In The News
“The global economy runs on SMBs, so their security is the most critical conversation one can have.”
Earlier this month, Philip Reitinger, GCA President & CEO joined “Red Queen Cybersecurity Office Hours” with Tarah Weehler, CEO of Red Queen Dynamics to discuss cybersecurity at scale and how to help the small and medium-sized businesses (SMBs) that bear the weight of the world’s economies. SMBs represent 90% of all companies worldwide, and are responsible for almost 70% of the workforce and GDP globally.
The recent episode of Red Queen’s Cybersecurity Office Hours with Philip Reitinger, President & CEO of the Global Cyber Alliance, dove into the complicated world of evaluating risk and how all businesses, no matter their size, are forced to battle on the same field when it comes to security and compliance.
The rise of ransomware has changed the way cyber attacks work; instead of only going after large enterprises, easy automation and attacks at scale on small businesses have changed the economics of the game and made everyone a target. Businesses are attacked every day, and the scale of those attacks are getting bigger in part because they can rely on information gathered in breaches and compilations of past breach data, like the ‘Mother of All Breaches’ in January 2024, when 26 billion passwords were leaked.
Basic cyber hygiene – like not reusing passwords, stronger authentication, and keeping systems updated – blocks about 86% of the initial attack vectors that ransomware uses against small businesses, according to joint analysis carried out by Tidal Cyber and GCA. Furthermore, implementing the basic cyber hygiene steps offered in the GCA’s toolkit addresses 72% of the most common ransomware techniques facing small businesses.”
The problem of the Internet: Scale
Reitinger said that the overarching security problem of the Internet is scale: we have so many people using so many devices, and they are all Internet connected. How do you manage that much risk?
GCA works with communities to provide bottom-up solutions that people and users can adopt to make themselves more secure, like our GCA Cybersecurity Toolkits that help small businesses and others easily do the basics to protect themselves. We also work with network infrastructure owners and operators to provide solutions that work at scale – things like protective DNS services, sharing and blocking malicious domains, and studying Internet traffic.
Even small changes from big operators are crucial in strengthening security and protecting sensitive data. For example, Google and Microsoft turning on multi-factor authentication by default and the HTTPS everywhere push in browsers were key to increasing security across the Internet. In these cases, users didn’t have to do anything.
Start small and build
Security problems are systemic, they are not one individual’s fault. But as Reitinger highlights, people sometimes just don’t know what to do or where to start. It’s a complicated landscape, and we have to help people make good choices for their own privacy and security, and for their businesses. He likened basic cybersecurity measures to driving a car: to drive safely, people are advised to do periodic maintenance (often outsourced to a professional), wear seat belts, and follow the rules. You don’t have to be an expert mechanic. Similarly, we can teach people the basic maintenance that’s needed on their computers and networks and what basic cybersecurity rules they should follow. Not everyone will be a cybersecurity expert, and that’s OK.
It’s important to meet small businesses where they are by providing simple, concrete actions they need to take to maintain compliance and lower their risk. Red Queen Dynamics has just implemented the GCA Cybersecurity Toolkit for Small Businesses for its customers. Implementing these basic practices, most of which can be done for free, will save any small business in the long run.
To learn more about their views and tips, watch the entire episode.
