<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo


U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday, August 14, 2018. It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." This is a massive achievement, as many small businesses want to adopt it, they are having trouble doing so because of the complexity.

In an article in SecurityWeek, The resources that NIST will provide will be generally applicable to a wide range of small businesses and will vary with the nature and size of small businesses. They are supposed to promote cybersecurity awareness and workplace cybersecurity culture and will include practical application strategies for small organizations. The resources must be technology-neutral and as much as possible.

Strong Bi-Partisan Support

The bi-partisan act was authored by U.S. Senators Brian Schatz (D-Hawai'i) and James Risch (R-Idaho), co-sponsored by Senators John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.).

"As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyber attacks. But while big businesses have the resources to protect themselves, small businesses do not, and that's exactly what makes them an easy target for hackers," said Schatz, who is the lead Democrat on the Commerce Subcommittee on Communications Technology, Innovation, and the Internet. "This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks."

Well-Received In The Security Industry

"Small businesses account for 99.7% (SBA) of employers in the United States and as many as 50% (CNBC) of those have experienced a cyber attack. Not surprising when you consider that websites are attacked as many as 50 times per day on average" says Jessica Ortega, a member of the SiteLock research team.

"The NIST Small Business Cybersecurity Act aims to provide cyberdefense resources for small businesses by creating a set of guidelines for basic security measures that should be easy to follow and implement affordable", she says, "It also creates guidelines for making security best practices a required component of corporate training and workplace culture, something that is very needed as cyber threats continue to evolve."

Small businesses and many large organizations struggle to comply with the existing NIST Security Framework. Some are saying that this change aided by government sets the stage for greater compliance and readiness from smaller organizations, especially those who have thought that NIST compliance was too costly, complex, or time-consuming to achieve.

Still, small organizations can't afford extensive cybersecurity resources in-house, and many still believe they will not be a target for cybercriminals now or in the future. Small businesses are a direct target for business email compromise and ransomware attacks, especially those who are part of the supply chain for larger organizations. In fact, small businesses suffer more from successful attacks than larger companies. They are also able to recover much less.

The act only requires NIST to make resources, or guidelines, methodologies, and other information. Small businesses can still risk falling vulnerable if they don't have an easy way to track, measure, and manage the best practices of the NIST Cybersecurity Framework.

Larger organizations are starting to insist that smaller companies who sell to them or partner with them show adequate compliance with the NIST Cybersecurity Framework. The CyberStrong Platform enables rapid NIST implementation that is so easy, small businesses, supply chains, and less technical teams can manage it without wasting time and resources. Larger companies with massive supply chains also use CyberStrong in-house to scale up the NIST CSF, ISO, GDPR, DFARS, and many other frameworks that they need across locations, applications, and vendors.

You may also like

Informing Cyber Risk Management ...
on May 18, 2023

Cybersecurity is no longer just an IT issue but a business risk that can impact an organization's reputation, financial health, and legal compliance. Cybersecurity risks are ...

Is Your Organization Prepared for ...
on May 3, 2023

Data storage, as well as maintenance tools and applications, have undergone many iterations in the past decade, with the introduction of cloud computing and Security Information ...

Strategies for Automating a Cyber ...
on May 8, 2023

Cybersecurity leaders and teams are overburdened by several growing trends and issues. And when your cybersecurity team is overworked and unequipped to manage cyber risk ...

Selecting the Right Cyber Risk ...
on April 13, 2023

Cyber risk quantification is the process of determining the likelihood and potential impact of a cyber attack or security breach. The probability and impact will vary based on ...

Leveraging Cyber Security ...
on May 26, 2023

A common misunderstanding with cyber risk management is that only the CISO and security practitioners should be concerned about cyber and information security. Instead, the state ...

Tips and Tricks to Transform Your ...
on April 12, 2023

Simply being “cyber aware” is an unviable option for board members as the impact of cybersecurity expands beyond IT systems. An unnoticed security gap or dated risk assessment are ...