A Weekend in Incident Response #28: How Could NIST Small Businesses Cybersecurity Act Help Improve Cybersecurity for Small Companies?

Posted byDario Forte - 12th May 2017
A Weekend in Incident Response #28: How Could NIST Small Businesses Cybersecurity Act Help Improve Cybersecurity for Small Companies?

A recently proposed bill promises to be a great help to small entities as they try to fend off an increasing number of cyber threats that they are seeing in recent years. The NIST Small Businesses Cybersecurity Act of 2017 was recently approved by the US House Committee on Science, Space and Technology, and will soon be headed to the Senate.

The main goal of the legislation is to instruct the National Institute of Standards and Technology (NIST)  to allocate resources to “help small business concerns identify, assess, manage, and reduce their cyber security risks”. This bill addresses the key issues contributing to the increased cyber security risks faced by small businesses. Among other things, it recommends that the NIST security standards“disseminate resources to promote awareness of basic controls and a workplace cyber security culture”, which are some of the leading challenges for small businesses when it comes to tackling cyber threats.

Sharing Information

Sharing information is another important aspect of cyber security that is of great relevance to small businesses and is mentioned in the proposed bill, as well. The NIST security guidelines are designed to help small businesses get the information that they need to improve their cyber defense and resilience to cyber attacks. In this regard, small businesses could use a security automation and orchestration platform, which has the ability to share cyber incident intelligence.

With a platform with cyber threat intelligence sharing capabilities, small businesses can reduce their reaction time following a cyber security event, which is of utmost importance in terms of containing the damage and bringing their computer systems back into operation as soon as possible. Exchanging information on current and past incidents, while also ensuring that you don’t share any confidential and sensitive data in the process, is one of the key steps of the broader and ongoing process of defending against and prevent cyber attacks, and keeping cyber incidents under control.

Identify Cybersecurity Risks

These types of platforms can also help small businesses identify cyber security risks and track, predict and detect breaches, enabling a proactive approach to cyber security, which is the best way to prevent attacks in this age when cyber criminals keep inventing new ways, methods, and technologies to gain access to organizations’ computer systems.

While the NIST Cybersecurity Act aimed at improving their abilities to protect against cyber attacks would certainly be of great help to them, small businesses should not rely solely on the prospect of seeing such a legislation enacted in the future. To be able to get the most out of the NIST security framework, small entities should consider utilizing an automation and orchestration platform as part of their ongoing efforts for improving cyber security for today with the ability to scale as your small business grows.