Small businesses aren’t “too small” for cybercrime; they’re often the easiest target. NIST’s Daniel Eliot breaks down free, practical on-ramps to CSF 2.0, starting with MFA. In this episode, Omar Sangurima and Alyson Laderman are joined by Daniel Eliot (NIST), who leads small business engagement in NIST’s Applied Cybersecurity Division. Together, they unpack what small businesses actually need to do to reduce risk without getting overwhelmed.

You’ll learn:

• Why “we’re too small to be targeted” is a logical fallacy (wide-net attacks don’t discriminate)

• Why cybersecurity is becoming a competitive advantage (customers + supply chain expectations)

• The real value of inventory + crown jewels thinking (“what breaks the business if we lose access?”)

• How CSF 2.0 evolved into a framework for organizations of all sizes and sectors

• Daniel’s “magic wand” first step: enable multi-factor authentication (MFA)

• The NIST Small Business Cybersecurity Corner (70+ free resources) and how resources are selected

• How to give feedback to NIST: csf@nist.gov and public comment periods

• A newer resource: Building Out Your Small Business Cybersecurity Team (MSP/MSSP, upskilling, universities, nonprofits)

Resources mentioned (as stated in the episode):

• NIST Small Business Cybersecurity Corner: nist.gov/itl/smallbusinesscyber

• CSF feedback email: csf@nist.gov

• (Referenced) OLIR / Informative References database (Daniel calls it “O-L-I-R”)

0:00 — Welcome + show disclaimer 1:25 — Meet Daniel Eliot (NIST): small business engagement

3:20 — Why NIST built small business resources (2014 + 2018 Acts)

4:56 — Where to find the “Small Business Cybersecurity Corner”

6:39 — “We’re too small” is a myth: why small businesses are targets

8:39 — Cybersecurity as a competitive advantage (customers + supply chain)

10:58 — Inventory & “crown jewels”: what happens if you lose access?

12:16 — Vendor/supplier incidents: resilience beyond your own systems

16:06 — CSF 2.0: why it’s now for all sectors (not just critical infrastructure)

18:03 — Magic wand advice: enable MFA

20:13 — Small Business CSF 2.0 Quick Start Guide (how it was built)

24:42 — How to give NIST feedback (email + public comment)

27:30 — Will CSF 3.0 happen soon? what might drive versioning

35:50 — OLIR: mapping CSF to other standards (crosswalk support)

44:41 — New resource: “Building Out Your Small Business Cybersecurity Team”

49:00 — Closing: Keep It Cyber Mettle!

#CyberMettlePodcast #NIST #CybersecurityFramework #CSF2 #SmallBusinessCybersecurity #MFA #CyberResilience #VendorRisk #SupplyChainSecurity #GRC #Cybersecurity

NIST small business cybersecurity, NIST CSF 2.0, cybersecurity framework 2.0, small business cyber resilience, multi factor authentication small business, NIST quick start guide, supply chain cybersecurity, vendor risk management, cybersecurity for SMBs, NIST cybersecurity resources, small business ransomware preparedness, cybersecurity inventory crown jewels, NIST OLIR informative references