Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
U.S. companies large and small feeling the burn in the aftermath of a data breach are struggling to find resources to bolster their security systems, cybersecurity industry panelists said at a March 9 House Homeland Security Cybersecurity and Infrastructure Subcommittee hearing.
Cybercriminals usually don’t discriminate based on a company’s size, going after valuable personal data no matter the target. Companies of all sizes need to work with the government and private-sector partners to combat the growing cyberthreat in the U.S., even though many hesitate to share threat data, given the limited liability protection offered by the government.
Separate from the hearing, Rep. Steve Chabot (R-Ohio), the House Small Business Committee chairman, told Bloomberg BNA March 9 that small businesses feel post-data breach fallout more strongly than large companies “such as Ford Motor Corp., General Motors Co and General Electric Co.” Unlike large companies, nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack, he said. That highlights the need for cybersecurity help at all levels of industry, Chabot said.
Many companies turn to the Department of Homeland Security’s cyberthreat information-sharing program implemented as part of the Cybersecurity Information Sharing Act (CISA). The law provides some limited liability immunity to companies that share threat information with the government through the proper protocols, though some say the protections don’t go far enough.
Scott Montgomery, vice president and chief technical strategist of Intel Security Group at Intel Corp., told Bloomberg BNA March 9 that one of the problems with the current cybersecurity information-sharing model is the lack of return on investment in light of the preparation needed to participate in the program. The “free-rider problem” needs to be addressed so the resource investment spent and corresponding cybersecurity threat information gleaned are comparable, he said.
Industry representatives and federal lawmakers are hopeful that President Donald Trump’s upcoming executive order on cybersecurity will address U.S. concerns.
Montgomery said he’s happy that reported drafts of the executive order have provoked discussion of cybersecurity issues. Chabot is hopeful that Trump’s executive order will help small businesses and said he’s willing to work with him going forward. Neither Montgomery nor Chabot would estimate when Trump’s planned cybersecurity executive order would be released.
Representatives from Symantec Corp., Palo Alto Networks Inc., the HITRUST Alliance and New America’s Open Technology Institute also testified at the hearing.
No matter the size of the company hit with a cybersecurity incident, all need support from other private- sector companies, state-level cybersecurity programs and the federal government.
Chabot plans to discuss cybersecurity at a meeting with Small Businesses Administrator Linda McMahon in the coming weeks. “We need to make sure that resources at the federal level are reaching small businesses across the country,” he said.
However, there needs to be some hesitation before giving troves of cyberthreat data to small businesses—because they won’t know what to do with it. This is where the “big macro” tech and cybersecurity companies can step in to “help create an automated pathway to help propagate information to the lowest levels of technical wherewithal,” Montgomery said.
Further information on the hearing, including prepared testimony, is available at https://homeland.house.gov/hearing/current-state-dhs-private-sector-engagement-cybersecurity/.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)