When one thinks of an actual Cyber attack happening, the image of the IT Infrastructure of a Fortune 500 company being impacted very often comes to mind. While it is true that it these big corporations and businesses that most often make the news headlines (along with the restaurants and the retail stores like Home Depot and Target), really just about every organization is at risk for a Cyber attack. And yes, that includes individuals as well.
But, we often hear very little about the Small to Medium sized Businesses, also known as the “SMBs”. What exactly defines an SMB is very much a qualitative issue, but when what I am referring to in this instance are the Mom and Pop Shops. We hardly hear about them in the news, but they are also impacted on a daily basis by a Cyber attacks.
Although they may not have the prized possessions like the Fortune 500 companies do in the eyes of the Cyber attacker, they still possess confidential information and data in their databases. After all, they are businesses as well, and conduct financial transactions whether it is at a brick and mortar location or on an online store.
These kinds of businesses are very much on a shoe string budget, and when it comes to Security, this is probably the last thing on their mind, because they just don’t have the money to hire people or invest in new Security related technologies.
Well, all that is about to change now. Trump finally signed into law what is known as officially as the “NIST Small Business Cybersecurity Act”. It took well over 16 months to get this bill introduced and enforced into legislation. It was originally proposed as H.R. 2105 back in April 2017, and then it was subsequently absorbed into U.S. Federal Law S.770.
The primary objective of this Federal Law mandates that the director of the National Institute of Standards and Technology (also known as “NIST”), to provide a set of directives and a consistent set of resources to help SMBs identity, assess and reduce their cybersecurity risks. The United States Commerce Department is also involved with this key piece of legislation in order to provide the elements “ . . . that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships.” (SOURCE: https://www.scmagazine.com/president-signs-nist-small-business-cybersecurity-act-into-law/article/789147/).
Apparently, there were many sponsors for this bill which included the following:
*Sen. Brian Schatz, D-Hawaii;
*Sen. James Risch, R-Idaho;
*John Thune, R-S.D.;
*Maria Cantwell, D-Washington;
*Bill Nelson, D-Florida;
*Cory Gardner, R-Colorado;
*Catherine Cortez Masto, D-Nevada;
*Maggie Hassan, D-N.H.;
*Claire McCaskill, D-Missouri;
*Kirsten Gillibrand, D-New York.
If you want to see the exact details on this Federal Legislation, click on this link below:
My thoughts on this? Well, first I applaud Trump for doing something actually positive so far in his misled Presidency. Second, I also think that it is great the Federal Government is going to reach out to these Mom and Pop Stores and help them craft Security Policies and Frameworks which will hopefully thwart off Cyber attackers.
It is important to keep in mind that drafting Security Policies and Backup/Restoration plans can be a very time consuming process, and if a business can’t do this on their own, then outside help is often needed (in the way of consultants). This can be VERY COSTLY, especially for a Mom and Pop outfit.
But from what it sounds like in the Legislation, at least from how I interpreted, it appears that the Federal Government will actually offer mentoring services to these kinds of businesses when they create their Policies and Plans. In a way, this would be very similar as to how SCORE provides free business consultation to start up companies.
But, the next big question is MONEY. How will these Mom and Pops get financial help to hire people and invest in Security technologies? There is no mention of that what so ever in the Legislation. My hope is that perhaps soon down the road that this key question will be answered in the way of grants and other sources of Federal Government backed funding.
This quote best summarizes this law: “Small businesses are not immune to threats, and are often not equipped with the IT resources or personnel to protect their networks . . . The NIST Small Business Cybersecurity Act will provide small businesses the resources and a simplified cybersecurity framework so they can effectively protect their businesses from threats.” (SOURCE: https://www.scmagazine.com/president-signs-nist-small-business-cybersecurity-act-into-law/article/789147/).