Article posted: Aug 23, 2018
By Joakim Thorén, CEO
While large enterprises across the US most certainly have sophisticated cybercrime fighting measures in place, the same is not true of many of the nation's small- and medium-sized businesses (SMBs).
That's why the NIST Small Business Cybersecurity Act, S. 770, previously referred to as the Main Street Cybersecurity Act, was signed into law by President Trump last week. S. 770 charges the National Institute of Standards and Technology (NIST), a division of the commerce department, with helping the nation's smaller businesses better prepare for and address the potential of cybercrime through better education. The Act specifically states NIST is to help SMBs "identify, assess, manage and reduce their cybersecurity risks."
The information resources NIST will provide will address the broad range of business sizes and types. The materials and resources will help educate companies on better awareness of potential threats to IT systems and how to improve their cybersecurity culture and will offer practical application advice. To ensure the information NIST provides is accessible to all SMBs, the Act further states that the resources be technology-neutral and will work with off-the-shelf technology.
Whether the SMBs partake of this new resource is entirely up to them. Use of these resources by small businesses is voluntary, which also could impact its effectiveness. Some in the security community have questioned how SMBs will learn about the materials and information available to them, particularly since many SMBs still believe their businesses are not targets of cybercrime.
Larger businesses are acutely attuned to the reputational damage and high costs associated with cybercrime, and that's why respondents in our annual cybersecurity poll earlier this year showed that among enterprises, nearly 60 percent of the respondents said they will spend up to 24 percent of their 2018 IT budgets on IT security, and another 18 percent said they would spend as much as 49 percent of their budgets on it.
Many of these solutions are applicable to the SMB community and we fully expect NIST will shed light on these technologies for the SMB community.
With businesses relying heavily on the Internet to reach their customers, "...they will continue to be vulnerable to cyberattacks," said Senator Brian Schatz of Hawaii, one of the authors of the bi-partisan act. "But while big businesses have the resources to protect themselves, small businesses do not, and that's exactly what makes them an easy target for hackers," he added. "This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks."
The goal for NIST is to proffer guidelines that are simple and affordable for SMBs, with valuable advice on implementing security best practices, corporate training and more to combat cyberattacks. With the focus on information targeted directly at SMBs, these important entities should have an easier time improving their cybersecurity protections without having to try to adapt to the security framework NIST had previously developed for larger enterprises.
SMBs looking for any help should give us a call. We're here to help.