The Urgent Need to Strengthen the Cyber Readiness of Small and Medium-Sized Businesses
“As the world becomes more immersed in and dependent on the information revolution, the pace of intrusions, disruptions, manipulations, and thefts also quickens. Technological advancement is outpacing security and will continue to do so unless we change how we approach and implement cybersecurity strategies and practices. Recent attacks in which everyday consumer devices were compromised for malicious use have made it abundantly clear that we now live in a much more interdependent world.”— Commission on Enhancing National Cybersecurity, Report on Securing and Growing the Digital Economy, December 1, 2016
Nearly five years later, those words continue to ring true. We remain mired in a nightmarish game of Whack-A-Mole with our cyber adversaries. But now the digital landscape is larger, and we have no idea where the next cyber attack will pop up. What we know with certainty is that it will. The discovery of major adversary actions, through the SolarWinds and Microsoft Exchange compromises, comes as we emerge from a pandemic year of remote business operations that saw a dramatic rise in ransomware attacks against hospitals, schools, and other critical infrastructure. We are at an inflection point and there is urgent need for action.
Shockingly expansive and sophisticated, the SolarWinds and Microsoft Exchange events were merely symptoms of the challenges we face. Remedial efforts such as updating and patching our software, changing passwords, and removing malicious code are not sufficient. We must acknowledge and address our failure to incentivize secure behaviors and enact the policies necessary to strengthen our cyber defenses, to make our nation cyber ready.
The SolarWinds and Microsoft Exchange events compromised scores of small and medium-sized businesses (SMBs) that form vital links in our nation’s supply chains and economy. SMBs are targeted by cyber attackers because they often lack the resources to invest in cybersecurity tools and training. The intent of this White Paper is to provide the Biden Administration with specific actions to improve the resilience and cyber readiness of U.S. SMBs.
Although we cannot end cyber intrusions, there are basic actions we can take to protect our citizens, businesses, and critical infrastructure. By focusing on the role human behavior plays in successful hacks and by giving SMBs the tools and resources to improve their cyber readiness, we can build a strong and resilient foundation for cybersecurity.
We can also help foster business strength and survival. Given that 60% of SMBs will close their doors within one year of a cyber breach, according to the National Cyber Security Alliance, it is vital to SMBs, and to all of us, that they become cyber aware and ready.
Continue reading HERE.