Axios Event: Small businesses face increased cybersecurity threat landscape

SAN FRANCISCO – Cybersecurity threats are increasingly targeting a wider range of vulnerable entities that span across industries and vary in size, and some are much better positioned to respond than others.

Why it matters: Small and medium-sized companies who aren't able to dedicate funding and staff to focus on cybersecurity face a much more severe cyber threat landscape than larger businesses with more resources do.

• Axios cybersecurity reporter Sam Sabin and chief technology correspondent Ina Fried moderated this roundtable discussion event, which was sponsored by At-Bay.

What they're saying: "I think that these types of threats are now, it's asymmetric warfare, so it's not just targeting governments, it's not just targeting government institutions, and I don't think that we are necessarily super well-equipped to be able to respond to that in a meaningful way," said Alethea CEO and founder Lisa Kaplan.

• "I think that a lot of times what's happening is the adversary has gotten better at exploiting the fault lines that exist between private sector, government, [and] civil society," Kaplan continued.

Akamai chief security officer Boaz Gelbord said cybersecurity challenges for small and medium-sized companies are only getting worse because many of them don't have staff or resources to monitor and fend off threats.

• "I think one of the biggest challenging parts for SMBs is there's really a divide between kind of digital haves and have-nots," Gelbord said.
• "They don't have IT staff, they don't do this stuff," Cyber Readiness Institute managing director Karen Evans said.
• "At this point, I'm not worried about our 100, 200 largest members," National Retail Federation vice president of retail technology and cybersecurity Christian Beckner said.

Yes, but: R Street Institute director and senior fellow Brandon Pugh noted that there are many other steps organizations can take to secure their systems that don't require spending money if financial resources are scarce.

• Pugh said that spending money should "really be your last step."

• "You have so many steps you should and can be doing just from a policy, a training and awareness aspect before you get to spending money … so I think that's important," Pugh said.

What we're watching: International collaboration on cybersecurity and AI innovations hold promise as potential ways to reduce the power of malicious actors in cyberspace on a larger scale.

CISA assistant director for stakeholder engagement Alaina Clark said the agency is heavily focused on getting companies and organizations to embrace their "secure by design" narrative and have had success getting international stakeholders on board.

• "We are really trying on the secure by design to really push that narrative and change it." Clark said.
• Secure by design principles released by CISA in October had 17 international partners and organizations sign on.

AI can allow for increased ability to catch and resolve bugs relating to cyber threats, said GitHub deputy chief security officer Jacob DePriest. "I actually think AI, at least in the software development space, is going to potentially allow us to catch up faster than we've ever been able to," DePriest said.