Can Main Street Cybersecurity Act Protect Small Businesses?
The U.S. Senate is discussing legislation designed to provide small businesses with additional cybersecurity resources to address malware, ransomware and other cyber threats.
The Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act, aka the “Main Street Cybersecurity Act,” was introduced in March. It would provide “a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats,” according to U.S. Sen. John Thune.
“This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers,” Thune said in a prepared statement.
A Closer Look at the Main Street Cybersecurity Act
The Main Street Cybersecurity Act would ensure the National Institute of Standards and Technology (NIST) considers the needs of small businesses in conjunction with its Cybersecurity Framework. It would require the NIST to provide “simplified, consistent resources based on the NIST framework specifically for small businesses,” Thune indicated.
NIST published its Cybersecurity Framework in February 2014. The framework offers a voluntary guide to help organizations manage and reduce cybersecurity risks.
In addition, NIST in January updated its Cybersecurity Framework and continues to develop the framework.
Main Street Cybersecurity Act Gains Momentum
In the letter, ASIS CEO Peter O’Neil stated the Main Street Cybersecurity Act “emphasizes years of cooperative efforts by industry and government to produce risk management tools that support the cybersecurity needs [of] small to medium businesses.”
SMBs Remain Susceptible to Cyberattacks
Report results included:
- 55 percent of respondents said their company experienced a cyberattack in the past 12 months.
- 50 percent indicated their company suffered a data breach in the past year.
- 18 percent noted their company uses cloud-based IT security services, and most password policies do not require employees to use a password or biometric to secure access to their mobile devices.
The report also showed managed security service providers (MSSPs) support an average of 34 percent of SMB IT security operations.
“Personnel, budget and technologies are insufficient to have a strong security posture. As a result, some companies engage managed security service providers,” Ponemon wrote in its report.