BBN has ranked number two in the B2B Marketing top 10 international B2B marcomms agencies league table
LONDON, 18 February 2019 – For the first time, BBN has ranked number two in the B2B Marketing top 10 international B2B Marcomms Agencies League Table.
This is a significant milestone for BBN and its partners, who, by inclusion in this year’s report have been recognised as major players in the global B2B marketing industry.
In the 14th edition of B2B Agencies Benchmarking Report, B2B Marketing reveals the definitive rankings of the UK’s top 95 B2B marcomms agencies, as well as the sector’s top global agencies, its fastest-growing agencies and leading PR agencies.
With more than 1,000 B2B specialists across 29 countries, BBN secured $135 million of global billings last year. This supported the agency’s inclusion in this year’s report which is based on gross income.
“It’s great to see BBN come in at number two internationally. They say size matters and whilst it is important to our clients to know we have the international reach to support their businesses, what is even more important is the depth of our experience in virtually every industry sector, underpinned by the strategic, creative and technical expertise to deliver results.”
Shares BBN’s Chairman Clif Collier.
Matt Orlando, CEO at BBN Canada, stated:
“This is a tremendous achievement for BBN. Our growth over the past two years has been incredible and our position in the B2B league table is yet another feather in our collective cap. Our unified agency has been providing top class strategy, creative and communications to companies and organisations around the globe, helping them achieve and exceed their growth objectives. This milestone is a testament to their faith and belief in BBN and our world-leading methodologies.”
“As B2B brands go across borders and around the world, there’s a need for an agency with a seamless global capability, and our position in B2B Marketing’s International league table recognises this fact,” said BBN London’s Managing Director, Richard Parsons. “We’ve built a global business on the back of a very simple idea—that business brands should put the human first. And human ideas need to be globally relevant. That’s what guides everything we create at BBN and allows us to connect global brands to global audiences.”
Karen Powell from BBN Australia shared:
“We are very proud to be the marcomms partner of global and regional businesses in every corner of the world to support brave marketers.”
To learn more about BBN partners around the world, check out our 43 office locations
GetIT Comms expands to Kuala Lumpur, bringing regional marketing expertise to Malaysian technology companies and telcos.
Singapore, 8 February 2019 – BBN’s partner in Singapore, GetIT Comms, has opened a new office in Kuala Lumpur, bringing its go-to-market solutions including content marketing, demand generation, lead nurturing and account-based marketing to serve technology and telecom businesses in Malaysia.
Established in 1998, GetIT Comms is headquartered in Singapore. The agency became a BBN partner in 2014 and in 2015, commenced operations in Bangalore, India.
“We have been serving technology industry leaders and telcos for over 19 years in the Asia-Pacific region, and have been serving our clients in Malaysia since 2016. Over the years, we have developed best practices to deliver ROI-based marketing campaigns to our clients, and we see the growing demand for this expertise in Malaysia. In addition, the similar cultural and business contexts also make KL and Malaysia a good fit for us,” says Anol Bhattacharya, Group CEO & Director.
Leading the charge in Kuala Lumpur is Iriani Kamaluddin as Country Manager.
Iriani has over 16 years of marketing experience in the Telecommunications, Big Data Analytics, E-Commerce and Publishing industries. She has held local, global and regional positions in Ericsson and Maxis and was the former Marketing Director at SAS in Malaysia.
“With the acceleration of competition for Enterprise customers, technology companies are looking for sales and marketing solutions that can deliver better ROI and better quality leads faster. By employing B2B technology marketing best practices that have been tried and tested in other markets, our clients in Malaysia now have access to this expertise delivered by a team with local market experience,” Iriani adds.
“Our team of technology editors and performance marketers understand technology and that is something our clients appreciate as it speeds up the content creation process and enables us to design better campaign strategies.”
“Following our expansion into Japan last year, this growth from our partner in Singapore, brings a timely increase to BBN’s global footprint and enhances our capabilities and reach in the Asia Pacific region.”
To learn more about BBN partners around the world, check out our 43 office locations
Brexit is front page news – and all the media coverage has made me wonder: what impact might it have on European B2B marketers? I considered the evidence, made some guesses – and came up with seven possible consequences for European marketers doing business in the UK.
