Attribution: Does It Really Matter?

 

 

Hacker typing on a laptop

 

Unlike the movies, hackers typically don’t infiltrate businesses and steal intellectual property while sitting in their mother’s basement. Instead, they launch attacks from devices in organizations they’ve already infiltrated. They use these infiltrated sites to make multiple “hops” before arriving at their objective to obfuscate their location. These hackers use their skills and time to hide their identity prior to the start of the operation. This process makes it difficult for threat analysts to determine who they are and where they are located (aka attribution).

Not only can attribution be difficult, but if the wrong organization (nation-state, etc.) is identified, it can lead to false accusations, which can be risky for the accuser.

Over the past few years, attribution has come up more often as large-scale breaches have become more mainstream. After a major breach occurs, security analysts will typically attempt to determine who was behind the attack. For example, China was believed to have carried out an attack against the Office of Personnel Management; the Iranian government was believed to have hacked a small dam in New York; and North Koreans were believed to be responsible for the Sony breach. In the end, people want to know who is responsible for the incident, and attribution is an attempt to uncover the culprit.

Attribution is not a new concept. It’s been around for a while as officials try to identify who is responsible. Just as there isn’t always a direct answer to who committed a traditional crime, it can also be difficult to find evidence of attribution of a cybercrime.

“Attribution is extremely difficult and requires intelligence sources that are reliable and accurate,” says David Kennedy, CEO of TrustedSec. “The intelligence community typically monitors specific groups and activity in order to have high confidence. It’s not a perfect system, but the US is one of the best.”

Thomas Rid, professor and author of Attributing Cyber Attacks seems to agree. “Obviously there are cases where we cannot come to a clear conclusion in digital forensics. It’s always a question of what evidence did you get,” says Rid. “But there is still this ‘attribution is impossible’ knee jerk reaction that occasionally pops up, which really doesn’t make much sense. The idea that attribution is not possible really doesn’t carry any weight in the technically informed community anymore.”

Are We Focusing On The Wrong Thing?

Having a security team attempt to determine attribution can be a time-consuming process, and sometimes futile if you don’t have the evidence or talent to attribute the event. While having this information may be useful, it doesn’t help your organization improve its defenses so it will be better prepared for the next attack.

Your resources should be focused first on protecting your network to make sure you’ve done everything to stop future infiltrations. This includes following these steps:

  1.    Appoint a person to oversee your security program.
  2.    Update your security software (this includes operating system security patches).
  3.    Schedule security audits to make sure you measure your efforts.
  4.    Create a plan for incident response.
  5.    If you don’t have enough internal talent to handle the load, get help from a managed services provider.

While it may be helpful to know “whodunit,” it’s more important to protect your company before the next attack occurs. Following these five steps will help you reach that goal.

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

 

 

SecuNETWORK SECURITYrity

Network Security vs. Endpoint: Which One Is Right For Your Business?

 

Security

 

Every week, 95% of network threat alerts are ignored worldwide, leaving behind an average of 16,232 threats that go unchecked. Most of these are unwanted and irrelevant alerts, but what about the vital ones that go unnoticed?

Should you block these threats using network security before they actually hit your endpoints with detection and sandboxing?

What if you don’t have secure endpoints? Will this create a single layer that hackers can easily  penetrate?

Network security

Network security involves protecting the devices and files on your network against unauthorized access. It focuses on protecting the integrity, confidentiality, and availability of your data. Network-based security can provide information about traffic on the network and threats that have been blocked. The downside is that so many warnings can be generated that it’s easy to get overwhelmed by the data and false alarms and miss the actual attack.

Network security can also be time consuming. When a viable threat is found, it needs to be investigated, which can be a long process. Networks have also become unpredictable, which makes protecting them using network-based security more difficult.

In the past, network security has been a majority of an organization’s security budget. However, things may be changing. As more security options are moved to the endpoint such as authentication, encryption, and anti-malware, network security is changing.

“It’s certainly not time to rip out the firewall, network security isn’t dead yet. It’s changing,” says Spencer Ferguson of Wasatch Software.

