Can Main Street Cybersecurity Act Protect Small Businesses?

The U.S. Senate is discussing legislation designed to provide small businesses with additional cybersecurity resources to address malware, ransomware and other cyber threats.

The Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act, aka the "Main Street Cybersecurity Act," was introduced in March. It would provide "a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats," according to U.S. Sen. John Thune.

"This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers," Thune said in a prepared statement.

A Closer Look at the Main Street Cybersecurity Act

The Main Street Cybersecurity Act would ensure the National Institute of Standards and Technology (NIST) considers the needs of small businesses in conjunction with its Cybersecurity Framework. It would require the NIST to provide "simplified, consistent resources based on the NIST framework specifically for small businesses," Thune indicated.

NIST published its Cybersecurity Framework in February 2014. The framework offers a voluntary guide to help organizations manage and reduce cybersecurity risks.

In addition, NIST in January updated its Cybersecurity Framework and continues to develop the framework.

Main Street Cybersecurity Act Gains Momentum

The U.S. Chamber of Commerce is backing the Main Street Cybersecurity Act, noting the legislation "would support enhanced cybersecurity and resiliency ... help make businesses more productive."

Moreover, security management organization ASIS International in April sent a letter of support to the Senate Committee on Commerce, Science and Transportation.

In the letter, ASIS CEO Peter O'Neil stated the Main Street Cybersecurity Act "emphasizes years of cooperative efforts by industry and government to produce risk management tools that support the cybersecurity needs  small to medium businesses."

SMBs Remain Susceptible to Cyberattacks

Many cybercriminals are targeting small and medium-sized businesses (SMBs), according to the "2016 State of SMB Cybersecurity" report from Ponemon Institute.

Report results included:

  • 55 percent of respondents said their company experienced a cyberattack in the past 12 months.
  • 50 percent indicated their company suffered a data breach in the past year.
  • 18 percent noted their company uses cloud-based IT security services, and most password policies do not require employees to use a password or biometric to secure access to their mobile devices.

The report also showed managed security service providers (MSSPs) support an average of 34 percent of SMB IT security operations.

"Personnel, budget and technologies are insufficient to have a strong security posture. As a result, some companies engage managed security service providers," Ponemon wrote in its report.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.