Of course, Brexit is likely to have heavy consequences for B2B companies across the board. Many of our clients have significant revenues from the UK, so a hard Brexit or, for that matter, any further distance from the EU, is likely to do some damage. But for this challenge, I wanted to focus on only the direct effects on the marketing department.
Warning: No formal research has been conducted – this is pure speculation which, in the field of market research, is often just as good!
Seven Brexit predictions
So without further ado, here are my hypotheses:
It will be even more important in the UK to ensure marketing materials use correct English (British only?) grammar, spelling and turns of phrase. Anything that looks like Eurospeak may fall completely out of favour. Note how we spell favour – with the British ‘u’.
GDPR (or GDPR-like stipulations) will still be important when marketing to the UK. GDPR is a regulation under EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. In the UK, it is expected that similar legislation will be in place following Brexit.
For those involved in corporate social responsibility (CSR) reporting, paying special attention to British legislation in the area will become more important. Complying with the UK Modern Slavery Act 2015 in your CSR report is a good example.
Marketers may need to tone down the European origins of their products in marketing materials and messages – particularly if there’s a significant backlash against EU-originating items. Already now, our maritime energy clients emphasize local content in their communications, though that’s mainly the result of a pre-Brexit push for job and infrastructure creation in the UK.
British salespeople and telemarketing callers could be preferred to a greater degree than those with a continental background. We already know that consumers tend to prefer dealing with sales and customer service workers who they perceive as sharing their own culture – but will this also apply to B2B customers?
B2B marketers will need to understand the needs and preferences of UK customers in greater depth. In short, apply best practice content marketing:
Discover where they get their information and who they are influenced by
Get them moving through your content marketing funnel and learn even more with every interaction.
7. Be ready to invest more to get the same results! If the UK economy shrinks as a result of Brexit, as some experts are suggesting, expect UK marketers to come out fighting for market share.
Across the Brexit divide
When marketing to British companies, British B2B marketers have probably always had the upper-hand. But in a post-Brexit world, it’s possible that the difficulties of doing cross-border business will see a growing number of product and service categories sourced locally. Cross-border complications could extend this lead and make it much tougher for non-UK marketers to get their messages through.
Of course, not all British people want to exit the EU. But thinking they will rebel by favoring Euro-style marketing efforts over British-based ones is most likely a foolish notion.
Time will tell if I’m on the money with these predictions – or if there are even more impacts on European B2B marketers to add to the list.
Instagram is on the rise. Facebook is losing ground (and trust). Long-form content – 2000 words or more – gets more engagement than shorter posts. Images are good, video is better (those using it grow revenue 49% faster year-over-year than those who don’t). Live streaming and webinars are increasingly popular. Personalization works. Generic blasts don’t. And promotion is more important than creation.
Maybe you know this, maybe you don’t. Often with success and familiarity comes complacency. Are you still pushing the boundaries and looking for ways to get better at content marketing?
You should be. It’s been around for a while now, and it’s not going anywhere. Content is here to stay.
Try these 5 tips to improve your efforts for 2019.
1. Ask the Right Questions
Too many marketers are making content for content’s sake. It’s not entirely their fault. After all, content is king.
Why do you need content (what are your goals for each piece and campaign)?
What value are you offering in exchange (if your content doesn’t have at least perceived value, don’t bother)?
What’s your anchor?
What type of experience do you want to deliver?
You need to have a concrete and specific answer for each one. Asking and keeping your answers in mind while strategizing will help you deliver a better, more consistent overall content experience.
2. Deliver the Right Content at the Right Time
Too many people treat content marketing as a catch-all, tossing blog posts, videos, or whatever else out there in a misguided “if you build it, they will come” approach. But successful marketing is about getting the right message to the right person at the right time.
To do that, you need to customize content for each stage in your funnel or customer journey.
A pillar page is a central topic. It’s a big, broad subject with a lot of moving parts – like content marketing, for example.
The cluster topics surround it. To continue with our example, cluster topics might be guest blogging, live streams, , analytics, and so forth. Each piece is connected to the pillar via hyperlinks, making it easy for users to find everything they need to know (to say nothing of letting the search engines get a better idea of what your content is trying to provide).
