Small Businesses Need Big Help in Cyberthreat Information Sharing

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Small businesses are struggling to leverage limited resources to effectively contribute to U.S. public-private cyberthreat information programs, government officials said at an information sharing panel Oct. 31.

Cyberattacks don’t only affect the largest companies and government agencies, but are increasingly hitting small businesses, which often store employee, health, payment card, and other sensitive data. The Small Business Administration estimates that there are over 28 million small businesses—companies that employ less than 500 people—in the U.S. and that they employ over 50 percent of the U.S. workforce.

These smaller companies can offer valuable insight into everyday cybersecurity threat indicators that could slip through the cracks, but many aren’t sharing that information with the government, officials said at the International Information Sharing Conference.

Private sector companies, no matter the size, “are the eyes and ears” for U.S. cyberthreats, Marcus Joachim, supervisory special agent in the FBI’s office of private sector, said.

Getting Involved

Small businesses often don’t have the necessary resources and technical know-how to adequately protect against cyberattacks, Reggie McKinney, program director of the Department of Homeland Security’s C3 voluntary cybersecurity threat program, said.

Even with limited resources and cybersecurity knowledge, small businesses can enter the cyberthreat information sharing world by working with industry groups and government officials.

These industry sector groups, often called information sharing and analysis centers (ISACs) or organizations (ISAOs), generally have low-barriers for a company to join and offer the assistance of seasoned cybersecurity professionals without having to hire a full security team, McKinney said.

The government has also increased its cybersecurity direct outreach efforts.

The Small Business Administration has been reaching out to local chambers of commerce, technology vendors, and banks that serve small businesses to raise cybersecurity threat sharing awareness, Jack Bienko, SBA deputy director for entrepreneurship education, said at the panel.

The government wants companies of all sizes to share actionable cyberthreat data.

The U.S. government public-private threat information sharing system is important to help expose “malicious cyber activities,” Jeanette Manfra, DHS assistant secretary for cybersecurity, said in an Oct. 31 statement.

The House Oct. 11 passed a bill that would provide cybersecurity guidance to the nation’s millions of small businesses, which are frequent targets of cyberattacks. The measure would require the Department of Commerce’s National Institute of Standards and Technology to create small business cybersecurity voluntary guidelines. The Senate passed a similar bill Sept. 28.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security