As state government officials plead for more cybersecurity funding in the next federal stimulus package, experts said Wednesday there’s more that local officials can do to aid small businesses still searching for help in securing their financial systems and remote workers during the COVID-19 pandemic, and that coronavirus-related cyberthreats are only just beginning.
While COVID-19 has forced millions of small businesses to close physical locations, the rapid pace of coronavirus relief funding and the time it takes for businesses to launch online payment processes has protected them from a wave of cybersecurity exploitations, according to Josh Belk, the executive director of the Los Angeles Cyber Lab, a nonprofit organization that provides free cybersecurity assistance to the city’s small and medium-sized businesses.
“I think the reason we haven’t seen [a massive increase in exploits] yet is because the first stimulus package went through so fast and it got soaked up so quickly that there wasn’t a lot of time for bad guys to exploit,” Belk said. “[But] it’s gonna happen. You’re hearing it here.”
Belk told StateScoop that small businesses that have been forced to take operations completely offline have, so far, remained safer than medium-sized businesses that have had to digitize payment processes while keeping their remote workers secure. As more stimulus money flows into the economy, Belk said, scammers will have more time to devise targeted phishing emails to businesses that may have had time to set up online operations.
But to safeguard the hundreds of Los Angeles-based businesses that belong to the LA Cyber Lab, the organization has partnered with the City of Los Angeles and the Los Angeles Joint Regional Intelligence Center to vet and promote cybersecurity products being marketed to the private sector.
State and local agencies throughout California have also assisted each other in producing weekly five-page reports detailing global, national and California-based threats, Belk said. The reports detail the context and characteristics of particular threats while sharing basic cybersecurity tips like patching software and avoiding links from people outside trusted organizations. The lab’s partners include the California Cybersecurity Integration Center, which protects critical network infrastructure throughout the state.
“We’re trying to consolidate some of the synergy between different groups and saying ‘lets just push each other’s stuff,’” Belk said, “because we all don’t have time to recreate the wheel. If you’ve got something good and it’s a decent product, we’ll just push it out in cooperation.”
Kiersten Todt, the managing director of the Cyber Readiness Institute, also said gathering cybersecurity information in one place is the most helpful thing local governments and their partners could do. Beyond including money in the next stimulus package specifically for small-business cybersecurity, or, as Belk said, placing private-sector technology leaders alongside state governors to dispense basic cyber hygiene, business owners should be able to find all the cybersecurity information they need in one place.
“Government needs to identify an individual repository for small businesses,” Todt said. “Right now, if you’re a small business, you can find tools on the [National Institute of Standards and Technology] website, you can find tools on the [Small Business Administration] website and you can find tools on the [Cybersecurity and Infrastructure Security Agency] website. And that’s just the start. But there’s a need to really aggregate where small businesses can go to find those resources.”