THE RECENTLY ENACTED NIST Small Business Cybersecurity Act promises to provide SMBs with some of the basic informational resources needed to build a security infrastructure that will better protect them and their SMB clients against cyberthreats.
In August, President Donald J. Trump quietly signed the new law, which requires the U.S. Commerce Department’s National Institute of Standards and Technology to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
Established by Congress in 1901, NIST is charged with promoting “U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
The law imposes no new requirements or regulations on SMBs, notes Jason McNew, CEO and founder of Gettysburg, Pa.-based Stronghold Cyber Security LLC, a provider of cybersecurity services.
“What it does do is tell NIST to make free resources about basic security measures available to these businesses, written and presented in a way they can actually use it,” he says.
Information on the basics of securing information, systems, and networks has long been available to businesses at the enterprise level that have the resources to hire and support IT staff, harden their networks, and conduct penetration testing.
SMBs don’t have such resources, leaving them particularly vulnerable in a world where they are increasingly the targets of ransomware, malware, and other attacks. “The ‘bigger fish’ have the resources to protect themselves, and the threat actors always go for the low-hanging fruit,” McNew says.
He notes that while many small businesses know they need to do something to reduce their cyber risk, “they don’t know where to start.”
The new law is an example of legislators responding to the growing cybersecurity threats faced by businesses that are the foundation of the U.S. economy, according Bill Conner, president and CEO of San Jose, Calif.-based breach detection and prevention vendor SonicWall Inc., and a driving force behind the new law.
“It is really rewarding to see them recognize the importance of the SMB, which is the major underpinning of our economy, and the least well-equipped in terms of resources to deal with cybersecurity,” he says.
The new law should have a positive impact on channel pros serving the SMB market, notes McNew.
“Having a central source of user-friendly information will help them provide more standardized guidance regarding security,” McNew says, adding that “the more we standardize that kind of information, the better, faster, and cheaper we can help small businesses.”