Washington, D.C.— Today, the House Small Business Committee, led by Chairwoman Nydia M. Velázquez (D-NY), held a hearing focused on improving cybersecurity preparedness in the small businesses sector. The hearing occurred following the Biden administration’s acknowledgement yesterday that hackers affiliated with the Chinese government were behind a major cyberattack on Microsoft Corp. that potentially impacted hundreds of thousands of small businesses.
“Episodes like the Microsoft hack exhibit the significant threat cyber-attacks pose to small businesses,” said Chairwoman Velázquez. Given the greater risk cyber-attacks pose to small employers and their limited capacity to protect against them, this committee must find ways to help entrepreneurs strengthen their cybersecurity posture. Today’s hearing gave us the chance to examine how existing cyber resources can be enhanced and integrated into small business support mechanisms.”
Throughout the pandemic, 72% of small firms reported increasing their use of digital tools. With more firms conducting businesses online than ever, small businesses are highly vulnerable to cybersecurity threats as employers, suppliers, and consumers in a modern digital economy. Unfortunately, adequate cyber defense is often cost and resource-intensive and not feasible for small firms operating on tight margins. With small firms comprising over 99% of all businesses, cyber threats to under protected independent companies can create risk for entities across the supply chain.
During the hearing, witnesses detailed the extensive threats that small businesses face in the cyber realm and the impacts cyber-attacks can have on the broader economy. Committee members also discussed policy options to better protect small firms.
“In 2020, as companies shifted to remote work, the threat surface for small and medium sized businesses also grew,” said Tasha Cornish, Executive Director of Cybersecurity Association of Maryland, Inc. “Virtual machines, virtual personal networks (VPNs), and other remote access technologies regularly top the list for cybersecurity incidents.”
“The SBDC national network is poised to serve by providing connection, education and guidance to meet the needs of small businesses not only for cybersecurity risk mitigation but through many other small business topics the SBDC has offered over the years,” said Sharon Nichols, State Director of the Mississippi Small Business Development Center. “We are striving to meet the needs of business owners, at their level of understanding, so that they can focus on the customer and the health of the business knowing they have a cybersecurity plan to protect their reputation as well as loss of trust and funds.”
“SMBs need access to cybersecurity resources and support from the federal government and need prescriptive and easy-to-adopt programs and approaches that strengthen their everyday operations,” said Kiersten Todt, Managing Director of the Cyber Readiness Institute. “Because a small business may not have a department or even a single employee solely focused on cybersecurity, approaches grounded in creating cultural change through human behavior and education are critical to helping SMBs become more resilient.”