Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/5/2021
05:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority

WASHINGTON, DC, May 5, 2021 – The Cyber Readiness Institute (CRI) is urging the Biden Administration to take specific actions to protect small and medium-sized businesses (SMBs), which are vital components of global supply chains, from cyber-attacks. In a white paper released today, “The Urgent Need to Strengthen the Cyber Readiness of Small and Medium-Sized Businesses”, the non-profit Institute notes that SMBs need easier access to cybersecurity resources and require prescriptive, easy-to-adopt programs that impact their everyday operations and focus on human behavior. 

The recent attacks on the U.S. digital infrastructure through the compromise of SMBs underscore the urgent need to address critical gaps in national cyber defenses. SMBs are essential components of global supply chains, operated by the U.S. government and large corporations, and create potential risks for these organizations if they are not cyber secure.

“We are at an inflection point and the need for action to support SMBs is urgent,” said Kiersten Todt, Managing Director of the Cyber Readiness Institute. “SMBs are critical components of our digital economy and there are fundamental actions we can take to help them become more secure and resilient to make our nation stronger and cyber ready.

In a survey of U.S. SMBs for the white paper, CRI found that only 18% are confident (strongly agree) that their organization is prepared for a cyber incident and would know how to respond.  Additionally, over 70% of U.S. SMBs welcome government efforts to do more to help make organizations in the supply chain cyber ready.

CRI has outlined five policy and program recommendations for the federal government to implement quickly:

·         Create an SMB Cybersecurity Center. Today, no single government agency curates cybersecurity resources, from multiple, vetted sources, for SMBs. Given the ongoing work to support SMBs by the Cybersecurity and Infrastructure Security Agency (CISA) and the recent allocation of additional resources to the agency, CISA is the recommended agency to perform this function.

·         Establish Cybersecurity Incentives. Tax credits to SMBs that invest in cybersecurity can incentivize cybersecurity efforts.

·         Set Cybersecurity Standards. The market needs minimum standards for cybersecurity that all organizations must follow, including SMBs. These standards should be founded in a risk management approach that allows each business to address their cybersecurity vulnerabilities based on their mission, assets, and resources.

·         Launch National Cyber Squads. Expand the existing CyberCorps with government-funded Cyber Squads of student interns to help minority-owned SMBs and to fill a desperately needed talent pipeline. By doing so, we will also be educating the next generation of cyber leaders. 

·         Roll Out a National Cyber Readiness Education Campaign.  Awareness is critical for SMBs and the entire population.  We need an aggressive, accessible, and easy-to-understand nationwide awareness campaign that focuses on a single, impactful cyber issue, such as passwords.

About the Cyber Readiness Institute

The Cyber Readiness Institute is a non-profit initiative that convenes business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized businesses (SMBs). CRI was co-founded by the CEOs of The Center for Global Enterprise, Mastercard, Microsoft, and PSP Partners, as a follow-up action from the work of the 2016 Commission on Enhancing National Cybersecurity. Our members also include ExxonMobil, General Motors, and Principal. Our mission is to advance the cyber readiness of SMBs to improve the security of global supply chains. CRI’s resources focus on human behavior and emphasize employee education and awareness. To find out more, visit www.BeCyberReady.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.