The Cyber Readiness Institute convened two global dialogues with small-and medium-sized business (SMB) representatives to gain organic input about cybersecurity operation and management practices as well as insight into the cybersecurity challenges for SMBs. The objective of these global dialogues was to gain knowledge about SMB needs which will help guide the work of the Cyber Readiness Institute.

SMB representatives from 15 companies across the world gathered in two webinars to discuss their cybersecurity management practices but also their concerns and challenges when it comes to cybersecurity. Five core concerns were expressed by the SMB representatives. These concerns can be found here in our first post about the dialogues.

In addition to the concerns voiced by the SMB representatives, the participants also highlighted possible methods of addressing these concerns, including tools, resources, and solutions to ensure cyber readiness.

There was widespread concern about workforce training. As people are the weakest link in cybersecurity, there is demand for employee training not only at onboarding or a mandatory yearly refresher, but also ongoing training. One company suggested daily reminders about cybersecurity risks and policies. Another, a manufacturing company, said that they are trying to frame cybersecurity as a safety issue. In their factories, they speak about physical safety constantly because it is the only way to keep their employees out of harm’s way. They see cybersecurity as the same for the safety of the company.

There is a need for a clear message to workforce around the prioritization of cybersecurity. Company policy needs to be updated consistently and also clearly communicated to the workforce. The company policy should consider customer and global regulations while also being practical for the workforce. One participant emphasized the need to have a company-wide conversation around cybersecurity. They proposed shifting the culture around cybersecurity from one of fear to one of open communications and collective effort to ensure a more secure company.

Tools and resources for phishing, identity management, password management, and penetration testing do not currently exist in an inexpensive and time efficient form. Many SMBs would like to address issues like workforce email vulnerability but do not have access to inexpensive and largely automated penetration testing. There is a gap between the budget for resources and the cost of the tools that exist. As mentioned, SMBs do not have the budget for expensive solutions but that does not mean that they do not have the desire to improve their cybersecurity.

Another concept raised by a SMB representative and echoed by others was the idea of ongoing updates about new threats. This would not only be through open internal communication within a company about the threats faced but also an external network of threat communication. Whether it is an app where people report cybersecurity attacks or an email alert system, this would create an international community that could share threats and allow all of the members to be more cyber aware and secure.

These discussions convened a diverse group who yielded powerful insights about SMB cybersecurity across the world. Though these companies are based in different countries and operate in different industries, many had similar cybersecurity concerns and are seeking similar solutions. These global dialogues are one part of the larger Cyber Readiness Institute work plan to gather information about global cybersecurity and provide tools and resources for companies looking to improve cybersecurity.

If you have thoughts about tools and resources that would be helpful to your small- or medium-sized business, please email info@cyberreadinessinstitute.org.