Endpoint security

Endpoint security secures end-user devices like laptops, desktops, and mobile devices. It addresses the risk associated with the devices that are connecting to your network. Endpoint security is different than traditional antivirus in that with an endpoint security framework, each individual endpoint is at least partially responsible for maintaining their own security.

“The focus is going away from the network perimeter and to the endpoint because it has to,” says Shane Vinup with Cyber Advisors. “There’s a lot of data and a lot of sensitive data in the wild outside of the firewall. The focus now really is: How do I protect that data? The focus for a security professional has shifted from the perimeter.”

Mike Spanbauer, VP of Research and Strategy at NSS Labs seems to agree that endpoints are important, but has concerns about determining who is responsible for protecting them. “Organizations have more endpoints today than ever, and securing those endpoints is challenging, because it’s rare that any one organization is responsible for all the endpoints that touch its network and servers,” says Spanbauer. “This is why it’s so critical for businesses to identify who’s responsible for securing which endpoints before a security incident occurs.”

Why Not Use Both?

The advantages of endpoint and network security are not mutually exclusive. There are advantages to using both. With network security, anomalies can be identified and confirmed and then endpoints can provide clarification.

To help secure your network, make sure your endpoints are secure. Then make sure your network security is in place to supplement your endpoint protection.

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

 

Threat Hunting: When You Can’t Sit Back and Wait

 

Threat Hunting

Do you ever sit at your desk and wonder when the next attack on your network will occur? Maybe you have an automated system that sends you alerts, but you get so many false positives, you feel like you’re starting to drown in the irrelevant data. Meanwhile, threat actors are continuously improving their techniques and approaches.

While threat detection tools and incident response are both critical, sometimes security professionals need to take a more proactive approach. Threat hunting is essentially threat detection that is driven by a human analyst. This is somewhat different than it being driven by an automated system, no matter how powerful the system is.

“Security Operations Centers (SOCs) today are faced with an onslaught of false positive alerts and actual attacks often lay undetected for months before being discovered. Threat hunting is a critical new function for any modern SOC to proactively look in the blind spots of current tools and sensors and surface hidden, advanced threats,” says Ely Kahn, co-founder of Sqrrl and former Director of Cybersecurity at the White House.

Tools Are An Important Part Of The Strategy

Traditional systems for finding threats are typically based upon signatures, which means they can only detect things that are known. Newer systems actually monitor behavior and do a better job of identifying unknown attacks on your endpoints. Monitoring behaviors allows you to identify when an endpoint has been compromised. Machine learning can be used to identify traffic patterns of a hacked device as it reports back to a command-and-control system.

Threat Hunting

You can’t rely on monitoring and the alerts alone to know that your network is safe. Threat hunting helps you identify attackers that have been operating unseen within your network. At the same time, threat hunting can be used to augment your automated threat detection and improve the quality of detections by reducing false positives.

Without having someone actively hunting for threats on your network, you must wait for automated systems to alert you when an attack occurs. However, what happens when an attacker finds a way around your automated system and through gaps in your security?

Instead of sitting around waiting, threat hunters are constantly looking for new ways to identify attackers. A threat hunter can work to not only identify these threats, but to automate known threat detection in the future. This will help reduce the number of items that threat hunters will need to monitor going forward.

“While machine learning is incredibly powerful it’s not something that solves the attack detection problem. It’s something which narrows your focus and attracts the attention of a human analyst to take a look,” says Ian Barker with betanews.

When You Can't Sit Back and Wait

Tips To Improve Your Threat Hunting

Make the most of your data: Automated systems can collect a plethora of data within a short period of time. Embracing data analytics can help you create datasets that will make your hunting more productive. Since some attacks involve weeks or even months of data, you will need a system like Apache Hadoop that can be used to collect and analyze the data.

Machine learning: With machine learning, you have the ability to increase your hunting potential and help you find the anomalies within your dataset.

Have a strategy in place (before you get hacked): An underlying theme in most of the sessions at April’s InfoSec World was to have a strategy in place before you get hacked. The last thing you want to do is to stand in front of the Board of Directors and tell them that the company has suffered a data breach. Create a strategy before this occurs. Use a framework like kill chain mapping to give you a way of making sure that each hunting expedition is efficient.

