No Easy Fix For SME Cybersecurity

Uploaded on 2017-04-03 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Small and medium sized businesses are frequent targets for cyber-attacks and their results can be devastating, but there’s no quick fix, advocates told lawmakers during a recent hearing.

There’s no uniform standard these businesses can adopt to ensure they won’t suffer a cyber breach, denial-of-service or ransomware attack or to ensure they won’t be pummeled with financial losses and lawsuits when they do.

Even when small companies want to protect themselves, they often don’t know where to turn for help. Or they may lack the financial resources for security that goes beyond basic antivirus protection and making sure their systems are reliably patched.

“The average business owner is what we call trapped in a whirlwind,” Charles Rowe, president of America’s Small Business Development Centers, a trade association, testified before the US House Small Business Committee. “They’ve got 5,000 things to worry about, and sometimes this is not the wolf closest to the sled.”

Rowe advocated during the hearing for an interagency committee designed to help companies adopt cyber-security best practices, similar to the Trade Promotion Coordinating Committee, which was created to aid exporters.

Jim Mooney, cyber-security chair of the National Association of Federally-Insured Credit Unions, urged the government to develop national cyber-security standards for companies similar to those currently required for banks and other financial firms under the Gramm Leach Bliley legislations.

Those standards should focus on providing “flexibility, scalability and risk-based assessments,” he said.

Companies are notoriously wary of new regulations, however, and cyber threats often move too fast for firm regulations to keep up.

Companies not bound by specific regulation are currently required to take “reasonable steps” to protect customer data, according to the Federal Trade Commission.

That vague standard, however, can be concerning for companies, Rowe said.

“What’s reasonable is shifting all the time and it’s hard to tell if you’re a small business where the bar has moved to,” he said.

NextGov

Directors Report January 2017. Cyber Security Checklist For Management (£):

Company Boards Need To Get A Grip:

Cost of Data Breaches Will Keep On Getting Higher:

 

« Wikileaks Vault 7 And The CIA Hacking Arsenal
Would Killing Bitcoin End Ransomware? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

Zafran

Zafran

Zafran is a Risk & Mitigation Platform that defuses threat exploitation by mobilizing existing security tools.

Maveris

Maveris

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission.