5 Things Small Businesses Should Know from CSC Report

The Cyberspace Solarium Commission (CSC) was established in 2019 to provide a thoughtful and unified national plan for protecting the information and networks that enable American economic prosperity and national security against countries and criminals who wish to steal or do harm. The direct connection to Congress or the White House is obvious, but the work of the CSC also sends a message to small businesses that rely on networks and secure data for security or commerce: The cyber landscape is changing, and you have to be willing to change with it.

Reports like these can seem overwhelming to small companies that can’t afford to defend themselves against nation-state threats. For them, it can seem like a choice between closing up shop or simply ignoring cyber defense and hoping for the best.

We believe there are other options.

At Ardalyst, we have a passion for the work we do, working tirelessly to meet client needs and to make our industry smarter and more capable. By challenging common wisdom, sharing best practices and looking at problems differently, our team cuts through the seemingly endless doom and gloom to help educate public and private institutions on how best to thrive and succeed in this rapidly changing environment. 

Given the current environment, most folks are head-down trying to keep their people healthy and on track, but we believe now is exactly the right time to focus on the underlying message in this report and to consider what it means for individual businesses and their approach to safeguarding networks and information.

Using passages pulled from the commission’s March 2020 report, here are five things you should know as a business owner, corporate officer or senior IT professional:

1. The threat is varied and complex. “A broad array of threat actors are exploiting global connectivity to achieve their objectives. These objectives range from undermining American economic and military power to suppressing political rivals to stealing money and seeking illicit gain.”[1]

Not all companies need to defend themselves from complex nation-state threats. But all companies can benefit from making small investments in capabilities that defend against fraud and other crimes of opportunity. Understanding what types of threats are likely to target your business is key to understanding what defenses you need most.

2. The problem is getting worse. “The digital connectivity that has brought economic growth, technological dominance, and an improved quality of life to nearly every American has also created a strategic dilemma. The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure, and damage our economic and democratic institutions.”[2] 

Finding and mitigating those vulnerabilities in your systems doesn’t have to be an expensive or lengthy endeavor. There are multiple options (at multiple price points) for validating that your enterprise is sufficiently defended.

3. Attacks are costly. Businesses risk losing money, reputation and intellectual property.  Forty-three percent of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves, with incidents costing businesses of all sizes an average of $200,000 per incident.[3] The current COVID-19 crisis is the latest reminder that these criminals will exploit any weakness to gain a financial, technological, or medical advantage.

Making small investments in your organization’s cyber resiliency will strengthen your entire business. The best business operations platforms are increasingly building enhanced security into their software. In many cases, the first step is to simply migrate to the right technology.

4. Citizens, businesses and the government must layer their effort. “Since America relies on critical infrastructure that is primarily owned and operated by the private sector, the government cannot defend the nation alone. The public and private sectors, along with key international partners, must collaborate to build national resilience and reshape the cyber ecosystem in a manner that increases its security, while imposing costs against malicious actors and preventing attacks of significant consequence.”[4] 

While basic cyber exploitations present very little risk to the adversary, the basic cyber hygiene techniques that defend against them are also relatively simple for small businesses to achieve. You don’t have to pile on every possible protection all at once. Cyber maturity is a journey.

5. The time to act is now. “ Most of the critical infrastructure that drives the American economy, spurs technological innovation, and supports the U.S. military resides in the private sector. If the U.S. government cannot find a way to seamlessly collaborate with the private sector to build a resilient cyber ecosystem, the nation will never be secure.”[5]

There is growing pressure for the private sector to increase their cyber resilience, whether they work with the government or not. The good news is that it’s in the best interest of their business to do so. It’s not just about protecting national security – worthy a goal as it is. It’s also about protecting your own business and staying competitive. And it doesn’t have to be hard or expensive.

Way-ahead:

Find a partner with the expertise to examine your business operations, infrastructure and technology in tandem to help you prioritize your first and next steps. At Ardalyst, our primary goal is to help clients protect and expand their competitive edge to succeed in today’s digital world. We believe in a threat-based approach to cybersecurity and defense by aligning threats with traditional business operations.

We understand that cyber security is not a “one size fits all” prospect. Our unique blend of cyber acumen, military experience and business expertise postures Ardalyst to deliver nuanced solutions customized for the unique issues your organization might face. From the low end of the spectrum to the high end, our team is here to assist you in whatever you need in order to do your part in layered defense, meet compliance requirements, and transform your platforms. If you think our team can be of assistance, don’t hesitate to reach out.

References

[1] CSC Report The Challenge, pg 8

[2] CSC Report Executive Summary–An Urgent Call to Action, pg 1

[3] NBC News: Cyberattacks now cost companies $200,000 on average, putting many out of business, updated Mar 9, 2020

[4] CSC Report Strategic Approach–Layered: Layered Cyber Deterrence, pg 23

[5] CSC Report Executive Summary–The Way Forward, pg 7