Securing Small Businesses Digital Assets from Cyber Threats Must be a Global Initiative

Cyber Security Oct 29, 2015

Yesterday, I posted a serie of Tweets about some ideas how to help to Small Businesses Owners to protect their digital assets (Web site, accounting systems, Advanced On-Site WI-FI Protection and more), but many people asked me to become these ideas in a more detailed explanation about I’m particularly worried about SMEs, and the answer is simpler than you think: If you read some of the statistics that I shared in the State of Small Businesses in 2015 presentation, you should have seen the importance of Small Businesses in almost every economy around the world, so Why not to create platforms, ideas and initiatives to help them to succeed with a strong CyberSecurity strategy?

Ideas for North America

Like I said in a Tweet, this should be a problem to be tackled not just for CyberSecurity organizations, but every company selling services to SMEs around the world should evangelize to its customers to know the current state of Cyber Threats, and help them to identify quick and clever ways to protect their assets. For example: Salesforce.com is one of the best examples I want to highlight here, because they are in the front-line talking everyday with SMEs owners, so Why not create joint initiatives like Webinars and On-Site Seminars to help them to understand these real problems that could affect the generated revenue of their businesses? A good headline for this could be: “10 Security Tip to Protect Your Profits”. Every SME owner is worried about Money, so every action that they could do to protect it, they will listen carefully. A good vehicle to make this possible in United States could be to work in conjunction with the Small Business Administration to promote for free these concerns.

Other of the companies that could have a very good impact could be Square, because one of the major revenue generators for the company (based in the last numbers shared on its IPO Filing) is precisely the SMEs sector. They have a strong sense for Security, so they could transmit a lot of ideas to its customers what to do about CyberSecurity. One idea could be to write a whitepaper about how to seriously secure your business from card scams and more, but many SMEs are not very techy, so the best way to do this, is to make Seminars in their own businesses.

For example: Imagine a family restaurant owner worried about these issues, and they invite to other restaurant owners from their area to discuss about CyberSecurity, On-Site Wi-Fi Protection, HTTPS Usage enjoying a good barbecue with beers and wine. This could be called: “CyberBBQ”, which could be converted in a National movement to spread the word.

Did you know that Apple and Cisco made a partnership? Like I said in the post about this, this partnership has a more profound implication, and my thoughts about it was confirmed by the same Tim Cook in the past BoxWorks, where he said that Apple has generated $25 Billion of sales to businesses, and in the last Q3 results, you can see that iPad sales are not for a good road; so this partnership between Apple and Cisco could revamp iPad (and iPad Pro) sales to more businesses, SMEs included of course. But, a particular think I want to highlight here is the #SecurityEverywhere strategy by Cisco, where they are working very hard to spread the word about a powerful message:

To truly address today’s dynamic threat landscape, evolving business models, and considerable complexity, security must be embedded into the heart of the intelligent network infrastructure and across the extended network — from the data center out to the mobile endpoint and even onto the factory flor. This rings true, not just for enterprises or small and medium-sized businesses (SMBs) managing their own networks, but also service providers that must be able to protect their customers through the network infrastructure they use to deliver their services.

and I think they are totally right. But in the process, they have acquired leaders in the CyberSecurity space like OpenDNS for example, which have solutions specific for SMBs, so what about if they create joint Seminars with the Apple’s team focused in Small Businesses. They potentially could take a big chunk of the SMEs pie, and in the process could help to Small Business, not just in US, but everywhere with their Cloud-based Security Solution.

Europe

The same could happen with CloudFlare, which provide a simple but powerful way to protect a site from Cyber Threats. They are in a very good position to help many SMEs around the world with its distinctive mission:

“to build a better Internet and we offer the simplest way to a safer and faster website”

They have embraced it with strong roots, providing free tools to protect the sites using SSL everywhere, and recently they launched an initiative to enable DNSSEC in your site like a beta tester to provide even better tools for Web Security. Like they have an office in London, UK (Their HQs are in San Francisco), they could work with the Department for Business Innovation and Skills to build joint initiatives to promote good practices for Web sites protection and why they must do it right now.

The last idea that I shared, was a joint Webinar among Cisco Small Business Division, Cisco Security, Enno Rey (ERNW) and Antonios Atlasis about 10 Tips to make a Secure Website Transition to IPv6, highlighting the current state of IPv6, and how to make the change in a Secure way. Many of these topics are very new, even for many people in tech, but Enno and Antonios with their vast teaching experience could find a suitable way to explain: IPv6 Security for Mere Mortals, and the Cisco SMB and Cisco Security teams could provide the right platform to make this in a global scale, particularly in Europe, where SMEs have a strong presence around the region, according to the last data from the Small Business Act for Europe (SBA).

Just in Germany, the SMEs sector generated EUR 792 Billion (an estimate for 2013), which represents 54.4 percent of the value added to the German economy; so do you think that large companies are the unique organizations that should be aware of the current state of Cybercrime? I don’t think so. With the depletion of IPv4 addresses, it’s vital for SMEs websites to plan its transition to IPv6, why not to hear the good advices from Enno, Antonios and the Cisco’s teams about how to do it? This should be a key concern for every SME owner if he/she want to survive in the Digital Era.

