The MAIN STREET Cybersecurity Act of 2017 is definitely going to be passed by the U.S. Senate which would necessitate the National Institute of Standards and Technology (NIST) to make cyber security better amongst all small businesses. In reference to the National Cyber Security Alliance, the Act states that 60% of small businesses are closed down within a period of six months because of cyber-attacks. This is why protecting them is important to the economy of the United States.
The Act was ratified by the Committee on Science, Transportation and Commerce. It now needs to be approved by both the houses of Congress and then be signed by the President to become official. Here are five things which should be known about the law:
1. Guidance of NIST: Once the bill is passed the NIST would develop guidance resources to aid the small businesses, they can safeguard themselves from the rising pressures of cyber security. The guidance would be developed and completed within a year’s time as per the actual text of the Act and encourage “effective and usable” practices which would be grounded on international standards.
2. Small Business Version of the CSF: An outline was released in 2014 by the National Institute of Standards and Technology to the Cyber Security Framework (CSF) to institute the best practices of cyber security in big establishments. In a research conducted by Tenable revealed that this had been implemented by 29% of the organizations in United States who had more than 100 employees and 14% more were planning to embrace it in 2016. Several organizations also said that they would need much high investments to implement it.
3. Varying Criteria: The guidance will vary depending on the nature and size of the business and the sensitivity and nature of the data the business deals in. Several small businesses that handle sensitive information are already complying with different regulations in place such as PCI and HIPAA, which of course would not be affected.
4. Technology Neutral: The guidance states that all the practices which need to be executed would be using technologies which are commercial and already exist. Also included in the practices are “simple basic controls”. Just like Cyber Security Framework this will also be advised instead of being made obligatory. This means that just like CSF most of the organizations who are adopting the guidance will exclude the applications which they think are costly.
5. Almost Sure to Become Law: The act is supported and sponsored by two parties and is stable with the Small Business Development Cyber Strategy enacted in 2016. In a situation where cyber threats have become alarming and the news headlines are being flooded with such cyber-attacks the bill of MAIN STREET Cybersecurity Act of 2017 is sure to be passed in one of the congressional sessions as both the sides agree to have it implemented.
Why has Cyber Security become so Important?
In another recent cyber-attack Netflix was targeted where the series of ‘Orange is the New Black’ was stolen online from the channel. A ransom was demanded but when Netflix refused to pay the ransom to the cyber-criminal, they uploaded the series on the internet which could be downloaded by anyone through torrent.
According to a report generated by Verizon Communications Inc., criminals encrypt user data with malicious software and then ask for money to unencrypt this data. These happening increased by 50% last year. Earlier attackers targeted individual customers but now they are going after businesses and organizations whose security system is susceptible. In a report generated by McAfee Inc. in partnership with Verizon it was seen that the most targeted for ransom were government organizations, after which came health care companies and then financial services.
These cyber criminals ask the ransom to be paid in bitcoin. Bitcoin is a digital currency. In all the cases the malware was delivered through infected websites. However, many criminals have also used emails with attachments which when downloaded infected the website with malware. The report also said that these emails were targeted at some certain job functions such as finance or HR.
In another breach that happened at Yahoo, attackers stole customer information which comprised from emails to account passwords. There were around 500 million customer accounts. Companies offering financial services are obvious targets however recently government firms, manufacturing industries, educational institutes and universities have also come on the target list of the criminals.
Cyber-crimes have become extremely high from spamming emails to extortion for money, they seem to be everywhere. From individuals to corporates, everyone needs to be on their guard. Even though there are hundreds of reports which are registered there are many who don’t approach the law because they are embarrassed to come up and take help. This attitude needs to be changed and help should be taken from the right people to avoid such attacks in futures.