem is rarely apparent. Successfully communicating this is tough. Tougher still if your day job tends to focus more on configuration screens and dashboards. What is required is a professional trained in communicating complex concepts in manner optimised for the target audience. Someone like a professional copywriter perhaps?

The Link Between Security Culture and Brand

Normally the only time you hear “brand” and “security” in the same sentence is in a negative context when brand is considered damaged as a result of a security incident. But consider this. The effectiveness of a security team in embedding security culture can be directly linked to the perceptions of the rest of the organisation of that team. If security is deemed as separate from the business goals, a brake on getting things done, a hindrance, aloof, then any programme delivered by that team is already on the back foot. These perceptions, in marketing terms, are yours and your team’s brand. It’s way more than a logo on a slide and it’s something you’re going to need to address.

The Impact of “Content Marketing”

Research suggests that these days by the time a sales lead is apparent to the sales department, prospects are already 40% the way down the sales cycle, have “self served” themselves the information they required up to that point, about both the product or service, but also the business and it’s competitors, largely by what they find on Google and social media.
Your marketing team (if they are any good) already understand that. That’s why they spend so much time getting blog posts written, sharing and engaging on social media and investing in digital marketing techniques. They have become really good at finding innovative ways to articulate your organisation’s business and it’s values in a variety of media.
As a security team you are vying for the attention of your employees with the marketing teams that are targeting them. Time you learnt those techniques too and honed your content. A few dodgy PowerPoint slides delivered poorly, will be as ineffective as if you never delivered them in the first place. The challenge of creating engaging content is one we’ll revisit in more detail in an upcoming post.

Segmenting Your Audience

A core tenant of good marketing strategy has always been that of customer segmentation. Different audiences will respond differently to different messages and communication styles. This could be cultural issue, it could be a demographic issue, it could have something to do with the “starting point” in the audience’s knowledge on the topic. When was the last time you thought about this in the way you rolled out your security training across your organisation? How much more effective could it be if you did? Look out for more on segmenting your audience in a further post on this soon.

The challenge for security professionals in embedding great security culture in our organisations has never been more important, or been more difficult. Doing the same thing over and over again has been proven ineffective. It’s time we changed our own mindset if we’re going to have a hope of changing others. Having a meaningful conversation with our colleagues in Marketing could well be a great place to start.

To find out more about our SABC methodology and how we embed these principles in a new approach to information security training, click here.

If you like these posts, why not add a comment below and/or sign up to our newsletter to keep informed when we post new content.

Click to access the login or register cheese