This is what I’ve been saying for ages – the government can and should do more to educate and share information with small businesses.
From a new GAO report:
The Department of Defense (DOD) Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts; however, as of July 2015, the office had not identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses. While DOD OSBP is not required to educate small businesses on cybersecurity, DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses—and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
[…]
While DOD OSBP officials recognized the importance of identifying and disseminating cybersecurity resources through outreach and education efforts to small businesses, they identified factors that had limited their progress in doing so. Specifically, they were not aware of existing cybersecurity resources, they had leadership turnover in the office, and the office was focused on developing a training curriculum for professionals who work with small businesses. While GAO recognizes that these factors could affect progress, federal government internal controls state that management should ensure there are adequate means of communicating with, and obtaining information from, external stakeholders who may have a significant impact on the agency’s achieving its goals. DOD OSBP officials agreed that identifying and disseminating information about existing cybersecurity resources to defense small businesses could help small businesses be more aware of cybersecurity practices and cyber threats. In addition, by identifying and disseminating this information, DOD OSBP could help small businesses to protect their networks, thereby supporting the 2015 DOD Cyber Strategy goals of working with the private sector to help secure defense industrial base trade data and build layered cyber defenses.
Related:
DEFENSE CYBERSECURITY: Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses (pdf)
GAO-15-777: Published: Sep 24, 2015. Publicly Released: Sep 24, 2015.