"CISA Addresses 'Cyber Poor' Small Biz, Local Government"

Jen Easterly, director of the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), told attendees at the sixth annual Hack the Capitol event in McLean, Virginia, on May 10 that CISA aims to help "cyber poor" places such as US small businesses, election offices, local government agencies, hospitals, and K–12 schools strengthen their defenses and responses to cyberattacks. Although the agency continues to work with the government, large companies, and technology vendors to improve security, CISA wants to determine how much it can help smaller organizations defend against cyber threats. Easterly noted that the objective is to understand their requirements, what they need to invest in security, and where CISA can help them protect their capabilities. The emphasis on smaller organizations recognizes that small and midsize businesses (SMBs), local government agencies, and schools have often been overlooked and excluded from efforts to create more resilient organizations. The government's efforts to create public-private partnerships have typically centered on large companies and critical industries, but attackers, particularly ransomware gangs, have targeted smaller organizations with limited cybersecurity resources. According to US Census data, 99. percent of all companies in the US have 250 employees or less. CISA has introduced Cybersecurity Performance Goals (CPGs), which aim to be low-cost and low-effort goals organizations can pursue to enhance their cybersecurity posture. This article continues to discuss CISA's efforts to help cyber poor organizations.

Dark Reading reports "CISA Addresses 'Cyber Poor' Small Biz, Local Government"