Capitalizing on the National Cybersecurity Awareness Month, the ISAO’s Standards Organization hosted the Inaugural International Information Sharing Conference in Washington DC. The goal was to push the information sharing ecosystem forward as trust is being built among its community members. The conference offered many great topics of discussion, including the future of cybersecurity legislation, and the creation of a much-needed ISAO certification program.
The SMB iSAO team was privileged to be in attendance, and honored to speak at this inaugural event. I sat on a panel along with a representative from the SBA, FBI and U.S. Secret Service, and what we were doing to address the unique needs and requirements of the small business community. The presentations were chocked full of great information and naturally, met with tough questions from the audience.
One asked, “Isn’t it unrealistic for small businesses to collect threat information from multiple sources? There needs to be a single source that can aggregate this information.” I loved this question because it addressed so many points: SMB owners might not have the sophistication (time and/or desire) to understand and disseminate threat intel, SMB owners might not know what sources to trust, and, how do we as an ISAO determine the intel hierarchy, and make it relevant to our members?
Just like turning to the Internet to find medical answers in lieu of paying for professional medical advice, many are trusting online advice to address their cybersecurity needs. Many would criticize for trusting Web M.D. for something as serious as one’s health, but cybersecurity hygiene deserves the same scrutiny. It could be the difference between a small business dying or surviving a breach. Although there are constant offers for free antivirus software or cheap firewalls, how would one possibly know who to trust? And for many SMB owners, cybersecurity is not their area of expertise.
This is why joining an ISAO is so critical. And especially the SMB iSAO who not only can aggregate this information for its members, but we can make it relatable for the SMB community. We certainly don’t expect our members to understand the lexicon from Infragard, ISSA, DHS, TruStar, Dunami, and i2, but our analysts understand it. Our infrastructure is tremendously robust in nature. We are always at the fingertips of the latest threat alerts, and we can share this critical intel with our members in a voice that speaks to them.
The SMB market is a tough place to do business. Owners must carry a healthy dose of intestinal fortitude to ignore scary statistics showing low survival rates for sole proprietors (according to SBA’s Office of Advocacy, five out of ten firms close up shop within five years). SMB owners repeatedly tackle the common cores that plague small businesses – money, systems and processes, poor accounting procedures and evolution. And now, cybersecurity is a major player when doing business. It’s not only a recognized line item in the operating budget, it’s the one element that can take down an SMB overnight.
We appreciate everything SMB owners sacrifice to bring their dreams to life. Cybersecurity shouldn’t be scary, it should be a welcomed issue that is incorporated into the owners and employees training. And understanding cyber threats will build their defense and increase their security. The SMB iSAO is privileged to share that intel – specifically, intel that matters to the SMB market – and be a trusted source for information sharing.