Untrained and Vulnerable: Small Biz Losing War on Cybercrime
Small businesses across America are increasingly falling prey to cyberattacks and allowing criminals access into the nation's critical information technology infrastructure, officials from the FBI and Department of Homeland Security warned lawmakers Tuesday.
"We're losing the war," FBI Cyber Division Deputy Assistant Director Howard Marshall told the House Committee on Small Businesses when asked small-business cyberattacks. "These are not things we have been trained to think about."
Against a backdrop of Kremlin-linked social media and cyber-meddling in U.S. elections and a steady drumbeat of state-sponsored hackers probing national security targets, lawmakers took time out Tuesday to acknowledge the unique challenges smaller firms given the limited resources they have.
"Forty percent of all cyberattacks are focused on companies with less than 500 employees," said Rep. Nydia Velazquez, New York Democrat. "This may be because 14 percent of small businesses reported having a plan in place for keeping their companies cybersecure."
The FBI tracks the "the accelerating sophistication" of threats and attack methods, Mr. Marshall explained. These include email scams targeting businesses with bogus foreign suppliers or wire transfers, criminal data thefts, and email phishing scams that lure victims to click on malware -- which often leads to digital ransom schemes that kidnap firm data.
Rep. Steve Chabot, Ohio Republican and panel chairman, told committee members that one key to combating cybersecurity vulnerabilities "is strengthening the federal government's relationships with the private sector."
The committee is working on the Small Business Advanced Cybersecurity Enhancements Act of 2017, specifically aimed at easing information sharing between federal agencies and America's smallest companies and businesses.
Rep. Ralph Norman noted how hard it could be for rural businesses -- where reputation is everything -- to address the issue of cyberattacks themselves. The way a firm might disclose a breach, the South Carolina Republican said, could lead to questions of credibility and possible perceptions that a business might have lost critical customer data or trade secrets.
Richard Driggers, the deputy assistant secretary for communications at DHS's Office of Cybersecurity, empathized with the plight of small, rural firms caught in a cyberattack. "This isn't a gotcha game," he said. "We are not going to go report someone to a federal regulator. We want to help."
Mr. Driggers stressed that small businesses needed to stick to the security basics, including backing up critical data, protecting mobile devices, and tracking, locking or wiping any device that is lost or stolen.
He also noted that always keeping software security up to date, frequently changing system passwords and providing employees rudimentary cybersecurity training went a long way to helping small firms keep themselves safe.
© 2018 Washington Times under contract with NewsEdge/Acquire Media. All rights reserved.
Image credit: iStock/Artist's concept.