Let The Hunt Begin

Security researchers need to continue to challenge themselves in their organization to proactively hunt threats instead of waiting to react after a breach has occurred. Using a blended approach with threat hunting delivers better results than just depending on a single method or tool.

 

New Call-to-action

 

Cybersecurity professionals

4 TIPS FOR SUCCESSFUL CYBERSECURITY EMAIL MARKETING

1

Cybersecurity professionals are by nature a cautious group who spend their days trying to figure out what types of tricks the attackers will attempt next. Some even try to teach employees in their organization good practices like not clicking on emails from people they don’t know. 

Enter the marketing professional, whose job it is to market to this group of cautious professionals and get them to trust us enough to actually click on a link so they can check out our products and services. As marketers, we like to collect analytics to show how readers are progressing through the sales cycle. Unfortunately, in order to get this type of tracking data, our links have to be unique and don’t display the true destination of the click (i.e. http://google.com might become http://bit.ly/20nEfE5). This means that cybersecurity professionals can’t tell where a link goes and are therefore unlikely to click. 

In order to succeed as marketer with cybersecurity professionals, you need to understand how they’re different. This group of professionals is wary of many types of marketing as they are constantly on the lookout for people trying to dupe them or their fellow employees.

Here are 4 tips to improve your email marketing to cybersecurity professionals:

1. Get To Know Your Audience (Intimately)

  •  Create a Use Case that clearly defines who your audience is, the challenges they  face, and how you need to position your product or service so that it is the     unique  solution they need to solve their problem.
  •  Understand which sector of the cybersecurity industry your product or service  occupies (i.e. endpoints, incident response, antivirus, logging, etc.).
  •  Understand and use their language of cybersecurity in your email correspondence.
  •  Find out if there are any regulations or standards by which your software will be  affected.

2. Take The Time to Build Trust

Whenever working with this highly technical group of people, always use facts instead of bold marketing claims. If you try to exaggerate the features or benefits of your services, you will likely get an unsubscribe.

This is a group of people who are regularly being told by vendors that their software is the “magic silver bullet” that will stop any type of attack. The problem is, saying that anything is “unhackable,” “undefeatable,” or “able to stop any type of attack” to this audience will quickly destroy the trust you’ve worked hard to build.

Instead, stick to the facts, features, and benefits that you can prove and market your product or service with credibility. 

3. Take Advantage Of Case Studies

There is no better way to prove that your product or service is credible than hearing success stories of other customers who have used your product or service. Customer case studies provide a real-world story of how a challenge was met and then uniquely solved with your service.

images (2)-1.jpgHow can you get these case studies? When you’re negotiating price with an existing customer, ask them if they would be willing to do a public reference in exchange for a reduced price.

4. Start With A Strong Welcome Series

After your lead has downloaded your gated content (i.e. case study, whitepaper, webinar, etc.), make sure you send them a strong welcome series. A welcome series will typically have the best open and click-thru rates.

Keep Nurturing

Providing real value that connects with cybersecurity professionals in their own language using a welcome series is a great way to start building trust. By following these tips, you can keep nurturing cybersecurity leads until they are ready to make a decision.

 

New Call-to-action

marketing-data

Marketing Lessons from the Amazon S3 Web Services Outage

 

marketing-data

Twitter was full of burns directed at Amazon Web Services (AWS) about a week ago, as the company struggled to get its S3 web-based storage service back online.  Among the sage advice dispensed by users were suggestions to “just plug it back in” or, “turn it off and back on again.”

Click to Tweetsometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us

Jokes aside, sometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us – a painful truth that most marketers have come to realize.

In response to the outage, AWS, which maintains an estimated 40% of the overall cloud market, released a statement saying, “For S3, we believe we understand root cause and are working hard at repairing. Future updates across all services will be on dashboard.”

Given the rising popularity of cloud-based services Dropbox, Google Drive, Salesforce, Capterra, SearchCRM – to name a few – it’s no surprise that experts predict the number of data breaches in this sector will continue to grow, and that the risk is real.

