<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo


U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday, August 14, 2018. It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." This is a massive achievement, as many small businesses want to adopt it, they are having trouble doing so because of the complexity.

In an article in SecurityWeek, The resources that NIST will provide will be generally applicable to a wide range of small businesses and will vary with the nature and size of small businesses. They are supposed to promote cybersecurity awareness and workplace cybersecurity culture and will include practical application strategies for small organizations. The resources must be technology-neutral and as much as possible.

Strong Bi-Partisan Support

The bi-partisan act was authored by U.S. Senators Brian Schatz (D-Hawai'i) and James Risch (R-Idaho), co-sponsored by Senators John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.).

"As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyber attacks. But while big businesses have the resources to protect themselves, small businesses do not, and that's exactly what makes them an easy target for hackers," said Schatz, who is the lead Democrat on the Commerce Subcommittee on Communications Technology, Innovation, and the Internet. "This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks."

Well-Received In The Security Industry

"Small businesses account for 99.7% (SBA) of employers in the United States and as many as 50% (CNBC) of those have experienced a cyber attack. Not surprising when you consider that websites are attacked as many as 50 times per day on average" says Jessica Ortega, a member of the SiteLock research team.

"The NIST Small Business Cybersecurity Act aims to provide cyberdefense resources for small businesses by creating a set of guidelines for basic security measures that should be easy to follow and implement affordable", she says, "It also creates guidelines for making security best practices a required component of corporate training and workplace culture, something that is very needed as cyber threats continue to evolve."

Small businesses and many large organizations struggle to comply with the existing NIST Security Framework. Some are saying that this change aided by government sets the stage for greater compliance and readiness from smaller organizations, especially those who have thought that NIST compliance was too costly, complex, or time-consuming to achieve.

Still, small organizations can't afford extensive cybersecurity resources in-house, and many still believe they will not be a target for cybercriminals now or in the future. Small businesses are a direct target for business email compromise and ransomware attacks, especially those who are part of the supply chain for larger organizations. In fact, small businesses suffer more from successful attacks than larger companies. They are also able to recover much less.

The act only requires NIST to make resources, or guidelines, methodologies, and other information. Small businesses can still risk falling vulnerable if they don't have an easy way to track, measure, and manage the best practices of the NIST Cybersecurity Framework.

Larger organizations are starting to insist that smaller companies who sell to them or partner with them show adequate compliance with the NIST Cybersecurity Framework. The CyberStrong Platform enables rapid NIST implementation that is so easy, small businesses, supply chains, and less technical teams can manage it without wasting time and resources. Larger companies with massive supply chains also use CyberStrong in-house to scale up the NIST CSF, ISO, GDPR, DFARS, and many other frameworks that they need across locations, applications, and vendors.

You may also like

October Product Update
on October 3, 2022

Hey, Jimmy - is it really always 5 o’clock somewhere? If not, it should be! With this release, we’re focusing on empowering our customers to work smarter, not harder. Whether ...

How Does FAIR Fit into ...
on September 26, 2022

The Factor Analysis of Information Risk (FAIR) methodology breaks down risk into elements that organizations can compute, understand, analyze and quantify cyber threats and their ...

All-in-One Cybersecurity Board ...
on September 19, 2022

CISOs and Board Members can no longer ignore the importance of cybersecurity. New cyber attacks and threats surface every week and threaten the security of business operations. ...

Rules for Effective Cyber Risk ...
on September 12, 2022

Cybersecurity threats are becoming more challenging for businesses. According to PurpleSec’s Cyber Security Trend Report in 2021, cybercrime surged by 600% during the pandemic, ...

A Pocket Guide to Factor Analysis ...
on September 14, 2022

FAIR, short for Factor Analysis of Information Risk, is a risk quantification methodology founded to help businesses evaluate information risks. FAIR is the only international ...

Your Guide to Cyber Risk ...
on August 30, 2022

During the pandemic, online businesses flourished as people turned to e-commerce stores to shop from the comfort and safety of their homes. This unprecedented expansion of ...