South America

LATAM region is in a very interesting face about CyberSecurity awareness, and there is one vendor which is leading the way here: Check Point Software Technologies, which was declared like a clear leader providing UTM solutions for Small Businesses according to David Strom (@dstrom), from Network World, in an article called “Check Point, Watchguard earn top spots in UTM shootout”. Check Point has strong roots in Mexico, Chile, Guatemala, Ecuador, Brazil and Colombia, so they could use their position to help to more SMEs in these countries, making big bets and deep changes in the Go-To-Market strategy for the region, taking advantage of the fact they are declared like leaders in the SMBs Security sector.

For example, I would start with Startup Chile, where they are a lot of SMEs owners, entrepreneurs, and they could the spark that Check Point would need. Other thing that they could try is to create a similar experience to Square’s CyberBBQ, focused in national dishes from the region and create spaces to talk about Cyber Security problems, state of the art in CyberSecurity, and why Check Point is a leader in this space. For example:

  • “Relájate con una Chicha y déjale el trabajo duro a Check Point (Ecuador)”
  • “Fazer uma boa feijoada, servindo o seu negócio e se livrar de preocupações com Check Point (Brazil)”
  • “Toma una cerveza, prepara un buen ceviche y aleja la mala vibra de tu negocio con Check Point (Chile)”

Asia and Pacific

APAC region is very focused to provide the best possible help to SMEs to make them to embrace success. In the last 2015 Doing Business Report, Singapore (# 1), New Zealand (# 2), Hong Kong (# 3) and Australia (# 10) are in top positions in the Global Ranking; for its incredibly business-friendly environments. In the case of New Zealand for example, they have a very strong Government program to help to SMEs, coordinated by the Ministry of Business Innovation and Employment, so I was to start CyberSecurity awareness program to evangelize SMEs owners, I could start by talking to the organization to find ways to work together for this initiative.

In the case of Singapore, Ask Me Anything kind of events are very popular there, so, if I had a root in the country, like FireEye for example, who has a Branch office there, I could work with the crew of Tech In Asia, a very popular Technology blog of the region to make this kind of events, in coordination with the DP Information Group and its Singapore 1000 SMEs Project, IDA Singapore and the Singapore Business Federation. A very good topic to make a debate could be extracted precisely from a series of posts written by Greg Day called “Economics of Security” (Part I and Part II), and Bryce Boland, CTO for APAC region could take the lead here explaining everything behind the strategy. This region is preferred by Cybercrime organizations, and Small Businesses could be a juicy target, so you need to act right now.

Conclusions

I just want to let you three questions to you, SMEs owner:

  • Do you want to help to your family and to yourself? Take my advice and invest in a good Security solution, adapted to your needs. I let you a lot of choices here
  • Do you want to success in the Digital Era? Use HTTPS Everywhere and protect your users. (A little secret: Going full on HTTPS will help you to generate more traffic to your website from Google Search)
  • Do you want to success in the Digital Era? Migrate steadily to IPv6 with a strong commitment to Security. You have to Enno and Antonios to your services.

I want to finish the post with a short fragment of the speech by Ms Jaqueline Poh, Managing Director, IDA Singapore, at the Opening of FireEye’s Centre of Excellence:

Cyber security is a global concern. In recent years, cyber threats have been increasing in size, scale and sophistication. According to FireEye’s 2012 Advanced Threat Report, across industries, organisations on average are experiencing malware-related activities once every three minutes. Threat vectors are also evolving rapidly, creating increasingly complex cyber threats which can easily bypass traditional signature-based defences, such as firewalls, anti-virus, and gateways comprising the majority of enterprise networks. The widespread problems of malware aimed at disrupting individual users and, website defacement are giving way to more insidious Advanced Persistent Threats aimed at espionage, theft of data and the disruption of critical systems.For these reasons, the National Infocomm Security Committee put out a National Cyber Security Masterplan 2018 (NCSM) which aims to secure Singapore’s cyber environment and strengthen its resilience against cyber threats. The Masterplan involves harnessing the government, industry as well as individuals around three key areas.
The first is to enhance the security and resilience of critical infocomm infrastructure (CII). This includes a CII Protection Assessment Programme to identify vulnerabilities and gaps to help strengthen Singapore’s CII against complex cyber threats. The government is also strengthening its Cyber Watch Centre and Threat Assessment Centre to improve threat detection and analytical capabilities.
The second focus area of the Masterplan is to increase the adoption of appropriate cyber security measures among individuals and businesses. IDA together with other government agencies and industry partners will work to raise public awareness on cyber security issues through online platforms, road shows and current affairs programmes.
The third focus area is to grow Singapore’s expertise in cyber security. This is critical as there is a strong need to have a ready pool of cyber security experts to help manage the new cyber environment with increasing threats and issues. To ensure that there is a pipeline of cyber security professionals, IDA is stepping up its efforts to work with educational institutions to incorporate infocomm security courses and degree programmes into their curriculum.

This kind of initiatives must be replicated around the world, to provide suitable ways for Small Business to protect its Digital assets from Cyberthreats, so take the example of Singapore, and implement a similar strategy, because we need to act right now, before it was too late.

Marcos Ortiz Valmaseda

Editor at The Panda Way, where I help companies to earn more income through #investing. Cloud Data Engineer in the morning at Grupo Intercorp