As marketers continue to employ more personalized and targeted campaigns to better engage consumers, the need to collect a wide range of data on each unique prospect and create individual consumer profiles continues to grow – as does the risk of this data being breached.

Even though it was revealed that the AWS outage was caused by human error, it’s still crucial for us marketers take a step back, and try to understand what the consequences could have been for the community if it was a cyber attack.

What the AWS Outage Highlights About Keeping Customer Data Safe

According to reports, the AWS S3 system is used by 148,213 sites, and stores over 3-4 trillion pieces of data. When considering this magnitude, there’s no question that data traversing the cloud must be subject to the same level of scrutiny as its physical counterpart.

Even if this outage wasn’t the result of an attack, it still sheds light on what we stand to lose if cyber criminals focus their attention on taking down cloud services.  Just think of all the data your prospects and customers have entrusted to your marketing department!

In the era of digital marketing, where organizations develop detailed profiles of individual consumers based on multiple data sources, even one data breach can serve to considerably harm consumer trust – and ultimately impact a company’s operations and revenue.

According to research from Deloitte University Press, 59% of consumers state that the knowledge of a data breach at a company would negatively impact their likelihood of buying from that company. The report also states, “the more data a company collects – and the more sensitive that data – the greater the data’s appeal to malevolent hackers, and the greater the risk associated with data breaches.”

Related Article – What Will Cybersecurity Marketing Look Like In 2017?

Keeping Marketing Data Secure in the Cloud

 There’s no denying the appeal of cloud. Deploying technologies in dispersed and diverse environments in a quick, cost-effective way can prove beneficial for businesses across the board.

How can you ensure that your organization’s marketing data stays safe in the cloud? In terms of overall guidelines, make sure you adopt policies that are transparent, be cautious about collecting – and particularly sharing – data, reassure customers about steps you’re taking to keep their information safe, and most importantly – if there’s an attack, regain their trust.

Here are 5 key steps your marketing team should consider:

Step 1: Define Your Cloud

Work with your IT department to determine whether public, private, or hybrid cloud is best for your team. Traditionally, private cloud is considered the most secure. That isn’t to say that other options aren’t worth looking at; however, all options should be aligned with other security measures.

Step 2: Review SLAs and Plan Ahead

Create a plan to enable your marketing technologies while keeping data secure. This means reviewing the service level agreement (SLA) from your cloud provider and preparing for any gaps that may occur in the migration process and beyond.5_steps_

Step 3: Go Beyond Your Application View

Consider inside and outside threats that could take down your cloud technology. Are you using IoT devices? Are employees using single sign on? Are there potential unknown endpoints connecting to the cloud?

Step 4: Prepare for Worst-Case Scenarios

Prepare for attacks and outages. Always have a plan that your entire team is aware of in the case of an episode. This should outline failover plans and risk mitigation steps to follow.

Step 5: Devise a Crisis Communications Plan

It’s equally important to craft the marketing messaging that will need to be shared with your customer base if an attack does occur.

 Click to Tweet – Marketing is the Public Face of An Attack 

 When a new attack makes the news, it’s up to the marketing department to respond quickly with a message that instills confidence in your cyber security solution.

Customers will feel exposed and concerned about the collateral damage of downtime or malicious activity, and having any of your infrastructure in the cloud, public or private, introduces a whole new degree of vulnerability.

Organizations considering signature-based detection solutions need to know that providers using these techniques may be hosting their databases of code in the cloud.

Rather than give up on the value that consumer data can lend to targeted campaigns, marketers should foster brand trust by meeting consumer expectations about data security.

In the event that we encounter another prolonged outage, your security services won’t be available, leaving you and your organization vulnerable to more attacks.

That’s why it’s more important than ever that your marketing team is prepared for the worst – especially when migrating to the cloud.

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>New Call-to-action

 

 

Cybersecurity audience man with colors

GREAT CONTENT JUST ISN’T ENOUGH: HOW DESIGN PLAYS A CRITICAL ROLE IN INCREASING READERSHIP FOR A CYBERSECURITY AUDIENCE

cybersecurity audience man with colors

 

In the marketing world, “done is better than good” is a phrase that comes up quite a bit. The idea is that marketing itself is a quantity-based industry, not necessarily a quality-based industry, and that the time it takes to perfect a marketing strategy is time that could be better spent churning out new content and new strategies.

