Small businesses are more vulnerable to overseas cyberattacks because they lack the resources to protect themselves, warned a panel of lawmakers evaluating the Trump administration’s policy toward Chinese telecommunications company ZTE.
ZTE and rival Huawei have come under increased scrutiny this year from U.S. intelligence officials who cautioned products from the companies could pose significant national security risks. The Pentagon barred ZTE and Huawei from selling phones on military bases in mid-May, and shifting regulations on ZTE’s sales in commercial markets sparked a dispute between the White House and Congress.
“Foreign-backed firms from countries like China and Russia regularly target small businesses to steal intellectual property and undermine America’s critical infrastructure,” Chairman Steve Chabot, an Ohio Republican, said during a House Small Business Committee hearing. Such businesses can also pose a threat “to our critical infrastructure,” Matthew Olsen, the president of IronNet Cybersecurity, testified.
In mid-April, the U.S. Department of Commerce banned ZTE from U.S. markets for seven years, prompting the company to shut down most of its operations. President Trump, in the midst of contentious trade negotiations with Beijing, then tweeted he would help the struggling firm by lifting the sanctions, prompting swift denouncements from both Senate and House members.
When Trump’s Commerce Department subsequently offered ZTE a deal to remove the sanctions, which included a $1 billion penalty and allowing the U.S. to place a compliance team within the firm, the Senate added a provision to the National Defense Authorization Act that would reinstate them.
That debate takes place against a backdrop of increasing cybersecurity attacks globally, including data thefts from credit bureau Equifax, the Internal Revenue Service, lender JPMorgan and even Sony Pictures.
Ransomware attacks, in which hackers take control of a business’s network to extort money, have increased at small companies in particular, Olsen said.
“Even our biggest and strongest companies are really no match for a determined nation state,” he said.
Tiny manufacturers are particularly vulnerable to cyberattacks because of the rise in digital production, which enables machines to communicate with one another and trade data, said David Linger, the president and CEO of TechSolve, Inc., a consultant that works with such companies.
Still, there are plenty of easy steps small firms can take to better protect themselves, such as implementing a stricter password system, added Linger, who advises companies to place the same importance on planning for cyberattacks that they do on budgeting.
“It’s something you just have to do,” he said. “So if an attack occurs, you know how to handle it.”
