No Easy Fix For SME Cybersecurity

Small and medium sized businesses are frequent targets for cyber-attacks and their results can be devastating, but there’s no quick fix, advocates told lawmakers during a recent hearing.

There’s no uniform standard these businesses can adopt to ensure they won’t suffer a cyber breach, denial-of-service or ransomware attack or to ensure they won’t be pummeled with financial losses and lawsuits when they do.

Even when small companies want to protect themselves, they often don’t know where to turn for help. Or they may lack the financial resources for security that goes beyond basic antivirus protection and making sure their systems are reliably patched.

“The average business owner is what we call trapped in a whirlwind,” Charles Rowe, president of America’s Small Business Development Centers, a trade association, testified before the US House Small Business Committee. “They’ve got 5,000 things to worry about, and sometimes this is not the wolf closest to the sled.”

Rowe advocated during the hearing for an interagency committee designed to help companies adopt cyber-security best practices, similar to the Trade Promotion Coordinating Committee, which was created to aid exporters.

Jim Mooney, cyber-security chair of the National Association of Federally-Insured Credit Unions, urged the government to develop national cyber-security standards for companies similar to those currently required for banks and other financial firms under the Gramm Leach Bliley legislations.

Those standards should focus on providing “flexibility, scalability and risk-based assessments,” he said.

Companies are notoriously wary of new regulations, however, and cyber threats often move too fast for firm regulations to keep up.

Companies not bound by specific regulation are currently required to take “reasonable steps” to protect customer data, according to the Federal Trade Commission.

That vague standard, however, can be concerning for companies, Rowe said.

“What’s reasonable is shifting all the time and it’s hard to tell if you’re a small business where the bar has moved to,” he said.

NextGov

Directors Report January 2017. Cyber Security Checklist For Management (£):

Company Boards Need To Get A Grip:

Cost of Data Breaches Will Keep On Getting Higher:

 

« Wikileaks Vault 7 And The CIA Hacking Arsenal
Would Killing Bitcoin End Ransomware? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

ThriveDX

ThriveDX

ThriveDX, the world’s premier EdTech provider (formerly HackerU), champions digital transformation training as a means of empowering individuals to thrive in the age of digital disruption.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.