Recovering from Cyber Risks in SMBs Using the NIST Framework