If you’re not using pillars and clusters yet, add it to your plan immediately.
The takeaway? Blogging and sharing on social media alone will not make you stand out, spread awareness, or generate traffic to your site or landing pages. You’ve got to mix it up.
Launch a podcast or video series. Get active on Instagram. Create infographics. Share how-tos, listicles, expert roundups, why pieces, think pieces, profiles, interviews, Q&As, behind-the-scenes, surveys, and more.
Humans are complex, but we’re also remarkably similar. If you understand even a little about human behaviour, you can give yourself an edge.
Take the Fogg Behavior Model, for example. It states that motivation, ability, and trigger must occur at the same time for someone to take action. Miss just one – or even not enough of one – and your content won’t convert.
Explore Cialdini’s six principles of persuasion. A little social proof – the number of subscribers, famous clients, social media engagement – can make us more likely to take the requested action (canned laughter on a sitcom is an example of this at work — we laugh because others laughed).
Persuade better, convert better.
Content marketing has survived because of lower associated costs and higher performance than more traditional tactics. But that’s not to say it hasn’t evolved over the years, or that it won’t continue to change going forward.
Video, AI, and Instagram are on the rise. Tomorrow may bring completely new formats, channels, and tactics. Are you ready?
TOKYO, 15 January 2019—BBN, the world’s leading independent organisation of international B2B communication agencies, is pleased to announce it has been selected by Yokogawa to develop and execute a demand generation marketing campaign in the Asia Pacific (APac) and North America regions.
The initial engagement will see three BBN partners, ImpactM of Japan (lead agency), GetIT Comms of Singapore and Fifth Ring (UK and US), combining forces to manage the initial phases of the campaign.
“We are very pleased to have been selected by Yokogawa to work with them on this campaign from Japan to the rest of the world,” said Kennosuke Saito, General Manager, BBN Japan, ImpactM. “Yokogawa is a well-known global company and we feel BBN’s approach to managing their campaign is a great fit.”
While financial details of the deal are not being released, BBN is working with Yokogawa to develop the demand generation campaign strategy, development of creative, targeting tactics and supporting media buy.
“The key benefit for us to work with an organisation such as BBN is they can provide a B2B marketing team with a flexible, global structure that is seamlessly disseminated to the regional or local level,” said Osamu Setoguchi, General Manager, Integrated Communications Center at Yokogawa. “Through our partnership with BBN, we have an opportunity to reimagine how we manage global marketing communications projects with a team that is truly collaborative and passionate about marketing.”
BBN is an agency-owned organisation and every agency-partner is an equity shareholder—all sharing the same genuine passion for B2B. For nearly three decades, agencies across the globe have worked together to develop and utilise a highly-effective, uniform and structured approach to brand strategy, marketing and creativity.
“We are very pleased to see this opportunity come together for our partners in the APac region,” said Annette Fernandes-Poyser, Executive Director, BBN. “While regional economic growth is expected to slow slightly in the coming years, APac is still expected to maintain a robust growth rate compared to other regions in the world, that is why BBN APac’s regional partners collaborate to help international clients and partners better understand Asia. In doing so, companies can more effectively market their products and services in and out of the countries that make up the region.
To learn more about BBN partners around the world, visit locations
Founded in 1915, Yokogawa engages in broad-ranging activities in the areas of measurement, control, and information. The industrial automation business provides vital products, services, and solutions to a diverse range of process industries including oil, chemicals, natural gas, power, iron and steel, and pulp and paper. With the life innovation business, the company aims to radically improve productivity across the pharmaceutical and food industry value chains. The test & measurement, aviation, and other businesses continue to provide essential instruments and equipment with industry-leading precision and reliability. Yokogawa co-innovates with its customers through a global network of 113 companies spanning 61 countries, generating US$3.8 billion in sales in FY2017. For more information, please visit www.yokogawa.com.
The names of corporations, organizations, products, services, and logos herein are either registered trademarks or trademarks of Yokogawa Electric Corporation or their respective holders.
As well as all the obvious questions you should be asking when assessing potential B2B agency candidates, here is a list of questions that you should definitely consider asking if your business has an international marketing strategy. Getting clarity and common understanding on these will certainly help in the decision process and will also strengthen the relationship going forward.
