Cybersecurity issues have grown in size and scope, becoming more sophisticated, harder to detect and more of a challenge for small businesses, Elizabeth Hyman, executive vice president of public advocacy for CompTIA, testified on Wednesday in front of the U.S. Senate Committee on Small Business and Entrepreneurship.
While improved cybersecurity is needed across the board, small companies are the ones with the steepest challenge. CompTIA research shows that only 62 percent of small businesses have internal resources focused on security, compared to 91 percent of mid-sized businesses and 95 percent of large firms.
“By working together and continuing to embrace the private-public partnership that has long benefited the cybersecurity ecosystem, we can do a great deal to help better prepare small businesses, and business of all sizes, for the cybersecurity threats they are facing,” Hyman told the Committee.
Hyman outlined three key elements of modern security that will help small businesses address critical cybersecurity challenges:
- Technology Tools – Small and medium businesses need advice and guidance on what a modern security toolset should include.This can range from Data Loss Prevention software to more proactive tools and methods, such as penetration testing which assesses the strength of the overall defenses.
- Business Processes – Security policies and must be built to establish proper enforcement. This will include internal operations as well as relationships with outside suppliers or partners.A great place to start is to develop metrics to track the effectiveness of security programs and processes, such as tracking results from phishing simulations.
- Effective Employee Education -- Many small businesses have a small team or solo IT professional who needs to have a solid foundation in security skills, sufficient specialized expertise in a few key areas, and then the ability to work with an outside partner, such as a managed security services provider, when deep expertise is called for.
“Completion of industry recognized certifications that cover the basics of IT systems can position that IT professional to handle internal cybersecurity matters and effectively oversee third party managed security firms,” Hyman said. “CompTIA works with small business members and countless small business customers on a daily basis and we are committed to working with this committee to ensure that all business owners are educated on and protected from the threats they are facing.”
The Computing Technology Industry Association (CompTIA) is the leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, market research and membership programs, CompTIA is the hub for advancing the tech industry and its workforce.