Today’s technological advancements have drastically enhanced connectivity between businesses and governments. The growth and prosperity of industries, small and medium businesses (SMB), and State and local governments now depend on access to interconnected information technologies. Unfortunately, these opportunities also come with new risks, vulnerabilities, and threats. Large enterprises and federal governments are now putting policies and funding in place to mitigate and fend off these threats and shore up their vulnerabilities, but SMBs and State, Local, Territorial and Tribal entities (SLTT) are not receiving the same level of support.
The issue of cyber attacks against SMBs is not new and has been studied. Verizon’s 2019 Data Breach Investigation Report identified that 43% of all breaches were targeted against SMBs, while the Poneman Institute also identified that 63% of SMBs worldwide experienced a data breach in the same year. On the SLTT front, BlueVoyant reported a 50% increase from 2017-2020 in state and local governments. We see these events in the news when we hear of schools being hacked, water and energy facilities being tampered with through ICS/ SCADA systems, and attacks on other local infrastructure.
While these stats continue to be recorded, many SMBs and SLTTs admit they lack resources to support their cybersecurity goals. The same challenges face both groups: lack of sufficient funding, increased sophistication of threats, and inadequate availability of cybersecurity professionals, to name a few.
The Federal government is looking to assist with this issue but requires input from SMBs and SLTTs on what immediate actions can be taken to assist in the near term while identifying long-term solutions, policies, and resources. Likewise, SLTTs and SMBs may have some best practices that the Federal Government can leverage and utilize in their policy shaping to provide a grass-roots solution that can be implemented throughout the various levels of government and the SMB community.