As specialists in B2B, what methodologies do you employ to manage the whole process from strategic planning through to demonstrating ROI? How are they documented?
Looking specifically at brand strategy development can you demonstrate how you delivered the outputs and what level of success was achieved?
To deliver effective campaigns in specialist industries requires a wide breadth and depth of skills, how are you able to provide in-depth insights and bespoke solutions to specific client requirements?
Your credentials state that you employ xxxx number of people, how many of those work solely on B2B accounts, and is the split the same across all your offices?
Where a campaign is being run out across different geographies and requires on the ground implementation, how do you ensure the consistency and cohesiveness?
The world of marketing communications, particularly martech moves at an ever-increasing pace, how do you ensure your people keep abreast of new developments and technologies?
With a wide range of marketing and sales technology options available, how are you able to support legacy platforms?
A positive dynamic between marketing and sales is essential for success, what is your understanding of the role of both and in particular the interfaces with the sales process.
To ensure efficient account management what platforms do you employ to ensure seamless communication between us and you and diverse locations wherever work is being commissioned?
Technology should be used as an enabler, but not a replacement for human interaction, describe how you develop client relationships and a deep understanding of their business?
In our earlier article on ‘The New Model Agency’, we mentioned a higher than average flexibility enabled by a more collaborative agency model. However, why and when do you need more flexibility in your marketing and how does this affect the bottom line? In this article, we explore four areas where increased levels of flexibility can significantly improve the outcome.
The Expertise & Service Matrix Model
To deliver effective campaigns in specialist B2B industries requires a full breadth and depth of skills. Quite often B2B businesses will look for an agency who has experience and a successful track record in their particular specialist industry. This decision makes a lot of sense when you consider that the learning curve would be considerably longer and more involved with an agency of no, or little, experience. It would be challenging and unreasonable for a business to expect one agency to have in-depth insights across all sectors. Therefore, an alternative mechanism for their agency to access insights and experts into industries outside their normal spectrum of expertise could offer a more flexible alternative to meet requirements.
The same goes for marketing services. There has been a tendency towards agencies becoming more specialised in their service offering, so if a business needs brand management work, but their agency specialises in digital marketing, then they would then need to invest a considerable amount of time and effort seeking out a branding agency to meet their current need.
Therefore, an expertise and service matrix model that allows businesses the flexibility to maintain their current agency relationship but have access to proven experience and skills from elsewhere becomes very attractive. Clients working with BBN who have benefitted from such a model have reported this as a far more efficient way to meet their varied requirements.
Global to local
Businesses need consistency and cohesiveness when rolling out a campaign across different geographies that requires on the ground implementation. Unless you employ a global agency with offices in each of your sales markets, this can be challenging. In our article ‘Global. Local. Yeah’ we explore how having International reach with localised relevance in your B2B marketing is so important. We’re pleased to tell you there is a flexible and cost-effective alternative if your local agency is not able to support your international marketing strategy.
The world of marketing communications, particularly martech moves at an ever-increasing pace, so it’s tough to ensure your people keep abreast of new developments and technologies. One option is to employ an agency who does this on your behalf, so you spend less time and investment trying to keep up. We mentioned in our previous article ‘The New Model Agency’ that many agencies have elected to invest heavily in technical talent to offer the tech support their clients need, however with so many different platforms available it would be difficult to find an agency who had experts and knowledge on all of them. However, if an agency has collaborative relationships with other tech-savvy agencies, then the variety of platforms they can support suddenly becomes wider. With this in mind, the client can expect a far more flexible, agnostic and objective approach to martech solutions.
Rules of engagement that foster innovation
As we explored in a previous issue of Buzz magazine, a purely transactional relationship, between client and agency, limits the agency’s mission to non-critical tasks and is characterised by a low level of interdependence and engagement, which is ultimately unsatisfactory for both parties. Successful collaboration between a business and its agency enables innovation to emerge, itself a source of increased benefits for both. Industrial and commercial success is increasingly based on co-innovation and co-development between customers and their partners. To maintain efficient account management and seamless communication between client and agency (especially when multiple locations are involved) requires a tried and tested process that sets out specific ‘rules of engagement’ that cover responsibilities, expectations, financial transparency and consistent communications. Without such a model, organisations like BBN could not function effectively. However, the model BBN employs also allows for flexibility to adapt freely to the client’s way of working.
