Axios Event: Big Tech companies sign CISA pledge to improve security practices

SAN FRANCISCO – A cohort of the largest tech companies have pledged to implement and adhere to increased "secure-by-design" principles laid out by CISA as part of a new security pledge.

Why it matters: Private sector commitment and tech industry partnership is an important step to advance the federal government's cybersecurity strategy and combat increased threats posed by nation-state hackers and exploitative cyberattacks.

• Axios cybersecurity reporter Sam Sabin and business and technology reporter Kia Kokalitcheva led conversations with CISA executive director Brandon Wales and Ivanti chief product officer Srinivas Mukkamala at the event, which was sponsored by At-Bay.

What they're saying: "The pledge is a recognition that secure by design has kind of entered the ethos of these companies, and that it's no longer just the U.S. government asking them to build products that are secure by design," said Wales.

• "It is a recognition across the board that the vulnerabilities in our technology are enabling attackers to have their way with U.S. infrastructure, with small and medium-sized businesses, with local communities, and that we can't play whack-a-mole addressing 18,000 new vulnerabilities a year, one at a time, company by company, and that we need to deal with this more systemically," Wales continued.

Flashback: Ivanti has made headlines in recent months for security flaws in their products that potentially allowed for hacks of government agencies and led CISA to launch an investigation into the hacks.

• Mukkamala cited "remote access services" as the biggest cybersecurity challenges facing SMBs right now.

• "For SMBs, the problem is they don't have the sophistication to understand real threats, so we have to industrialize cybersecurity so that they don't have to worry about what a threat is," Mukkamala said.

Content from sponsored segment below:

In a View From the Top conversation, At-Bay co-founder and CEO Rotem Iram noted that SMBs often do not have strong cybersecurity defenses in place due to budgetary constraints or a lack of expertise on the threat landscape.

• "They're struggling to keep up with good security, but I think what is even more important is that we've created a Wild West where they are basically fending for themselves against organized criminal groups from all over the world, with really very little help from their government who's busy with bigger jobs, like fending off critical infrastructure from the Chinese government," Iram said.