Several solution providers and security vendors have told me of late that the biggest stumbling block in selling protection technology to SMBs is their perception that they have nothing to protect. Perhaps that’s true since the value of the information is in the eyes of the owner, and many don’t consider email to be necessarily “valuable.”
That’s not the case at the University of East Anglia, which suffered an email security breach that exposed a cache of correspondence between global warming scientists that discuss, among other things, how to counter skeptics. The messages, some say, contain evidence that proves a conspiracy exists to promote the notion that the mean global temperatures are rising and will result in catastrophic disasters if reformers are not enacted.
The New York Times reported the breach this morning, and goes into great detail about the global warming debate and conspiracy theories. Security practitioners will read between the lines that value of data is subjective. The correspondence owners really don’t understand the uproar over their leaked messages since science often use the word “trick” in reference to correcting anomalous data. Since they saw it as routine, they probably didn’t think it would be of value to anyone outside their circle.
Conspiracy theorists, on the other hand, see the emails as evidence that the world is being duped into believing catastrophe is upon us. Even those neutral in the debate say the email cache will become an extremely important part of the historical record. In other words, they see tremendous value in the data.
Whenever an SMB says they don’t have any data in need of protection, the real reason may be one of two things: they’re ignorant to the value of their data or they don’t have the money to secure their data. Explaining how others may find value in even routine data and how low-hanging fruit such as leaked emails could cause irrevocable harm to their business might just be the motivator for security investments.