If you need a ‘flexible friend’
Then look for an agency who is open and experienced in collaborative partnerships, it will be far more effective than other alternatives.
There are numerous routes companies can take to develop or improve their learning culture: external consultants and expertise providers; hiring a talent manager; creating a DIY program in-house; subscribing to digital learning platforms or some combination of all the preceding. All come with the cost/time v proof conundrum.
One viable option is to find and join an organisation that has already done the heavy lifting and tap into their resources. In the marketing communications industry, with a little research, you should be able to identify one or more that fit your requirements. They may not tick all the boxes, but being seen to put L&D firmly on the agenda alone will have a positive effect on your people. The more specialist your requirement, the harder that search will be, but the payback concerning the transformation to your business will be significant and for a relatively low per capita investment.
Learning and sharing knowledge has been at the heart of BBN since its inception 30 years ago and is woven into the fabric of the organisation at every level. Over the years we have developed bespoke B2B processes and intellectual property which we have made readily available to partners and their people through BBN Academies, regular webinars, inter-agency coaching, our employee exchange program and now in a digital form in the Hive, our central management and communication hub.
The Academy, which started over ten years ago, has grown from a one-day event to a week of concentrated training. Our two-day Masterclasses, delivered by industry leading experts, have changed the way many partners approach their whole service offering and structure their business, and the delegates consistently acknowledge our Academy as being inspirational and a “once in a lifetime” experience.
Today, the IP and knowledge base of BBN and the ability to easily access it is one of our greatest differentiators. It both bonds us together as ‘one entity’ and is a significant factor in the retention of existing partners and the recruitment of new ones.
But. The learning and development landscape is rapidly changing, and we recognise we need to better understand what our people are looking for, what motivates them to learn, and what is required to attract and retain the best talent.
We want and need to stay ahead of the game. So to that end, BBN is currently evaluating the benefits of embarking upon an even more ambitious talent development program – ‘creating the next generation of B2B’.
Start by critically analysing where you are on the learning curve. As with all journeys, the first step is the most important. Unfortunately, procrastination will result in a loss of competitive advantage.
Read the full white-paperand download a short self-assessment questionnaire which may help you evaluate where you currently stand and the level and need for action.
If you want to know more about learning opportunities with BBN, then please contact us.
Is your agency delivering real value to your organisation?
For a client to ensure that their agency can consistently deliver value to their business, marketing executives need to be honest and transparent about what they expect from the outset. Based on these expectations and needs, a decision can be made as to whether the agency’s current model can help them achieve their marketing objectives or not. If not, then the client needs to consider its options, which could include searching for agencies who offer a new model approach with higher levels of flexibility and collaboration.
There has been a significant shift in the number of partnerships, acquisitions and collaborations taking place in the B2B marketing agency business. Smaller, more niche agencies are recognising the need to be part of a larger group or organisation to meet the diverse and expanding demands from their clients. We’ve noticed that our partners’ collaborations are increasingly less about the location and more about leveraging expertise and skills from within the BBN partner group to meet increasing client demands.
Many agencies are heavily investing in tech-driven talent to offer their clients the tech support they need, therefore fostering longer-lasting partnerships. While these agencies provide a well-rounded martech proposition, they tend to be software agnostic, ensuring that their clients get a tailored solution to meet their needs.
As marketing becomes more innovative, targeted and technology-driven, it is inevitable the skills needed to execute these activities will need to come from more than one agency; This will, therefore, demand greater collaboration or projects and campaigns could become fragmented and inconsistent. Many clients have said they have a desire to work with a lead agency that can work with other specialists and optimise relationships with them. Very much like our partners already do under the BBN ‘Rules of Engagement’ model.
Another changing trend in the B2B agency community is the blurring of boundaries between PR and marcomms agencies. These new hybrid forms of agency are very successful at offering clients the best of both worlds, and BBN is living proof of this.
Ensuring sales and marketing integration is ultimately good for the customer
Historically, marketing has been solely responsible for brand, and sales for the customer.
Nothing can kill a deal as fast as what feels to the customer like a bad handoff. As such, the relationship marketing has with sales is the most important one in B2B business.
