Request Demo

NIST Cybersecurity Framework

NIST Small Business Cybersecurity Act Passed Into Law

down-arrow


U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday, August 14, 2018. It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." This is a massive achievement, as many small businesses want to adopt it, they are having trouble doing so because of the complexity.

In an article in SecurityWeek, The resources that NIST will provide will be generally applicable to a wide range of small businesses and will vary with the nature and size of small businesses. They are supposed to promote cybersecurity awareness and workplace cybersecurity culture and will include practical application strategies for small organizations. The resources must be technology-neutral and as much as possible.

Strong Bi-Partisan Support

The bi-partisan act was authored by U.S. Senators Brian Schatz (D-Hawai'i) and James Risch (R-Idaho), co-sponsored by Senators John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.).

"As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyber attacks. But while big businesses have the resources to protect themselves, small businesses do not, and that's exactly what makes them an easy target for hackers," said Schatz, who is the lead Democrat on the Commerce Subcommittee on Communications Technology, Innovation, and the Internet. "This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks."

Well-Received In The Security Industry

"Small businesses account for 99.7% (SBA) of employers in the United States and as many as 50% (CNBC) of those have experienced a cyber attack. Not surprising when you consider that websites are attacked as many as 50 times per day on average" says Jessica Ortega, a member of the SiteLock research team.

"The NIST Small Business Cybersecurity Act aims to provide cyberdefense resources for small businesses by creating a set of guidelines for basic security measures that should be easy to follow and implement affordable", she says, "It also creates guidelines for making security best practices a required component of corporate training and workplace culture, something that is very needed as cyber threats continue to evolve."

Small businesses and many large organizations struggle to comply with the existing NIST Security Framework. Some are saying that this change aided by government sets the stage for greater compliance and readiness from smaller organizations, especially those who have thought that NIST compliance was too costly, complex, or time-consuming to achieve.

Still, small organizations can't afford extensive cybersecurity resources in-house, and many still believe they will not be a target for cybercriminals now or in the future. Small businesses are a direct target for business email compromise and ransomware attacks, especially those who are part of the supply chain for larger organizations. In fact, small businesses suffer more from successful attacks than larger companies. They are also able to recover much less.

The act only requires NIST to make resources, or guidelines, methodologies, and other information. Small businesses can still risk falling vulnerable if they don't have an easy way to track, measure, and manage the best practices of the NIST Cybersecurity Framework.

Larger organizations are starting to insist that smaller companies who sell to them or partner with them show adequate compliance with the NIST Cybersecurity Framework. The CyberStrong Platform enables rapid NIST implementation that is so easy, small businesses, supply chains, and less technical teams can manage it without wasting time and resources. Larger companies with massive supply chains also use CyberStrong in-house to scale up the NIST CSF, ISO, GDPR, DFARS, and many other frameworks that they need across locations, applications, and vendors.

You may also like

The Guide To A CEOs First ...
on May 16, 2019

One of the greatest challenges that CEOs and business-side leaders are faced with when tasked with implementing a cybersecurity program is the board-level reporting that goes on ...

Jerry Layden
What The NIST Privacy Framework ...
on May 14, 2019

On Wednesday May 1, the National Institute of Standards and Technology (NIST) released their latest draft version of the much anticipated NIST Privacy Framework. Following the ...

Padraic O'Reilly
The CEO's Guide To Understanding ...
on May 9, 2019

With high profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front row seat to the impact that cybersecurity can have on ...

Jerry Layden
The NIST Privacy Framework Is More ...
on May 17, 2019

In recent weeks, the National Institute of Standards and Technology released their latest draft of the new privacy framework. The forthcoming privacy framework will join NIST’s ...

The Road To An Internet Of Things ...
on May 2, 2019

As we’ve seen before, one of the greatest cybersecurity threats facing both consumer- and enterprise-focused organizations is the rise of connected devices - the internet of ...

George Wrenn
Is The NIST CSF Replacing HIPAA In ...
on April 30, 2019

In the recently released Cynergistek report on the state of healthcare sector cybersecurity framework adoption, I noticed an interesting trend - the rise in NIST CSF adoption and ...

George Wrenn