Yet in the rush to get content published within deadlines, cybersecurity marketers often miss out on some of the smaller, simpler changes that on the surface may seem irrelevant, but in practice can make the difference between creating content that people love to read, and content that gets completelyignored.

Continue Reading

A guy in front of the pc

Lead Generation Tips for CyberSecurity Companies

 

Lead Generation Tips for CyberSecurity Companies

 

While most companies today already use some form of online lead generation, how they do so is frequently evolving. If cybersecurity businesses want to keep up with the times, it becomes important to periodically evaluate the current lead generation strategy and see if there are better opportunities out there.

For example, in the past, many companies used specific landing pages – often connected to ad accounts – that are hidden from the sitemap and used primarily to address specific leads. But many businesses are finding that this strategy is no longer necessary, and that on-page lead captures may be more successful.

How each company generates leads is going to be dependent on the type of business they run, what their current marketing strategies are, what products and services are available, and who their ideal customer is. However, there are several tips and strategies that should be considered as a cybersecurity company.

Optimizing On-Page Tactics

It starts with on-page lead generation. These are the efforts that companies use to attract leads on the page/website that the visitor is currently viewing. Rather than using a specific landing page, the business captures the lead from whatever site page the visitor has hit.

Most news websites, eCommerce sites, and consumer blogs tend to use some type of on-page lead capture. As a cybersecurity company you are no exception. Some recommended software that allows for this type of lead generation includes SumoMe (welcome mat, list builder, scroll box, triggered pop ups), Optinmonster (exit intent, full screen welcome gate, sidebar forms), OptiMonk (exit intent, inactivity pop up, scroll, dynamic text), Optin Forms (embedded in-page forms) and Wistia (video integration).

Adapting your website for on-page lead capture is a great first step. But placing a sign-in sheet and asking for a visitor’s email simply won’t cut it, as many will be hesitant to give it to you for various reasons. The good news is that there are a number of effective methods that you can use to earn their trust:

hands-holding-letters-tips-500pxGive them a reason why – Why, with all the free content that’s available, should they give you their email address? What do you offer that justifies giving you something that nowadays is seen as incredibly personal? Think long and hard about your pitch, and do your best to provide potential clients with true value.

Trigger emotions – While simplicity is a must, creativity is still highly valued. Triggering emotions with words or images can be a powerful way to get people excited about the idea of hearing more from you in the near future.

Keep it simple – Assume you have only a few seconds to give them a reason to sign up, because their mouse is already inching closer to clicking the X on your message. The more they have to read, the less likely they’re going to accept the lead request and give you their information.

Add visuals – Impressive visuals capture attention in ways that words often cannot, and in today’s increasingly visual world, adding some complementary images can assist you in your quest to trigger emotions.

A/B test everything – Finally, don’t be afraid to doubt yourself. Take risks, try different things, and test all of your weapons to see which one is getting you the best reaction. Something as simple as font size can have a very different impact on your results, but you won’t know unless you put it out there in front of a bunch of eyes.

Above all else, recognize your audience. You’ll generate far more leads when you know what the needs of your visitors are than you will if you’re in the dark.

Taking Advantage of Social Media

Another great tool for finding leads as a cybersecurity company is via social media (yes really!), as it allows you to display even more of your personality. Of course, it takes time and effort to plan your next moves and figure out ways to develop a consistent voice and brand, but in the end this helps you differentiate yourself, and builds trust with potential leads.

Products such as Socedo can be quite effective here, as it allows you to first connect with your prospects on Twitter, then automatically filters them into your database with their email addresses so you can nurture them further. This is a new found tactic of combining outbound strategies with inbound strategies (without buying a list!) as you have essentially warmed up a cold lead using a very natural action of today – connecting on Social Media.

However, when it comes to effective strategies to improve social media lead generation, you may want to consider the following:

Ask powerful questions – Any time you can get someone thinking, you’re creating a space in their mind for your business. Asking the right questions encourages people to participate in a conversation that involves you as well as other followers.

