NEW NIST SMALL BUSINESS

CYBERSECURITY ACT to Provide Guidance for Protecting SMBs

2

What is the NIST Small Business Cybersecurity Act? Small-and medium-sized business (SMB) are often one of the segments most targeted by cybercriminals. Now, SMBs are backed by legislation signed by U.S. President Trump and unanimously supported by Congress.

On Aug. 14, President Trump signed into law the new NIST Small Business Cybersecurity Act. The new policy “requires the Commerce Department’s National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

The legislation was proposed by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). This new policy is a follow-on effort to the Cybersecurity Enhancement Act of 2014, which was the catalyst for the NIST Cybersecurity Framework (H.R. 1224).

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, in an official statement. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

"As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks."

Senator Brian Schatz Lead Democrat

Commerce Subcommittee on Communications, Technology, Innovation & the Internet

3

Inside the Policy’s SMB-Focused RequirementsPer the NIST Small Business Cybersecurity Act (S. 770), within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to SMBs that are:

• Technology-neutral

• Based on international standards to the extent possible

• Able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems

• Consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014

• Deployed in practical applications and proven via real-world use cases

The law follows the structure presented by U.S. Rep. Dan Webster (R-Florida) and passed by the House of Representatives. He originally presented the bill to the U.S. House Science, Space, and Technology Committee in March 2017.

SonicWall President and CEO Bill Conner was instrumental in helping form the groundwork for U.S. cybersecurity laws. In 2009, Conner worked with U.S. Senator Jay Rockefeller (D-West Virginia) and other security-conscious leaders on the Cybersecurity Act of 2010 (S.773). And while the proposal was not enacted by Congress in March 2010, it served as a critical framework to today’s modern policies.

“The passage of the NIST Small Business Cybersecurity Act is indicative of how important cybersecurity is for both Congress and the Trump administration,” said Conner. “Cybersecurity for businesses is not partisan or specific to particular counties or states. We’re moving forward together — at the right time and in the right way.”

4

SMBs Highly Targeted by CybercriminalsAccording to a recent SMB study by ESG, 46 percent of decision-makers said security incidents resulted in lost productivity in their small-or medium-sized business. Some 37 percent were affected by disruption of a business process or processes.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through August 2018:

• 7.8 billion malware attacks (70 percent increase from 2017)

• 2.6 trillion intrusion attempts (54 percent increase)

• 238.9 million ransomware attacks (108 percent increase)

• 1.8 million encrypted threats (73 percent increase)

To better empower SMBs, SonicWall makes its cyber threat intelligence available for free in the SonicWall Capture Security Center. It delivers a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This helps illustrate the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about, so they can design and test their security posture to ensure their networks, data, applications and customers are properly protected.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners.”

5

How to Leverage NIST Policies & FrameworksWhile SMBs await guidance from the new NIST Small Business Cybersecurity Act, they can leverage best practices from the NIST Cybersecurity Framework, which helps organizations of all sizes implement proven security controls for their networks, data and applications.

At a high level, the framework is broken down into three components — Implementation Tiers, Framework Core and Profiles — that each include additional subcategories and objectives. Use these key NIST resources to familiarize your organization to the framework:

• New to the Framework

• Framework Components

• 14-Step Roadmap

• Online Learning Modules

• Full Document: “Framework for Improving Critical Infrastructure Cybersecurity”

• FAQs

For assistance implementing a sound end-to-end cybersecurity strategy, contact your dedicated SonicWall SecureFirst partner.

6

Applying Cybersecurity Designed for SMBsThe NIST framework provides a solid foundation to improve an SMB’s security posture. But the technology behind it is critically important to achieving a safe outcome.

SonicWall, for instance, is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

With more than 27 years of defending SMBs from cyberattacks, SonicWall has polished and refined cost-effective, end-to-end cybersecurity solutions. These solutions are tailored specifically for SMBs and can be further customized to meet the needs of specific security or business objectives. A sound, end-to-end SMB cybersecurity should include:

• Next-generation firewalls (NGFW) with SSL inspection

• Multi-engine cloud sandbox with deep memory inspection

• Endpoint protection (next-generation antivirus)

• Email security

• Secure mobile access

• Wireless network security (Wi-Fi access points)

• Cloud-based management, analytics and reporting

For example, the SonicWall TZ series of NGFWs is the perfect balance of performance, value and security efficacy for SMBs, and delivers access to the SonicWall Capture ATP sandbox services and Real-Time Deep Memory Inspection.TM

RECOMMENDED

NEXT GENERATION FIREWALLNSa 2650 SonicOS Enhanced 6.5.0.10-73n

JUL2018

SONICWALL

7

This integrated combo protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

For organizations that want to take it a step further, the SonicWall NSa series of firewall appliances were given a ‘Recommended’ rating by NSS Labs in a 2018 group test. SonicWall topped offerings from Barracuda Networks, Check Point, Cisco, Forcepoint, Palo Alto Networks, Sophos and WatchGuard in both security efficacy and total cost of ownership.

Contact your SonicWall SecureFirst partner to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, online threats and even the latest Foreshadow exploits.

SonicWall solutions are available to SMBs through its vast channel of local security solution providers, many of which are SMBs themselves. In fact, many SonicWall SecureFirst Partners even provide security-as-a-service (SECaaS) offerings to ensure it’s easy and cost-effective for SMBs to protect their business from advanced cyberattacks.

Upgrade Your Firewall for Free

Are you a SonicWall customer who needs to stop the latest attacks? Take advantage of the SonicWall ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

BEGIN UPGRADE

© 2018 SonicWall Inc. ALL RIGHTS RESERVED.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.

The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THE PRODUCT, SONICWALL AND ITS AFFILIATES AND THIRD PARTY SUPPLIERS ASSUME NO LIABILITY WHATSOEVER AND DISCLAIM ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO THE PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. IN NO EVENT WILL SONICWALL, ITS AFFILIATES OR THIRD PARTY SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES NOR DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. No representations or warranties with respect to the accuracy or completeness of the contents of this document are made and information in this document may change without notice. No commitment is made to update or to continue the availability of the information contained in this document.

About SonicWall

SonicWall has been fighting the cybercriminal industry for over 27 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs and the formidable resources of over 26,000 loyal channel partners around the globe, our award-winning, real-time breach detection and prevention solutions secure more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 215 countries and territories. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

If you have any questions regarding your potential use of this material, contact:

SonicWall Inc. 1033 McCarthy BoulevardMilpitas, CA 95035

Refer to our website for additional information. www.sonicwall.com

© 2018 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.

8

Ebook-ShortTitle-US-Resource-00000