Marketers today know this. Transformative marketers live and breathe this. They attend sales meetings with customers. They share office (and coffee shop) space as often as possible. They treat sales as their primary customer. One particular agency has created a marketing outsource model that puts marketing support right inside a business, allowing for even closer sales and marketing interactions.
Real sales and marketing successes are evident when teams collaborate on processes. By jointly scoping the customer journey and identifying metrics that indicate when a customer is ready to move in the conversation, sales can give marketing new insight into the customer. An insight that helps marketers create relevant content that in turn helps sales most effectively follow up on leads.
However, now that customers have placed themselves squarely in the driver’s seat of brand perception and the sales process, marketing and sales need to recalibrate their relationship… with the customer at the centre.
An agency who can support both marketing & sales teams within a business can help produce collaborative content projects that map to a specific sales metric perhaps in a previously untapped but customer relevant channel.
An agency who understands the importance and sensitivities between sales and marketing will help demonstrate the return on marketing investment and successful collaborations through lead generation that can be traced back to the content, but also use content tools and analytics that can help facilitate each stage of the sales conversation.
Telemarketing – an extended agency offering to support sales further
Once an agency has created the strategy, developed persona’s and buyers’ journeys, designed creative multichannel campaigns and marketing automation and then analysed the data, what happens next?
Sales Teams are often too busy spending time developing their customers and don’t always have the time to uncover new opportunities or follow up new leads. ‘How interested is someone?’, ‘Is there currently a need for the product or service?’, ‘Do they need more information?’, are all questions businesses need to know. Therefore, having an agency who can offer support to turn marketing qualified leads (MQL) into sales qualified leads (SQL) by engaging prospects to explore levels of interest, awareness and position in the buyer journey, leaves more time for your sales team to develop and nurture existing customers.
Telemarketing can be one of the most effective ways to engage customers, prospects and new business opportunities. The best telemarketing agents understand that building the right relationships is key to making connections. Agencies offering this service successfully, hire highly experienced agents from a variety of different industries, who speak multiple languages and can provide call hours across numerous time zones to support global campaigns and can even set appointments.
As part of a group like BBN, partners can use a service matrix model with strict rules of engagement to utilise contact centre services in South America, Europe and the Asia Pacific, thereby creating smoother transitions from marketing to sales for their clients which ultimately benefits their customers.
The fact is there aren’t that many alternative agency models out there to choose from, most likely because the model most agencies follow has worked exceptionally well until now. ‘New Model Agencies’ like those referenced and independent groups like BBN, have recognised the model needs to change alongside the change in clients’ demands and expectations. We are seeing more of our partners pitching and winning against other large traditional-model agencies and multinationals, simply because they meet the broader range of needs and requirements that clients demand today. We believe the ‘New Model Agency’, is the next generation of B2B marketing.
This is an article from BBN’s Buzz Magazine on B2B marketing without borders.
The world of information security is, arguably, the fastest evolving sector of the IT industry.
It is no exaggeration to state that new exploits are written every day, and the InfoSec community responds to these threats with no less rapidity. As the field continues to evolve, we can rarely go a few short months without a game-changing exploit dropping, or sensitive, personal information being stolen by malicious agents.
We live in a world where information security is paramount.
We also live in a world of specialization. Gone are the days where companies handle everything ‘in-house’, a methodology that has given way to the current “third-party vendor” landscape we see in today’s B2B world. A company is no longer stranded, alone at sea. Instead, the company finds itself part of a vast fleet, surrounded by ships, each tailored to a specific set of problems.
It is this landscape that has caused an increased interest in information security as a third-party. Trustwave Global Security Report 2018 cited a 9.5% increase in “third-party vendor”-based risk between 2016 and 2017. Hackers are looking for the weak link, and upon finding the first link in the chain strong, they begin to work their way down the line.
As such, third-parties are required to meet, if not exceed, the information security requirements of their client.
FREEDOM VS SECURITY
One current issue with the world of information security is the vast misinformation that surrounds the subject. A great number of sources suggest that the flow regarding securing information systems follows a traditional (and in my opinion, outdated) work-model. In this model, the CEO makes the decisions regarding the security policy and attempts to enforce them. Anyone who has ever been locked behind a school or library’s firewall will be familiar with how distrustful (and frankly; ineffective) this approach can be.
