Arielle Waldman, Features Writer
Dark Reading Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.
Small to midsize (SMB) businesses suffer highly disruptive cyberattacks that can lead to expensive fallouts and force some doors to close permanently. However, the evolving trend of cybersecurity democratization aims to assist SMBs by providing more cost-effective security tools that don’t require a large or dedicated security team to deploy or maintain.
While democratizing cybersecurity is not a new concept, it’s becoming more critical as cyberattacks increase, vendors release an influx of security tools, and less technically savvy users require heightened security awareness. For example, attackers, particularly ransomware groups, target SMBs that struggle to recover from attacks due to a lack of resources or sufficient workforce.
Cybersecurity democratization means SMBs have access to products that previously were available only to enterprise customers, says Rik Turner, senior principal analyst for cybersecurity at Omdia. That provides several benefits, but one critical area he highlighted was how it could bolster software supply chain security.
“Such a development should represent a win, not only for the direct beneficiaries, i.e., the SMBs themselves, but also more widely, in that it would promote a generally safer business environment. Bear in mind how many SMBs are involved with large enterprises, either as providers of products or services in their supply chain or as their routes to market in the channel context,” Turker said. “Think about how much emphasis is now placed on software supply chain security, precisely because attackers often target the weakest link in that chain as their on-ramp to access the big companies that rely on it.”
Using AI to Develop Customized Security
Helping SMBs is one goal of Sola Security, a cybersecurity startup coming out of stealth with a $30 million seed round led by S Capital and venture capitalist Mike Moritz. The platform aims to democratize cybersecurity by using generative artificial intelligence (AI) to assist users of any technical level to develop customized security postures.
“The reality is that custom security solutions are essential across organizations,” says Sola Security co-founder Ron Peled. “The thing is, those who can afford it, like Fortune 500 organizations, can do it themselves. They have multiple tools and a bigger budget. The smaller organizations don’t have that luxury.”
Sola Security’s platform also looks to democratize cybersecurity by allowing security teams and companies to solve the problems they’re looking to tackle, he adds.
“One of things we’ve been trying to do is emphasize that security solutions aren’t a monopoly that must be in the hands of the product company,” Peled says.
A panel at RSA Conference in San Francisco this April will explore how democratizing cybersecurity could build a more secure and resilient digital ecosystem.
Level the Playing Field
While SMBs may benefit, the concept aims to expand security needs to fit all technical levels, from developers and security teams to end users. It helps spread responsibility across organizations of all sizes. Previously, technology, access, and IT services have been democratized, but infosec experts agree that security should follow the same framework.
Security needs to serve everyone, no matter the level of technical knowledge, age, or mission, says Wendy Nather, senior research initiatives director at 1Password.
“We can no longer afford to treat security as the province of employers, governments, and other authorities,” she says.
Businesses rely on security controls to mitigate risks associated with access, authentication, patch management, and backups. That can pose a myriad of challenges, but one that’s significantly difficult to address is human error. Even when organizations put in a strict policy and centralized controls, there’s potential that social engineering or misuse by an end user may result in a cyber incident and ultimately a breach, says Tony Anscombe, chief security evangelist at ESET.
“Democratizing security is an acceptance that not everything can be secured by controls alone,” Anscombe says. “The most common example is cybersecurity awareness training, which is often a requirement placed on organizations by cyber-risk insurance.”
An AI-Powered Security Landscape
Over the past year, vendors have increasingly integrated AI capabilities into new product releases. The rapid adoption of AI-powered tools is likely to present new challenges for organizations of all sizes. One prediction is that interactions between systems and users could become more collaborative, Anscombe says. For example, end users may be the ones responding to security alerts to avoid the need to involve security teams.
“One of the challenges here, though, is the engagement and cyber savviness of users,” Anscombe says. “It may be that democratization has levels, where some users are more trusted than others based on the user’s ability.”
Resources:
