Olivier Le Moal - stock.adobe.co
The UK’s National Cyber Security Centre (NCSC) has unveiled proposals to establish a new Cyber Advisor service for small and medium-sized enterprises (SMEs), and is asking for the security community’s input to help make it a success.
The proposed scheme will build a network of individuals assessed by the NCSC as having a “good understanding” of baseline security best practice, and the ability to provide practical help to those that need it.
Initially, these Cyber Advisors will centre their efforts on helping their customers work towards implementing the NCSC’s own Cyber Essentials technical controls – firewalls, secure settings, access controls, malware and software updates – by identifying and helping to implement appropriate improvements for the customer’s needs.
If the scheme comes to fruition, only organisations with a qualified Cyber Advisor on their staff will be able to become an NCSC Assured Service Provider, and only organisations accredited as such will be able to offer Cyber Advisor services.
The GCHQ-backed organisation said it would fund the first 100 Cyber Advisor assessments, and is inviting both individuals and organisations to register their interest. The experiences of the first 100 trainees moving through the process will inform the future development of the scheme.
The NCSC said it was introducing the programme because its existing consultancy assurance only covers specialisms for more complex cyber security issues and is primarily used by large organisations. The Cyber Advisor scheme will assure advice for any size business that is looking to assure itself against cyber attacks.
It noted that many smaller organisations often find it hard to choose the right help to meet its guidance and standards, and said the scheme would also aim to ensure the “understanding and application” of trusted security advice.
Read more about the NCSC’s work
- The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams.
- The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims.
The proposals have drawn a warm welcome from the security community. Joseph Carson, chief security scientist and advisory chief information security officer at privileged access management specialist Delinea (formerly Thycotic), has been advocating for this type of programme for some time, and will be touching on the subject in an upcoming podcast. He described the scheme as great news for the industry.
“Cyber mentors, also known as cyber ambassadors, have been growing within organisations around the world, and it is great to see the NCSC taking the same initiative to help more businesses meet the five Cyber Essentials security controls,” he said.
“If businesses implement Cyber Essentials, it will make it much more difficult for cyber criminals to attack. The cyber advisor scheme by the NCSC is a great step forward, and I hope this is the start of a broader plan to strengthen security awareness and business resiliency against the ever increasing cyber threats.”
Darren Williams, CEO and founder of Blackfog, a specialist in anti-data exfiltration and ransomware protection, added: “Our research tells us that cyber criminal gangs often take the path of least resistance, targeting those organisations who have left themselves vulnerable to bad actors by being under-protected and under-resourced when it comes to cyber defence; some smaller organisations even make the assumption they won’t be targeted as they ‘have no data of value’.
“The new Cyber Advisor Scheme proposed by the NCSC is a positive move in the right direction to help fight cyber crime,” he said.
“Our hope is that the experts will look beyond first and second-generation cyber security technologies like antivirus and EDR, and focus on newer technologies that prevent data exfiltration to wholly protect organisations from extortion and secure their most valuable asset, data.”