Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/5/2021
05:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority

WASHINGTON, DC, May 5, 2021 – The Cyber Readiness Institute (CRI) is urging the Biden Administration to take specific actions to protect small and medium-sized businesses (SMBs), which are vital components of global supply chains, from cyber-attacks. In a white paper released today, “The Urgent Need to Strengthen the Cyber Readiness of Small and Medium-Sized Businesses”, the non-profit Institute notes that SMBs need easier access to cybersecurity resources and require prescriptive, easy-to-adopt programs that impact their everyday operations and focus on human behavior. 

The recent attacks on the U.S. digital infrastructure through the compromise of SMBs underscore the urgent need to address critical gaps in national cyber defenses. SMBs are essential components of global supply chains, operated by the U.S. government and large corporations, and create potential risks for these organizations if they are not cyber secure.

“We are at an inflection point and the need for action to support SMBs is urgent,” said Kiersten Todt, Managing Director of the Cyber Readiness Institute. “SMBs are critical components of our digital economy and there are fundamental actions we can take to help them become more secure and resilient to make our nation stronger and cyber ready.

In a survey of U.S. SMBs for the white paper, CRI found that only 18% are confident (strongly agree) that their organization is prepared for a cyber incident and would know how to respond.  Additionally, over 70% of U.S. SMBs welcome government efforts to do more to help make organizations in the supply chain cyber ready.

CRI has outlined five policy and program recommendations for the federal government to implement quickly:

·         Create an SMB Cybersecurity Center. Today, no single government agency curates cybersecurity resources, from multiple, vetted sources, for SMBs. Given the ongoing work to support SMBs by the Cybersecurity and Infrastructure Security Agency (CISA) and the recent allocation of additional resources to the agency, CISA is the recommended agency to perform this function.

·         Establish Cybersecurity Incentives. Tax credits to SMBs that invest in cybersecurity can incentivize cybersecurity efforts.

·         Set Cybersecurity Standards. The market needs minimum standards for cybersecurity that all organizations must follow, including SMBs. These standards should be founded in a risk management approach that allows each business to address their cybersecurity vulnerabilities based on their mission, assets, and resources.

·         Launch National Cyber Squads. Expand the existing CyberCorps with government-funded Cyber Squads of student interns to help minority-owned SMBs and to fill a desperately needed talent pipeline. By doing so, we will also be educating the next generation of cyber leaders. 

·         Roll Out a National Cyber Readiness Education Campaign.  Awareness is critical for SMBs and the entire population.  We need an aggressive, accessible, and easy-to-understand nationwide awareness campaign that focuses on a single, impactful cyber issue, such as passwords.

About the Cyber Readiness Institute

The Cyber Readiness Institute is a non-profit initiative that convenes business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized businesses (SMBs). CRI was co-founded by the CEOs of The Center for Global Enterprise, Mastercard, Microsoft, and PSP Partners, as a follow-up action from the work of the 2016 Commission on Enhancing National Cybersecurity. Our members also include ExxonMobil, General Motors, and Principal. Our mission is to advance the cyber readiness of SMBs to improve the security of global supply chains. CRI’s resources focus on human behavior and emphasize employee education and awareness. To find out more, visit www.BeCyberReady.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.