It’s social media…so try to be social – People are more likely to be interested in following you when they know you’re managed by real human beings who aren’t afraid to engage in some back and forth, no matter how sensitive the topic. That means interacting with the people that like and comment, answering questions, and showing you’re actually listening.

Send them to your site – Social media can adapt very well with your on-page lead capture campaign. Create content your followers want to see more of, and then develop an on-page strategy that takes them further down the funnel.

Social media, when used correctly, is a tool that can give your cybersecurity business a whole lot of character, and that can be an extremely powerful tool for finding and capturing potential leads.

Additional Lead Generation Tactics

A number of additional (and useful) strategies include posting interactive contact such as surveys and games, and of course videos, infographics, and other forms of digital content which can be powerful additions to the written content, keeping people on-page longer and giving them more reason to believe you can assist them with their needs.

In the end, cybersecurity businesses that make a point of listening to their customers and reinventing themselves by implementing new and engaging messages and strategies are going to be the ones that stay relevant and attract those precious leads.

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

THREE REASONS YOUR CYBER SECURITY CONTENT ISN’T DRIVING CONVERSIONS

1

 

You’ve heard about how important content marketing is. You’ve implemented several different marketing strategies by now but haven’t seen any significant results.

Now you’re starting to wonder, “What is the big deal about content, it doesn’t drive conversions at all!”

Don’t go there yet. Because content does drive conversions (and increase leads, and a whole lot of other valuable things) if you purpose it correctly.

Content is how you bring new leads to your site and attract an audience. After getting them to your site, good content helps you establish authority in your niche and set your business apart from others.

By building a consistent audience, you are increasing your potential for conversions and establishing a relationship with your customers.

And you must have an audience that trusts your brand if you hope to win conversions and get repeat customers.

You see, good content (along with a few other factors) is at the top of your sales funnel. It is the thing that allows you to attract and engage with new users.

There’s no denying that content is valuable.

So let’s look at three reasons your cybersecurity content isn’t driving conversions.

1. You Don’t Use Your Content to Solve Your Audience’s Problems

I would speculate that the reason your blog isn’t getting the attention it deserves is because it doesn’t cater to your audience’s needs.

As a cybersecurity company you may have content, but don’t use it to solve your audience’s problems. Instead, you talk about your services and products at every chance you get.

But as Zig Ziglar once said, “If you help enough people get what they want you eventually get what you want”.

Remember that people come to your site in hope to solve a problem they have. So stop writing about yourself.

2. You’re Lacking Call-To-Actions

The number one thing I tell clients about their content is that they lack call-to-actions (also known as CTAs).

This will be the death of your conversions.

Think about your landing page. Do you encourage people to take action? To schedule a consult or contact you?

How about in your blog posts?

4c479070c3a9c6cce9010981e3c818a3By the end of each post, you should have answered the question your potential customer had, established your business as knowledgeable, and set-up your readers to feel compelled to choose your company to solve their problem.

Like, “Of course I’ll hire this company, they answered my questions and are extremely knowledgeable!”… That type of thing.

So how do you do it?

By using a headline that gets people’s attention and lets readers know you’re about to answer their question, you have completed step one.

Of course, after that, you actually have to provide useful content. We can call that step two.

This means writing a mid-to-long length blog post that gives specific details and how-tos. When writing your content, be sure to avoid long paragraphs that are hard on the eyes.

You can have a good amount of content without it being daunting for people to read.

Break your content into sections to address specific points, use bullets whenever possible, and include graphics or visuals. This will help get your point across without being too wordy.

At the end of every blog, you should include a call-to-action button or section.

Something saying, “Click here to schedule your consultant today.” Or, “Click here to see how we can help your business!”

You should also include social media icons to encourage people to share your content (increasing your potential leads).

3. You’re Not Consistent

Customers need reliability before committing to a company. They need to see that you are invested in your business and are willing to put in the work.

It’s not enough to have a few stellar pieces of content.

You have to show customers that you are capable of more than just one good thought. That no matter what their issue is, you will have a fresh new idea to solve it.

