NIST CyberSecurity Framework for 2014 -- Implications for community banks and small businesses

No ratings

Presented at TriangleInfoSecCon 2014 by

Mike Parsons

CyberSecurity is a huge buzzword in 2014. We saw major breaches with Target, Michael's, Nieman Marcus and others. More and more of these breaches occur through attacks launched from small business partners or vendors. Community Banks are being successfully sued by their small business customers over losses suffered through account takeovers or wire fraud. The incidence of attempted attacks and subsequent successes in compromising customer data continues to trend upwards for both of these groups. Especially troubling is the recognition that small businesses play a critical role in bringing innovation to the marketplace and creating jobs in our still struggling economy. This is coupled with the propensity for these businesses to be served by the community banks due to better service and better availability of credit. Both of these groups, though, have been targeted by malcious organizations. Earlier this year in February, the National Institute of Standards (NIST) published version 1 of its CyberSecurity Framework. This was followed in May by a conference call by the FDIC and FS-ISAC leadership with 5000 executives in community banking. Why is it so important that these two critical segments of our economy respond positively to these initiatives? What more can be done to encourage participation by community banks and small businesses in closing a major vulnerability in our economic infrastructure.