CyberUK 23: NCSC launches Cyber Advisor service for SMEs

Small and medium-sized enterprises (SMEs) that all too often lack the time, money or staff to implement appropriate cyber security policies and protections can now benefit from a new industry assurance scheme launched this week by the UK’s National Cyber Security Centre (NCSC) at its annual CyberUK conference.

The Cyber Advisor scheme is described by the NCSC as “targeted consultancy” for SMEs, which will see them receive cost-effective advice and – if needed – hands-on technical help, to implement the five technical control themes that open up its Cyber Essentials certification.

These themes are firewalls, secure configuration, user access control, malware protection and security update (patch) management.

In a keynote address at CyberUK, NCSC CEO Lindy Cameron said the benefits of becoming Cyber Essentials-certified were clear.

“We’re encouraging all businesses to consider Cyber Essentials certification as part of an annual cyber MOT,” she said. “We know organisations that implement Cyber Essentials controls are 80% less likely to make a claim on cyber insurance than organisations that don’t.”

The NCSC said that by focusing in on these five technical control themes, businesses can mitigate the majority of high-volume, low-skill attacks that originate over the internet.

Although the Cyber Essentials scheme is not focused on the kind of high-profile cyber attack or state-backed activity that gains widespread attention per se, addressing noisy, volumetric attacks against small businesses is actually one of the best ways to help make the UK more secure as a whole, said the NCSC.

Every advisor participating in the scheme will have been independently assessed and have received a Certificate of Competence in Cyber Essentials Implementation. The assessment will test the advisors’ knowledge and understanding of the five technical control themes, their competence in practical IT configuration and support, and their ability to understand and work well with small organisations.

All accredited advisors will work with companies that have met stringent compliance requirements and been accepted as an Assured Service Provider.

At launch, said the NCSC, there are approximately 20 organisations certified and ready to assist. However, it added, there is potential and capacity for “hundreds more” to come on board, so it is also calling for interested parties to step up and express their interest, particularly if located in remote or underserved parts of the UK.

In service of its wider goals around diversity and inclusion in the cyber security industry, the NCSC said it’s also keen to hear from advisors hailing from under-represented backgrounds.