No Easy Fix For SME Cybersecurity

Small and medium sized businesses are frequent targets for cyber-attacks and their results can be devastating, but there’s no quick fix, advocates told lawmakers during a recent hearing.

There’s no uniform standard these businesses can adopt to ensure they won’t suffer a cyber breach, denial-of-service or ransomware attack or to ensure they won’t be pummeled with financial losses and lawsuits when they do.

Even when small companies want to protect themselves, they often don’t know where to turn for help. Or they may lack the financial resources for security that goes beyond basic antivirus protection and making sure their systems are reliably patched.

“The average business owner is what we call trapped in a whirlwind,” Charles Rowe, president of America’s Small Business Development Centers, a trade association, testified before the US House Small Business Committee. “They’ve got 5,000 things to worry about, and sometimes this is not the wolf closest to the sled.”

Rowe advocated during the hearing for an interagency committee designed to help companies adopt cyber-security best practices, similar to the Trade Promotion Coordinating Committee, which was created to aid exporters.

Jim Mooney, cyber-security chair of the National Association of Federally-Insured Credit Unions, urged the government to develop national cyber-security standards for companies similar to those currently required for banks and other financial firms under the Gramm Leach Bliley legislations.

Those standards should focus on providing “flexibility, scalability and risk-based assessments,” he said.

Companies are notoriously wary of new regulations, however, and cyber threats often move too fast for firm regulations to keep up.

Companies not bound by specific regulation are currently required to take “reasonable steps” to protect customer data, according to the Federal Trade Commission.

That vague standard, however, can be concerning for companies, Rowe said.

“What’s reasonable is shifting all the time and it’s hard to tell if you’re a small business where the bar has moved to,” he said.

NextGov

Directors Report January 2017. Cyber Security Checklist For Management (£):

Company Boards Need To Get A Grip:

Cost of Data Breaches Will Keep On Getting Higher:

 

« Wikileaks Vault 7 And The CIA Hacking Arsenal
Would Killing Bitcoin End Ransomware? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

IT-Seal

IT-Seal

IT-Seal GmbH specializes in sustainable security culture and awareness training.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.