Untrained and Vulnerable: Small Biz Losing War on Cybercrime

Small businesses across America are increasingly falling prey to cyberattacks and allowing criminals access into the nation's critical information-technology infrastructure, officials from the FBI and Department of Homeland Security warned lawmakers Tuesday.

"We're losing the war," FBI Cyber Division Deputy Assistant Director Howard Marshall told the House Committee on Small Businesses when asked small-business cyberattacks. "These are not things we have been trained to think about."

Against a backdrop of Kremlin-linked social media and cyber-meddling in U.S. elections and a steady drumbeat of state-sponsored hackers probing national security targets, lawmakers took time out Tuesday to acknowledge the unique challenges smaller firms given the limited resources they have.

"Forty percent of all cyberattacks are focused on companies with less than 500 employees," said Rep. Nydia Velazquez, New York Democrat. "This may be because 14 percent of small businesses reported having a plan in place for keeping their companies cybersecure."

The FBI tracks the "the accelerating sophistication" of threats and attack methods, Mr. Marshall explained. These include email scams targeting businesses with bogus foreign suppliers or wire transfers, criminal data thefts, and email phishing scams that lure victims to click on malware -- which often leads to digital ransom schemes that kidnap firm data.

Rep. Steve Chabot, Ohio Republican and panel chairman, told committee members that one key to combating cybersecurity vulnerabilities "is strengthening the federal government's relationships with the private sector."

The committee is working on the Small Business Advanced Cybersecurity Enhancements Act of 2017, specifically aimed at easing information sharing between federal agencies and America's smallest companies and businesses.

Rep. Ralph Norman noted how hard it could be for rural businesses -- where reputation is everything -- to address the issue of cyberattacks themselves. The way a firm might disclose a breach, the South Carolina Republican said, could lead to questions of credibility and possible perceptions that...

Comments are closed.