Small and medium businesses have been facing increasing vulnerability to cyber attacks due to the lack of essential security features that are either not offered at all or are only available at higher service tiers, leading to a significant cybersecurity gap. Recent incidents, such as the compromise of 165 customers of data-services provider Snowflake and the failure of a non-profit organization to detect an attack due to the limitations of their Microsoft 365 license level, highlight the urgent need for more accessible security measures across all levels of service.
Kymberlee Price, the CEO and co-founder of Zatik, emphasizes the importance of software makers and service providers offering effective security features as a standard safety measure for every tier of service. She points out that the current pricing models that require extra charges for basic security measures ultimately lead to software liability issues, which could have severe consequences for businesses of all sizes.
Recognizing the critical need to secure small businesses that lack the resources for dedicated cybersecurity professionals, the US Cybersecurity and Infrastructure Security Agency (CISA) has pledged to assist these organizations in enhancing their security measures. Security compromises not only pose a threat to the business itself but also result in significant stress-related problems for small business owners.
Saeed Abbasi, a product manager of vulnerability research at Qualys, stresses the essential role that small and medium businesses play in the broader business ecosystem, as they often serve as crucial links in supply chains for larger companies. Strengthening cybersecurity in these smaller organizations is vital for protecting their assets and safeguarding the overall security of the business environment.
One of the key challenges highlighted by cybersecurity experts, including Kymberlee Price, is the distinction between security products and features that should be included in the base-tier services. While innovative security solutions may require additional costs, basic security features such as single sign-on capabilities and role-based access controls should be standard offerings across all service tiers.
Price advocates for security measures such as two-factor authentication, single sign-on integration, and audit trails to be included as default features in every application to enhance overall security. The recent updates by platforms like Snowflake and Microsoft to offer mandatory multi-factor authentication and cost-free logging features demonstrate a positive shift towards providing more accessible security options for all users.
Narayana Pappu, the CEO of Zendata, emphasizes the importance of providing easy-to-use basic security solutions for small and medium organizations that may lack dedicated IT specialists or cybersecurity experts. Driving security down to every user at the SMB level is crucial to minimizing security risks and ensuring the overall resilience of the business ecosystem.
In conclusion, the need for more inclusive and accessible cybersecurity measures across all service tiers is paramount to address the growing threat landscape facing small and medium businesses. By offering basic security features as standard offerings and bridging the cybersecurity gap between different organizations, businesses can enhance their overall resilience and mitigate the risks associated with cyber attacks.