One of the fastest growing segments of the cybersecurity protection market is also one of the most mysterious. The dark web is that shady realm that few understand, including small and mid-size business owners, yet those who ignore the part it plays in breaches and ransomware attacks are more vulnerable to those attacks.

MSPs often struggle with similar concerns. The first step is identifying their role in dark web monitoring and how it will help meet their clients’ protection needs. Building the business plan comes next, from developing the right dark web vendor relationships to creating a sales and marketing strategy. Like any new practice, it takes a little time, but in the case of the dark web, it will require a lot of education.

That’s where companies like ID Agent come in. The company’s fully-branded dark web monitoring service helps MSPs strengthen their cybersecurity practices and support their clients’ growing data protection needs. We recently sat down with Matt Solomon, Vice President of Business Development for ID Agent to discuss the channel issues and opportunities surrounding the dark web:

 

Brian Sherman:
One of the things we hear from providers is that their small business customers think dark web monitoring is just for enterprise companies. Many SMBs feel immune from the larger cybersecurity threats. How can MSPs convey the need for these types of advanced cybersecurity services to their clients and prospects?

Matt Solomon:  
Small businesses are getting hacked. Even churches are being affected. MSPs are at this inflection point, and many are struggling with how to sell security services. ID Agent can help them in that area. It’s not easy to talk to small business owners about breaches that haven’t taken place because their attitude is it’s not going to happen to them.  

Brian Sherman: 
Businesses are still in reactive mode. What can MSPs do to change that attitude with their customers?

Matt Solomon:
Most small business owners’ attitude is they’ll tackle security when it becomes a real issue for them. With the report data ID Agent provides, MSPs can walk into a meeting and show them evidence of a security incident that’s already happened and suggest steps to remedy the situation. Those struggling to sell two-factor authentication, password management, and security training can provide them their actual credentials, emails, and passwords from the dark web. It paints the picture of why they need to do two-factor…because this data is already out there.

Brian Sherman: 
How much should MSPs be sharing about the dark web? Is there a danger in giving their clients too much information?

Matt Solomon:
They should never go deep or they’re going to lose the audience. Give them a high-level overview: it’s the un-indexed area of the internet that’s not accessible through Google and other search engines. The reality is, the dark web is a business. This is the underbelly of the surface web where hackers are posting data for sale or extortion, such as they did with the Ashley Madison breach.
MSPs should help their customers understand that their employees and their credentials are where breaches start, and that’s the type of data being posted on the dark web.

Brian Sherman:
Should MSPs research the dark web for information on their prospects before the first sales call?

Matt Solomon: 
Yes, but they should never give up the data until they’re in the actual face-to-face meeting. If you send them the credentials and other info ahead of time, they’re not going to appreciate what it is and its importance. You need to tell them the value of that information from a security standpoint.
For example, our prospecting tool allows MSPs to put in the domain for any organization and pull up 100 of that company’s most recent emails and passwords that have been exposed. Credentials located on the dark web are some of the most powerful components of your security sales discussion. You can tell prospects or those stopping by your booth at a conference, “we ran a scan of your company’s domain and there are ‘X number’ credentials posted on the dark web. Can we show that to you later in a meeting?”

Brian Sherman: 
Use the dark web as a hook to get the first meeting?

Matt Solomon:
Yes, we use the same approach with our partners because it catches everyone’s attention. In a recent webinar, I put up a screenshot of the number of credentials of every MSP in the event and told them to reach out to me afterward to set up a call to review the actual information. Within 10 minutes of ending the webinar, there were 17 emails in my inbox from attendees.
That’s the level of engagement you get with a dark web discussion. These credentials are not just numbers, but personal information. You have the audience’s attention and it’s an incredible door opener.

Brian Sherman: 
How can dark web monitoring expose the weakest link in the security chain, the people who fail to follow prescribed best practices?

Matt Solomon:
In addition to domain monitoring, we can search for an individual’s personal email information. If employees and managers are exposed, their company might be exposed as well. For example, when you show a CEO that their personal email credentials are available on the dark web, it makes the threat more real. I even had one ask as if his wife’s information was on there as well. That gets the decision makers hooked and ready to discuss contracts.

Brian Sherman:
So, the epiphany is finding out they were personally exposed?

Matt Solomon: 
Yes. I hear so many MSPs telling their different stories of success using the dark web data as a prospecting tool. One partner had been trying to get an appointment with a 500-employee company for six months and, after using our data, had a signed contract within a week. Another spent two years trying to land a college and used dark web information to set up a 45-minute call with the CIO. They met on Tuesday, and by Wednesday they made an upfront payment on an annual contract.

Brian Sherman: 
Is dark web monitoring a profitable opportunity for MSPs?

Matt Solomon:
Three customers paying a minimum monthly fee for the service will cover the costs. Our most successful partners are telling their clients that dark web monitoring is so important to the protection of their business that they are making it a mandatory service. If they don’t want it, MSPs may ask them to sign an opt-out form.
One of our Australian partners sent that type of message out to his entire client base and within one week had 90% of his clients paying for the service. So much more is being asked of MSPs that they need these proactive services in place. Those with that attitude have been really successful.

Learn more about dark web monitoring services and partnering opportunities with ID Agent here