RSAC 2024

We Asked 4 Top Cybersecurity Leaders How SMBs Can Improve Their Cyber Resilience And This Is What They Said

At RSAC 2024, Expert Insights met with security experts and executives from leading cybersecurity companies to find out how SMBs can improve their cyber resilience. Here’s what we found out.

Last updated on May 10, 2024
Written by Craig MacAlpine
Caitlin Jones Technical review by Caitlin Jones
The 2024 RSAC Conference at the Moscone Center in San Fransisco

As this year’s RSA Conference in San Francisco draws to a close, we’re reflecting on some of the biggest topics present on the expo floor this year—and in particular, how small and medium-sized businesses can secure themselves against some of the biggest cyberthreats that organizations are currently facing.

With little-to-no in-house resource to dedicate to cybersecurity, SMBs are often considered “low hanging fruit” for threat actors; while the reward may not be as great as were the attacker to compromise a large enterprise, the low-stakes and low-effort nature of an attack against a small business makes it worth their while. Because of this, small businesses are just as at risk of compromise as larger enterprises, and it’s critical that they implement security measures to protect themselves against prevalent threats such as spear phishing and malware.

But—with limited budget, resource, and in-house talent—how can they do that?

At this year’s show, the Expert Insights team met with CEOs, senior executives, and cybersecurity experts representing leading cybersecurity companies across the world. We asked four of these experts: “How can SMBs improve their cyber resilience?”

In this article, we’ll tell you the answers we received, and what we learned from them.

Answers have been edited for clarity. You can see more of our RSAC 2024 coverage here.

Cloudflare

We asked Larry Wiggins, VP of Security Technology & Operations at Cloudflare, how DDoS attacks are affecting small businesses. Here’s what he said:

“DDoS attacks used to be targeted largely at government, large businesses, and enterprises. But, because of the proximity to the supply chain, it’s just as easy to knock a big business and a major player offline by attacking their supply chain.

“Those small- and medium-sized businesses often don’t have the key security capabilities to protect themselves from a DDoS attack. So now they’re being attacked as a way to leverage up to the larger scale enterprises.”

Dashlane

We asked John Bennett, CEO at Dashlane, if moving to passwordless authentication should be a priority that SMBs double down on. Here’s what he said:

“If we look at how interconnected our global economies are today, so many small and medium businesses are part of a supply chain. And the acceleration of the velocity and pace of attacks is not just focused on enterprise and mid-enterprise, but it’s focused on SMBs, as well.

“If you look at SMBs, a lot of the customers that we work with don’t have SSO deployed. They have this very broad attack surface. And with this acceleration in terms of generative AI making it much easier to do social engineering, there are billions of compromised credentials on the dark web. SMBs now are at more risk than they ever were, because it’s becoming so much easier for malicious actors to go for them, and the ROI is very high for them.

“How do you remove the human element from that, if they don’t have to have a password to get into access the application they’re using? A big start to that is using a credential security vault like Dashlane, so you can then remove that element of risk, and bring that SSO experience to non-SSO applications.”

Huntress

We asked Seth Geftic, Vice President of Product Marketing at Huntress, whether SMBs are more at risk of falling victim to a cyberattack than larger enterprises. Here’s what he said:

“[SMBs] experience the same threats as a larger organization—maybe less specifically targeted towards them, but they fall victim to crimes of convenience because they’re ‘low hanging fruit’ for attackers.

“But when you walk the showroom floor here, most vendors here […] don’t care about SMBs or the MSPs that serve them—they’re really an afterthought.

“But when you look at the mission of cybersecurity—if you’re in it for that mission—the people who are the most underserved, under-protected, and under-resourced are our target market. So, we built our business to service them, both from a technology and a human standpoint, and make sure that they can stay protected, so they can just focus on what they do.”

Geftic also gave us his #1 piece of advice for SMBs struggling to protect themselves against cyberthreats:

“Get help! If you’re trying to do it on your own, it’s a losing battle,” says Geftic. “There is no way as an SMB you could build up the defenses internally to match the attackers’ side. And there’s no way you can compete in terms of hiring, training, and retaining a staff compared to a large, well-funded security organization; even if you found that unicorn and you got someone you could afford and you could train and keep them, once they prove their value for you, they’re going to get poached by a large organization.

“So, you need to work with outsourced vendors like MDR providers who can do that work for you. Don’t try and do it alone.”

Veeam

We asked Kirsten Stoner, Technologist on the Product Strategy team at Veeam, what features SMBs should look for in a cloud-based backup solution. Here’s what she said:

“It’s very important that the product is easy to use and it’s reliable. A lot of times, SMBs may only have one or two people in their IT department managing all of all their backups, maybe managing their help desk, and doing all these different things. So, it’s really important that the product is usable.

“It also needs to be flexible as well so that, as your business grows, you can backup that data. The [Veeam] Data Cloud allows you to do that by being able to leverage object storage, which is scalable, durable, and reliable.

“And it needs to be reliable; you want to make sure that you can recover that data when you need to.”

Looking For More RSA Coverage?

You can see more of Expert Insights’ coverage at RSA here: RSAC 2024

About Expert Insights

Expert Insights is a B2B research and review platform for IT solutions and services. We help over one million IT managers, CISOs, small business owners, and other professionals discover the best IT and cybersecurity solutions.

Craig MacAlpine
LinkedIn Email

CEO and Founder

Craig MacAlpine is CEO and founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA cloud, an email security provider acquired by Ziff Davies, formerly J2Global (NASQAQ: ZD) in 2013, which has now been rebranded as VIPRE Email Security. Craig has extensive experience in the email security industry, with 20+ years of experience helping organizations to stay secure with innovative information security and cyber security solutions.
Caitlin Jones Caitlin Jones
LinkedIn Email

Deputy Head Of Content

Caitlin Jones is Deputy Head of Content at Expert Insights. Caitlin is an experienced writer and journalist, with years of experience producing award-winning technical training materials and journalistic content. Caitlin holds a First Class BA in English Literature and German, and provides our content team with strategic editorial guidance as well as carrying out detailed research to create articles that are accurate, engaging and relevant. Caitlin co-hosts the Expert Insights Podcast, where she interviews world-leading B2B tech experts.