It forces us to think about whether it’s better to sacrifice some measures of freedom for security. Benjamin Franklin suggested that “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” But then again, Benjamin Franklin never had his Facebook account hacked.
Whilst this ‘prison’ scenario does fill me with some mirth when thinking of our CEO, Timo, manning a watchtower, casting a careful eye over the ‘factory floor’ to ensure no one disobeys, this is simply an unrealistic vision of the workplace.
FINNISH BUSINESS LANDSCAPE
A staggering 98.8% of Finnish companies are considered ‘small-to-medium enterprises’, falling within the 1–50 employee range. This close-knit environment works on an atmosphere of trust.
This leads us into a precarious position, whereby we maintain trust relationships with our clients as well as giving employees the freedom to operate to their maximum potential. InfoSec professionals in Finnish companies perform an odd balancing act.
No blanket measures can be enforced. Not only do blanket measures stifle, if not outright destroy the trust environment required within a modern, Finnish company, they simply do not work.
Security measures cannot counteract social-engineering, nor the addition of vulnerable mobile devices to wireless networks (at least without seriously impeding workflow). Additionally, The Need for a New IT Security Architecture: Global Study, sponsored by Citrix, demonstrates that people from different age groups are vulnerable to different varieties of attack. As such, any overarching measure to prevent the issues with one group would negatively impact another.
We cannot, however, ignore that 68% of security incidents are caused by user error, with an average of 50% caused by simple negligence.
The responsibility for information security is incumbent on every member of an organization.
STEPS TO TAKE
The first step in strengthening the human element against security threats is training. When the responsibility falls on every single person, it becomes paramount that these people know and, more importantly, follow information security guidelines.
As security threats are in constant flux, our guidelines must also change along with them. Ten years ago, an 8 character alphanumeric password would cut it. Today, thanks to modern techniques and more computing power, 12 characters could be considered a bare minimum. Moore’s Law also suggests that, in another 10 years, we may well be looking at 16 or 24 character passwords at a minimum.
2. A Secured Toolkit
The most common breach, as well as one of the most dangerous when we talk about the human effect on information security, comes not out of malice but familiarity. The use of tools with known security flaws and defects.
Many IT security professionals will have heard the same. “But I’ve used <program> for years.” Familiarity may cause people to use older, insecure versions of programs for the sake of convenience.
The single most important aspect of information security when dealing with the human element is an open conversation. A flowing dialogue back and forth. Within security, an open nature is a virtue despite how this might seem like a contradiction.
We can explain with an example from a cornerstone of security, the VPN.
VPNs are virtual private networks that allow computers scattered across physical space to all connect to the same network. Two common VPN protocols are SSTP and OpenVPN. SSTP is a proprietary Microsoft protocol while OpenVPN is open source.
SSTP’s code has never been released to the public, and as such, no independent review of its security can be performed. By contrast, OpenVPN can be confirmed secure by the creators of the protocol, as well as the Open Source Community who have sifted through every line of code.
The open dialogue is so important. The closed, restricted approach creates an adversarial workspace. An atmosphere of ‘Us vs Them’, with Us being the IT security staff and Them being everyone who feels constricted by untrusting regulations.
4. The Environment of Security
The third-party environment is often seen as a wheel and spoke architecture, and from a single point-of-view, this is technically correct.
However, when looking at the picture from a higher level, we can see an interlinking of networks and services. Outlook for email; Amazon Web Services as a hosting supplier; Oracle and Salesforce to supply our Marketing Automation platforms.
Any company, even a third-party, requires the interlinking security provided when each and every link in the chain lives up to the same security standards.
While information security is incumbent on every member of an organization, so too is the responsibility for reporting breaches. Once an employee is taught the rules, it is on them to ensure they follow them, and to report any breaches they may notice. As before, it’s an environment of trust, and trust flows both ways.
This, by no means, suggests that the job of information security is over with training. Not only does the InfoSec professional have to act as the interface for the open conversation we discussed before, but they also must monitor the networks, servers, and even the usage of IT devices.
As the Russians say: Доверяй, но проверяй. Trust, but verify.