Cyber to the people! The democratization of security

How can mid-market companies start the revolution of the democratization of the cyber security industry?

One size does not fit all

Taking a closer look at cybersecurity, it’s easy to see that something very wrong is going on when most companies prospect only the big fish - the large enterprises with immense security budgets, resources and teams.  This of course, has direct impact on the price, and complexity of the products.

And indeed, companies like Checkpoint and Cisco happily provide large enterprises with all the tools they need to defend themselves against cyber threats. These companies have strong cybersecurity teams, large budgets, and the willingness to work with multiple products that need integration and orchestration Sadly, this is not a case of one size fits all, in fact, this is a case of only one available size in store, and one that is too big to fit most companies.

Building a security structure for a new company

You’d think that smaller organizations are not targets of cyber attackers, and therefore, do not need to worry about security. Nothing could be further from the truth. In 2017, we saw a 68% increase in cyberattacks against the mid-market as attackers are shifting towards the more vulnerable, less protected victims. The attack surface of the midmarket has grown dramatically in the last five years with the adoption of BYOD and Cloud, work-from-anywhere mentality. If 5-6 years ago it was enough to put a strong firewall around your servers, and some anti malware on the company devices, in today’s world employees use their own devices, connecting to networks at coffee shops, to access sensitive information stored on Salesforce servers.

Mid-size companies and the security divide

In this cyber landscape it seems like only two, black-and-white options exist. On one hand there are smaller companies who are forced to purchase security systems built to fit huge enterprises, which in some ways, decreases their resilience as unlike a Fortune 500, they do not have the expertise or staff to manage these systems effectively. On the other hand, there are companies who decided that they just make the investment and are left vulnerable to cyber-attacks.

And here lies the great security divide. The large companies have budgets, teams, cyber insurance, and fantastic law firms that protect them against an attack, or the consequences of a successful breach. They are courted by the security industry, quoted in all the newspapers, and recover when really bad things happen very quickly.

The rest of us? Not so much. A small business hit by a cyberattack might not recover from it, financially and reputationally, leading to it closing its doors forever.

The cloud changed the rules

While the cloud platforms made applications and services that were only available to large corporations easily available to much smaller companies, the same did not happen for cyber security. CRM, collaboration, HR management, document management – all became accessible and simple to use, and now power the growth of smaller companies. So why has security stayed behind?

Cyber to the people!

It’s time we democratize cybersecurity.   Most of the resources and benefits can no longer go to and be used by the strong and powerful, with no regard to the smaller citizen and their needs.

It happened with almost any other industry before throughout history. For example, if you look at the banking industry you can see the perfect case when comparing credit cards and payments 15 years ago to today’s PayPal world of easy and fast payments. You can also see the same motion in mortgage payments and process, which until lately used be with a labyrinth of paperwork, and today looks totally different with Quicken Loans

So why should Cyber security be any different? The technology is already here, we just need to use it better.

How can mid-market companies start the revolution of the democratization of the cyber security industry?

If we really want to make cyber security truly accessible for any size company, we first need to establish the following:

  • The power of the many is more than just a slogan. Companies can benefit from each other’s greater knowledge using platforms based on shared information. Some cyber security companies have already developed protection modes based on shared information from their clients and users. For example, one can track malware and hackers lurking around a Wi-Fi connection based on the knowledge of another visitor to the same Wi-Fi network in the past, using the same service as you. Relying on the collective intelligence is the greatest underused tool for easier protection from cyber-threats.
  • The power of AI. The technology is here. We all know it. but do we really use it? The fact that a platform is automatic does not make it the best possible solution. Basic artificial intelligence today can learn about an attack after it happened and develop an automatic response for the next time it occurs. But AI can be much more productive if instead it would have had the ability to identify an attack before it happens and use autonomous abilities so that it can adjust accordingly and mitigate threats without human intervention. This will create an all-new market full of platform that can save precious time and resources, making cyber-security much more accessible. Of course, sharing information will make AI even stronger, and lower its costs, leading to more security being available to more companies. You trust Google assistant – trust Cyber AI.
  • We need to seek solutions that require no hardware. The days of the boxes the large vendors sell to protect assets are over. Our assets are in the cloud, and our cybersecurity needs to be there too. Cloud based cyber solutions are not only much more economical to buy – they are simpler to maintain and mange by a few orders of magnitude.

We are witnessing a tectonic shift in where the dangers are, and how we protect ourselves against them. The risks are shifting downstream to the rest of us – not just the giants. We need to embrace things we are instinctively uncomfortable with: Sharing information about vulnerabilities and attacks, embracing AI, and accepting not owning hardware…

We, the people, deserve security – and in this writer’s humble opinion, this is the only way we will get it.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.