If your blog only has a few posts on it scattered throughout a few months, you are not going to appear consistent to any potential customers.

You should have an editorial calendar which outlines what and when content is coming out, and it should be fairly often (at least once a week or so).

Consistent scheduling is crucial, especially if you have subscribers that are just sitting, waiting for your next piece to come out and wow them.
So don’t make them wait.

Because while they’re waiting for you, they might wander onto a competitors site and decide to work with them instead of you.

Consistency in tone and type of content is important as well. You should use the same language throughout your entire site.

So while you’re thinking about abandoning your content marketing efforts, pause for a second and consider if any of these reasons could be the cause of your lack-of-conversions.

Are you ready to take the plunge and start converting?

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

 

 

AVOIDING THE PICARD FACEPALM GIF: HOW TO EFFECTIVELY USE REDDIT FOR CYBERSECURITY MARKETING

 

 

tips for cybersecurity marketing on reddit

 

For many marketers, targeting Reddit is a no-brainer. It’s the 7th most popular website in the United States and gets a reported 10+ million unique visitors per month – a massive audience in rabid search of new content to consume.

“For cybersecurity marketing professionals, Reddit is a slam dunk marketing opportunity.” Click to Tweet

For cybersecurity marketing professionals, Reddit appears to be even more of a slam dunk marketing opportunity. The majority of Reddit users are men between the ages of 20 and 40, a demographic that matches cybersecurity professionals.

Furthermore, cybersecurity marketers have found that in a slow month, Reddit can provide 25% of social media traffic, with Reddit postings more likely to go viral than posts on any other social media platform.

Yet there’s a problem marketers face when it comes to Reddit, and it’s one that can take a lot of work to overcome. The problem is that if there’s one thing Redditors hate, it’s marketing.

So how can cybersecurity companies leverage Reddit for marketing purposes without getting busted? By following a few simple rules…and perhaps posting some cat GIFs.

Rule #1 of Reddit Cybersecurity Marketing: CREATE GOOD CONTENT

This should be the number one rule for all content marketing, but in case it isn’t already, it’s especially important when it comes to capitalizing on Reddit traffic.

Before choosing content to share on Reddit – or before creating content specifically for posting on Reddit – a marketer needs to ask him or herself if the content is either timely or timelessly interesting.

In cybersecurity, timely content may include articles about a recent IoT data breach or Mirai botnet-powered DDoS attack. Articles about recent security vulnerabilities, new essential patches or other interesting or necessary developments would also be considered timely.

Yet as much as Redditors are current events junkies who want to be informed of the latest news, they’re also interested in topics that are quirky and fascinating, regardless of relevance – the kind of topics that can be used as conversation starters.

For instance, how the first public hacking (and perhaps public pawning) occurred in 1903 when a magician disrupted a demonstration of a supposedly secure wireless telegraphy technology to transmit insulting messages in Morse code.

Timely articles that relate to a company’s services will provide an easier gateway to further pages of a company’s website. However, both timely and timelessly interesting content have the potential to go viral and can do great things for traffic.

“Timely and timelessly interesting content have the potential to go viral and can do great things for traffic.” – Click to Tweet

Rule #2 of Reddit Cybersecurity Marketing: CONSIDER KARMA

Reddit cybersecurity marketing karma coffee.jpgTo effectively reach Redditors, a marketer must be a Redditor to gain the community’s trust and respect. Given how easy it is to see the kind of value a Redditor brings to the community, there’s simply no way around it.

When a link is posted on Reddit, other Redditors can upvote or downvote that link based on what they think of it. That score – also referred to as post karma, is forever associated with the Redditor who posted the link.

The same goes for comments – they can be upvoted or downvoted, and the comment karma stays with the Redditor who posted the comment.

Altogether, this provides every user with a cumulative post karma and comment karma score that’s immediately visible when someone clicks on his or her profile. Also immediately visible is everything a user has ever posted – both comments and links.

In order to become a trusted and valued Redditor, cybersecurity professionals need to take the time to not only submit fresh content in the subreddit it is best suited for, but provide valuable information in various discussions and maybe even have a little fun (GIFs/jokes).

