The NIST Small Business Cybersecurity Act of 2017 has been approved by the U.S. House Committee on Science, Space, and Technology. The new act requires the National Institute for Standards and Technology to issue new cybersecurity guidance for small businesses to help them manage cybersecurity risk.
Cyberattacks on small businesses are now commonplace with cybercriminals often targeting small businesses. Smaller businesses may not have as much data as large organizations, so cyberattacks are less profitable; however, small businesses also have weaker defenses making attacks far easier.
Further, if access is gained to the computer systems of small businesses, cybercriminals may be able to use that access to launch attacks on suppliers and vendors.
Small healthcare organizations in particular are now being targeted and must ensure that they have appropriate defenses in place to repel attacks.
Unlike large healthcare organizations that are able to absorb the costs of data breaches, many small practices simply do not have the finances available to cover breach resolution costs. Those costs can be considerable.
Given the cost of data breach resolution, it is no surprise that many small businesses fail after experiencing a data breach. Figures from the National Cybersecurity Alliance indicate 60% of small businesses that have experienced a cyberattack fail within 6 months. It is therefore essential that defenses against cyberattacks are improved.
The NIST Small Business Cybersecurity Act of 2017 aims to help in this regard, giving small businesses tailored help. The NIST Small Business Cybersecurity Act of 2017 requires NIST to issue clear and concise cybersecurity guidance for small businesses to help with risk management. Additionally, NIST must develop tools, best practices, standards, and methodologies for small businesses to adopt to help them identify, assess, manage and reduce cybersecurity risk.
NIST will be using its Framework for Improving Critical Infrastructure Cybersecurity as a base and will seek input from federal agencies and will produce the new guidance and resources within a year. The new guidance and best practices will be made available through the NIST website.
Chairman Lamar Smith (R-Texas) said “The NIST Small Business Cybersecurity Act will help ensure that our small businesses have the information they need to protect themselves from cyber-attacks.”