Infosec pros must help small businesses and non-profits boost their cybersecurity maturity to help bolster the overall security of enterprises and critical infrastructure, Cisco System executives told attendees at this year’s RSA Conference in San Francisco.
“The weakest link in your supply chain can bring down the entirety of your ecosystem,” Jeetu Patel, Cisco’s executive vice-president of security and collaboration, warned at the start of the conference Monday.
“We need security resilience, just like we need business resilience, because there’s a massive ripple effect” from a successful cyber attack.
He noted that Wendy Nather, head of Cisco’s CISO advisory team, believes there is a ‘security poverty line’ — a baseline minimum security posture that every company should maintain. Organizations that don’t have enough resources to maintain that level fall below the poverty line.
But Cisco believes when a firm drops below that level, it not only endangers itself, it also endangers the organizations it partners with.
“We want to make sure when this happens you don’t ignore the smaller companies, the not-for-profit companies that are participating,” Patel said, “because 60 per cent of small businesses that have a cyber attack go out of business in six months.”
Shailaja Shankar, senior vice-president of Cisco’s security business group, noted the 2020 ransomware attack against Blackbaud, which sells IT solutions to non-profits and charities, impacted over 1,000 organizations around the world.
Non-profits are definitely critical infrastructure, she said, noting many help victims of violence, feed hungry people, and assist victims of natural disasters.
Other small organizations also qualify as critical infrastructure, she added, such as small municipal water utilities.
The U.S. Justice Department has charged a man with allegedly attempting to access a computer controlling the disinfectant levels of a water system, she added.
Small firms and non-profits suffer from a lack of sufficient IT budget, lack of personnel with cybersecurity expertise, outdated software and hardware, and lack of influence in negotiating terms with cybersecurity vendors and suppliers, Shankar said.
She urged conference attendees to think about how those deficits can lead to cybersecurity issues that could spread beyond the walls of those organizations.
In March, Cisco announced a US$15 million grant to NetHope, a global consortium of over 60 nonprofits, to support their digitally-enabled programs.
“We must stand together,” Shankar said. “This interconnected problem requires an interconnected approach to solving it. Shared risk calls for shared defences. As an industry we owe it to each other. I feel it is our civic duty to do this.”
“If we don’t address the least prepared in the world, the most prepared will suffer,” Patel said.
The post RSA Conference 2022: Infosec pros urged to help small firms, non-profits first appeared on IT World Canada.
In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.
Tech News Day picks the new, most relevant tech stories.
Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.
Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses.
We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.
Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).
We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.
We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.