Transparent marketers will be identified as such by the Reddit community, and this reputation will be impossible to shake – one that inevitably gets associated with the company behind the marketing.

Related Article: It’s Time to Get Animated, The Secret World of GIF Marketing

Marketers also need to be careful to not repost links, either intentionally or unintentionally. This will, without fail, be called out by the community. Link posts should be limited to the one subreddit they are best suited for (more on that below), not posted to multiple subreddits in an attempt to gain more traffic.

Marketers should also take the extra few seconds to paste the link into the search bar and search the entire website for previous postings of that link.

Rule #3 of Reddit Cybersecurity Marketing: CHOOSE SUBREDDITS WISELY

There’s a tremendous amount of information and content available on and through Reddit – more than one can imagine – and it shouldn’t come as a surprise that computing and internet technology is a popular topic.

That means there’s subreddit after subreddit dedicated to cybersecurity, which results in a bevy of options for link posting.

In reality, however, not all subreddits are created equal. So while marketers will want to target a variety of subreddits in order to avoid being marked as a spammer or shill, it’s important to find subreddits that are:

1. Populated by subscribers
2. Have active discussions
3. Are welcoming of the type of content a marketer is looking to promote.

There’s just no point in marketing to an empty room.

Subreddits relevant to cybersecurity marketing professionals include:

r/AskNetsec r/bigdata r/blackhat r/CIO
r/computerforensics r/darknet r/hacking r/InfoSecNews
r/InternetIsBeautiful r/IOT r/jailbreak r/linux
r/Malware r/netsec r/privacy r/ReverseEngineering
r/rootkit r/security r/sysadmin r/technology

For your convenience, I created a multireddit that automatically follows all of these subreddits and more. Check it out!

However, the list goes on and on – all you need to do is start digging.

Rule #4 of Reddit Cybersecurity Marketing: GET THE MOST OUT OF THOSE WISELY CHOSEN SUBREDDITS

Whether or not a cybersecurity marketer is actively participating in all relevant and active subreddits, he or she should definitely be subscribed and regularly read them.

This not only provides great content curation opportunities, allowing marketers to increase a company’s standing (or their own) by reposting the top-voted Reddit content on other social media platforms, but also enables marketers to see the topics that are popular and write their own content on those topics for future use and success.

Related Article: Your Personal Guide to the Best Content Curation

Rule #5 of Reddit Cybersecurity Marketing: DON’T BE A REBEL!

Redditors take pride in the various communities they’ve built in the form of subreddits, and the way those subreddits function is thanks to the rules for link posting and discussions they’ve all established.

Every subreddit has its own set of rules which will be readily visible on the sidebar. Marketers must simply familiarize themselves with these rules prior to posting, or else they can count on consequences in the form of downvotes, bad karma, and a distaste for the company associated with the marketing efforts.

star trek animated GIF

SWEET FAILURE

Even if a marketer follows all rules to the letter, there’s a good chance that some posts may go down in spectacular flames with insults and downvotes being indiscriminately hurled. Getting toasted like that once in a while is all part of being a Redditor.

There’s really no need to become discouraged, since even a failed Reddit posting will garner more clicks and traffic than the average Facebook or Twitter post, so there’s essentially no such thing as wasted effort on Reddit.

Participating in discussions for a while and building up a buffer between link postings will help any slipups be forgotten by the community. But when in doubt, a clip of a cat playing Jenga is like currency in many subreddits.

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

 

CYBERSECURITY TRENDS MARKETING IN 2017

WHAT WILL CYBERSECURITY MARKETING LOOK LIKE IN 2017?

 

technology-1

Wars are no longer fought on the battlefield. Wars are now fought in cyberspace.

They are fought from behind computers, with keyboards as the weapons and sensitive information as the casualties. The dangers of hacking may have come into greater prominence after the United States presidential election, but the growing need for better cybersecurity has been growing even more apparent for years, with major organizations on the receiving end of attacks, including Yahoo! (now Altaba), Oracle, Sony, Anthem and JP Morgan Chase.

Continue Reading

  • 1
  • 2