Thursday, June 30, 2022

RSA Conference 2022: Infosec pros urged to help small firms, non-profits

Infosec pros must help small businesses and non-profits boost their cybersecurity maturity to help bolster the overall security of enterprises and critical infrastructure, Cisco System executives told attendees at this year’s RSA Conference in San Francisco.

“The weakest link in your supply chain can bring down the entirety of your ecosystem,” Jeetu Patel, Cisco’s executive vice-president of security and collaboration, warned at the start of the conference Monday.

“We need security resilience, just like we need business resilience, because there’s a massive ripple effect” from a successful cyber attack.

He noted that Wendy Nather, head of Cisco’s CISO advisory team, believes there is  a ‘security poverty line’ — a baseline minimum security posture that every company should maintain. Organizations that don’t have enough resources to maintain that level fall below the poverty line.

But Cisco believes when a firm drops below that level, it not only endangers itself, it also endangers the organizations it partners with.

“We want to make sure when this happens you don’t ignore the smaller companies, the not-for-profit companies that are participating,” Patel said, “because 60 per cent of small businesses that have a cyber attack go out of business in six months.”

Photo of Cisco Systems' Shailaja Shankar at RSA Conference 2022 San Francisco
Shailaja Shankar addresses RSA Conference 2022 San Francisco

Shailaja Shankar, senior vice-president of Cisco’s security business group, noted the 2020 ransomware attack against Blackbaud, which sells IT solutions to non-profits and charities, impacted over 1,000 organizations around the world.

Non-profits are definitely critical infrastructure, she said, noting many help victims of violence, feed hungry people, and assist victims of natural disasters.

Other small organizations also qualify as critical infrastructure, she added, such as small municipal water utilities.

The U.S. Justice Department has charged a man with allegedly attempting to access a computer controlling the disinfectant levels of a water system, she added.

Small firms and non-profits suffer from a lack of sufficient IT budget, lack of personnel with cybersecurity expertise, outdated software and hardware, and lack of influence in negotiating terms with cybersecurity vendors and suppliers, Shankar said.

She urged conference attendees to think about how those deficits can lead to cybersecurity issues that could spread beyond the walls of those organizations.

In March, Cisco announced a US$15 million grant to NetHope, a global consortium of over 60 nonprofits, to support their digitally-enabled programs.

“We must stand together,” Shankar said. “This interconnected problem requires an interconnected approach to solving it. Shared risk calls for shared defences. As an industry we owe it to each other. I feel it is our civic duty to do this.”

“If we don’t address the least prepared in the world, the most prepared will suffer,” Patel said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.