Managers of small and medium-sized organizations lack contingency plans in case of cyberattacks
Even though awareness about importance of cyber security organization has been increasing in recent years, most small and medium-sized enterprises (SMEs) continue showing lag signs in these issues, as it is estimated that nearly 51% of SMEs managers are convinced that their companies are not a potential targets for malicious hackers.
Meanwhile, 76% of them say they have not activated multifactor authentication for their business email accounts, according to reports made by several cyber security organization firms, which mention that a security breach could cost a small business up to $130K USD, mainly for legal work, risk mitigation and reputation damage.
Data breaches in small and medium-sized enterprises numbers in the US are alarming: a report by a cyber security firm in 2016 found that approximately 15 of the 30 million of the country’s SMEs had suffered massive data theft, while a report More recent shows that there is still a lot of work to be done to get these organizations up to date on the protection of their systems.
On the other hand, the US federal government has tried to provide assistance to SMEs in these cases; President Trump signed the National Institute of Standards and Technology (NIST) Small Business Cyber Security Act last week, which demands the NIST to develop a cyber security organization framework for small and medium sized organizations. “The idea is to make security accessible to small and medium-sized entrepreneurs who, in many cases, even show lack of IT teams, or adequate security measures for their systems”, mentioned U.S. government spokespersons.
This change in cyber security organization approach is a positive measure for SMEs, as they are considered an initial attack vector for hackers who plan to cyberattacks against the platforms of large companies and government institutions.
NIST‘s cyber security organization framework provides references for organizations to assess their security risks and provides guidelines for protecting, detecting, and responding to potential cyber threats. Kevin Stine NIST official mentions that funds to finance this small business security work will come from the Institute’s annual budget.
For cyber security organization specialists from the International Institute of Cyber Security it is good news that the US federal government shows its support for the development of appropriate cyber security policies for small and medium organizations, as this could work as an additional security measure for the protection of larger organizations which handle higher volumes of sensitive information.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.