Rawpixel.com - stock.adobe.com

CyberUK 23: NCSC launches Cyber Advisor service for SMEs

The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out

Small and medium-sized enterprises (SMEs) that all too often lack the time, money or staff to implement appropriate cyber security policies and protections can now benefit from a new industry assurance scheme launched this week by the UK’s National Cyber Security Centre (NCSC) at its annual CyberUK conference.

The Cyber Advisor scheme is described by the NCSC as “targeted consultancy” for SMEs, which will see them receive cost-effective advice and – if needed – hands-on technical help, to implement the five technical control themes that open up its Cyber Essentials certification.

These themes are firewalls, secure configuration, user access control, malware protection and security update (patch) management.

In a keynote address at CyberUK, NCSC CEO Lindy Cameron said the benefits of becoming Cyber Essentials-certified were clear.

“We’re encouraging all businesses to consider Cyber Essentials certification as part of an annual cyber MOT,” she said. “We know organisations that implement Cyber Essentials controls are 80% less likely to make a claim on cyber insurance than organisations that don’t.”

The NCSC said that by focusing in on these five technical control themes, businesses can mitigate the majority of high-volume, low-skill attacks that originate over the internet.

Although the Cyber Essentials scheme is not focused on the kind of high-profile cyber attack or state-backed activity that gains widespread attention per se, addressing noisy, volumetric attacks against small businesses is actually one of the best ways to help make the UK more secure as a whole, said the NCSC.

Read more from CyberUK

  • Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned.
  • The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda.
  • National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023.

Every advisor participating in the scheme will have been independently assessed and have received a Certificate of Competence in Cyber Essentials Implementation. The assessment will test the advisors’ knowledge and understanding of the five technical control themes, their competence in practical IT configuration and support, and their ability to understand and work well with small organisations.

All accredited advisors will work with companies that have met stringent compliance requirements and been accepted as an Assured Service Provider.

At launch, said the NCSC, there are approximately 20 organisations certified and ready to assist. However, it added, there is potential and capacity for “hundreds more” to come on board, so it is also calling for interested parties to step up and express their interest, particularly if located in remote or underserved parts of the UK.

In service of its wider goals around diversity and inclusion in the cyber security industry, the NCSC said it’s also keen to hear from advisors hailing from under-represented backgrounds.

SME focus

Security for SMEs has become a particular focus for the NCSC in the past couple of years, and the organisation frequently offers advice and guidance pitched specifically at the sector.

Small businesses have seen a proliferation of attacks lately, with overarching trends such as rising energy costs and soaring inflation rendering many organisations particularly vulnerable.

To this end, the NCSC’s in-house cyber security startups programme last year called for more involvement from companies specialising in SME security, and has been scouting for new ideas and technologies to address areas that small businesses might find beneficial, such as implementing cyber hygiene best practice, incident response, and training and behaviour change.

Read more on Regulatory compliance and standard requirements

Data Center
Data Management