On August 14, the NIST Small Business Cybersecurity Act was signed by the President into law. As small businesses are heavily targeted and more likely to be vulnerable to cyberattacks than larger enterprises, the commitment to assist the SMB market was more important than many realize.
For starters, small businesses are a major part of the United States economy, if not its backbone. They account for 99.9% of U.S. businesses and employ 47.5% of the American workforce. As of 2015, these organizations were responsible for nearly a third of the $1.3 trillion generated from U.S. exports. They are also the innovation leaders, representing 43% of high tech employment and producing 16 times more patents per employee than larger patent-generating firms.
While many small business owners underestimate the risk of a breach, the fact remains that the combination of valuable digital assets and less funded security programs than larger firms draws the attention of malicious actors. These bad actors bank on either going unnoticed or receiving ransoms from smaller organizations, knowing they’re less likely to withstand an attack and therefore more likely to pay. A recent Verizon report cited a staggering 61% of breach victims were small businesses.
The new NIST Act focuses on fundamental improvements, including much needed cybersecurity awareness to small businesses and the guidance to implement stronger practices without the large enterprise budgets. According to the U.S. Small Business Association, small employers often think they are secure because of their size and the misperception that they don’t have anything worth stealing. Yet their businesses collect and maintain employee and customer data, financial records, and intellectual property. Of equal concern is the level of connectivity that many of these organizations have into their customer environments. For example: in the last 5 years, two of the largest and more highly-publicized incidents were traced back to exploited systems in SMB/third-party vendors which were leveraged to compromise two of the largest retailers effecting over 70 million and 56 million customer accounts respectively.
Currently, lack of resources or dedicated cybersecurity personnel keep many small businesses from achieving the advanced security posture they desire. It is encouraging to see our government work together to push legislation through that lowers the barriers to success for the largest segment of the U.S. economy. Small businesses need the education and support, and our entire economy will benefit from the SMB market improving their security postures.
Cybersecurity consulting firms, like Alagen, also help smaller enterprises overcome small business cybersecurity obstacles to significantly improve security processes and posture. Please contact us today to discuss how we can partner with your business.