Small and medium-sized business (SMB) cybersecurity must be paramount for both the small businesses themselves and the Federal Bureau of Investigation (FBI), the latter's Deputy Assistant Director at its Cyber Division, Howard S. Marshall, said in a speech in front of the U.S. House of Representatives this week.
The FBI posted Marshall's remarks, delivered in front of the House Small Business Committee, on its official website. The comments outline some of the largest cyber threats against SMBs and highlight the FBI's role in protecting the nation's SMB community.
The Business Email Compromise, which the FBI has highlighted on multiple occasions, is among the top cyber threats to SMBs, Marshall said. It has led to hundreds of millions of dollars stolen from businesses and individuals across the country. Ransomware, too, is a growing threat and is likely to remain one moving forward both in the U.S. and worldwide. Hospitals, law firms and any company that relies on instant access to data are top targets.
Further, criminal data breach activity and the Internet of Things (IoT) are also leading to open vulnerabilities in the SMB community. Marshall pointed to an IoT botnet that created “one of the largest distributed denial-of-service attacks every recorded” in 2016.
“In light of these and other cyber threats to U.S. businesses, the FBI has made private sector engagement a key component of our strategy for combating cyber threats,” he stated. “Recognizing the ever-changing landscape of cyber threats, the FBI is enhancing the way it communicates with private industry.”
Marshall explained that typically, the FBI relies on data aggregated through official investigations, and shared within the intelligence and law enforcement communities to assess security threats in the nation.
“However, we are now also looking to integrate private industry information into our intelligence cycle to enhance our ability to identify and respond to both emerging and ongoing threats,” he said. “Private industry has unique insight into their own networks and may have information as to why their company, or their sector, may be an attractive target for malicious cyber activity.”