New small business ISAO seeks to fill gap in support for fending off cyber attacks

The newly established Small and Mid-Sized Business Information Sharing and Analysis Organization is seeking to expand its membership to address what the group’s leaders see as a void in support for smaller companies to defend against cyber threats.

SMB ISAO Director Bonnie Moss spoke at an international info-sharing conference this week, describing the event as the group’s “coming out party” in touting the benefits of joining an ISAO. Her remarks underscored a long-standing concern within the business community that many small companies go out of business within the first year after a cyber incident.

Moss cited the “egregious cybersecurity attacks” that small and mid-size businesses suffer without the resources that large companies have to respond and recover from an attack as a key reason for creating the SMB ISAO.

The SMB ISAO currently has 15 “beta tester” members, Moss said on Oct. 31 at the International Information Sharing Conference in Washington, an event at which she hoped to attract new members.

“This has been so long in the making to get it right, and to make sure all the nuts and bolts and mechanisms came together and that we could put ourselves out there and say we’re here and this is great,” Moss told Inside Cybersecurity. “We want to network, find out what other people are doing, and then, of course, we want to share our story, and hopefully find retention and hopefully lead to new memberships.”

Moss spoke on a panel about info-sharing resources for businesses, which included officials from the FBI, Secret Service and the Small Business Administration.

SBA Deputy Director for Entrepreneurship Education Jack Bienko emphasized the importance for small businesses to understand the cyber threats they face. He cited an SBA survey that found 60 to 70 percent of small businesses do not think cybersecurity is a threat, yet 50 percent acknowledge that hacks have occurred.

Matt Chevraux, the assistant special agent in charge of the Secret Service’s Office of Investigation’s Cyber Strategy and Outreach Section, urged small and mid-size businesses to “join an ISAO,” saying these organizations are the best link to government information about cyber threats.

FBI Supervisory Special Agent Marcus Joachim touted info-sharing programs small and large businesses, including the Infragard online portal for providing real-time cyber-threat information from the government and the Domestic Security Alliance Council, which provides larger organizations direct access to the FBI. Joachim said these programs enable “trusted” members to have “open conversations” about ongoing and emerging threats.

The Oct. 31-Nov. 1 conference was sponsored by the ISAO Standards Organization, which develops guidelines for establishing and operating info-sharing groups. The ISAO SO was established in 2015 with support from the Department of Homeland Security.