House Small Business Subcommittee on Health and Technology Chairman Chris Collins (R-NY) today led a hearing to examine the increased volume and complexity of cyber-attacks on small business, especially as new technologies present new challenges, and the role of the federal government in helping address cyber-security issues.
"It is nearly impossible to conduct business today without the Internet and a strong digital infrastructure," said Chairman Collins (R-NY). "Cyber-criminal attacks on small business intellectual property and personal financial information present a serious threat that could potentially impair a business, and the threat is growing as many small firms explore new technologies such as the cloud and mobile computing. The recent string of cyber-attacks on high-profile companies is a stark reminder of the current threat. Although attacks on small businesses don't make the headlines, a recent report shows nearly 20 percent of cyber-attacks are on small firms with less than 250 employees. Unlike a large company, small businesses may not be able to survive a cyber attack. Washington has begun to realize the importance and immediacy of this threat, but more must be done to help protect this vital segment of our economy from these increasingly complex attacks."
With recent reports of cyber-attacks on corporations, discussions regarding Internet protection strategies have intensified in Washington. As new technologies are deployed, additional opportunities exist for cyber-criminals to attack small businesses and steal their valuable information. Statistics show that nearly 60 percent of small businesses will close within six months after a cyber-attack.
Notable Witness Quotes:
Justin Freeman, Corporate Counsel or Rackspace in San Antonio, TX said, "Cyber-security legislation should reflect new realities of how IT works in the cloud. Any new law should be tailored to fit the way that individuals and companies today use shared computing resources, which are available on demand, across the globe. Regulations should avoid reliance on particular or specific technological solutions. These can only stifle innovation by mandating a reliance on a particular technology."
Dr. Phyllis A Schneck, Chief Technology Officer Public Sector of McAfee, Inc. in Reston, VA said, "In addition to providing security for mobility and the cloud, the security and IT industries need to keep their focus on innovation in order to help small business and other organizations.
"It should come as no surprise that cyber criminals follow the latest technology trends because that's where the targets are the most promising. The growth in mobile communications is staggering, and the U.S. leads the world in mobility. Globally, mobile data traffic grew 70% in 2012, and by the end of this year the number of mobile-connected devices is expected to exceed the world's population, according to the Cisco Visual Networking Index. Small businesses, as others, are relying more on mobile devices not only for communication but also for business processes, and there's every reason to believe this trend will continue."
William H. Weber, Senior Vice President and General Counsel of Cbeyond in Atlanta, GA said, "An October, 2012 study of [small and medium-size business] security practices by the National Cyber Security Alliance and Symantec interviewed more than one thousand businesses with less than 250 employees and found that: 90% do not have an internal IT manager focused on technology-related issues; 87% do not have a formal written Internet security policy; 68% do not provide any cyber-security training to their employees; and 83% do not have an automated systems that requires employees to periodically change their passwords. Given these statistics, we view helping our customers with their cyber-security needs to be a key part of our role as their technology ally, and we do this in two ways: through our products and through education."
Dan Shapero, Founder of ClikCloud in Laguna Beach, CA said, " the IT security infrastructure for [small and medium- size businesses are] as vulnerable to cyber attacks and threats as large companies and firms. Unfortunately, SMB's are less resilient than larger companies because they have fewer IT resources in terms of personnel, hardware and software to combat the onslaught of daily cyber threats and attacks that many SMB's encounter on a daily basis. Some SMB's are comprised of 5 to 20 employees, so resources come at a premium. As a small business owner I have to rely on my own expertise to implement adequate measures to ensure that the IT infrastructure that supports my business is secure."