The UK Government is Offering £5000 Cyber Secure Vouchers to SMEs

solent-cyber-security-cluster-2-bis-presentation-8-638.jpg?cb=1421748751Under the UK The UK Government’s new £1m cybersecurity innovation vouchers scheme, micro-, small- and medium-sized businesses will be offered up to £5000 worth of vouchers for advice on how to boost their cybersecurity and protect their valuable intellectual property from prying eyes.

Given the major headlines over the past year, whether it is Sony or JP Morgan, it would be easy to assume that cyber-criminals only prioritize big multinational organizations over the likes of smaller businesses. Whilst these larger corporations are undeniably under constant threat from attack, headlines tend to distract from the threats facing the growing businesses who characteristically have more vulnerable systems and highly prized intellectual property.
This is reflected in the level of confidence many small businesses have assumed when it comes to cybersecurity. According to a survey by Zurich Insurance Group, this constant threat is seen as less of a danger than a natural disaster or fire damage, with only 6.9% of small- to medium-sized businesses in Europe citing cybercrime as the biggest risk to their company. 

A 2014 survey by the Federation of Small Businesses proved that over half of SMBs in the UK have been victimized by cyber-attack. It is these businesses the government is looking to aid with the free provision of cybersecurity advice.
A lack of visibility constitutes a large part of what makes SMBs such prime targets. Attempting to hack large businesses quickly grabs the attention of law enforcement and government agencies and is often well documented by the media. Attacking smaller businesses, on the other hand, allows hackers to operate largely under the radar whilst still wreaking enormous damage.

But it’s not just the assets held by SMBs that are attracting malicious actors. These new vouchers must also address a growing supply-chain risk. For the ambitious hacker, successfully breaching the defenses of a high street shop isn’t necessarily an end goal; it could simply provide a route to much bigger rewards. By infiltrating the network of a smaller supply-chain partner, experienced cyber-criminals can gain back-door access to the larger company’s systems, bypassing the robust defenses they have elsewhere in the network. 
 
Despite hacks like the Target breach demonstrating the effectiveness of this strategy, small firms actually cut their security spending by 20% in 2014, compared to a 5% increase in security investments by larger companies. It’s clear then that the news stories alone aren’t enough to adjust the course many small businesses are firmly set on when it comes to cybersecurity.

Offering financial incentives to promote security amongst small businesses is certainly the right strategy for the government to have adopted. The smaller budget of SMBs greatly limits their security spending when compared to larger enterprises, resulting in more vulnerabilities. In addition to this, internal security expertise is quite expensive, meaning these susceptible companies often aren’t able to seek the guidance needed to safeguard themselves from enterprise-scale attacks.
In this way, the £5000 grant for consultation will offer SMBs the opportunity to hire an external security consultant, which goes some way towards addressing ongoing problems in their security system. However, the grant will not cover the cost of implementing all the security controls and changes that consultant recommends.

Looking more towards the future of this scheme and others with similar goals of improving the resilience of corporate networks, it will be important for public bodies to realize funding also needs to deliver on a more direct level. Offering advice on the Cyber Kill Chain is all well and good but it still cannot offer the defense-in-depth that will ultimately give them the chance to defend their network right until the very last stage of an attack.

Pairing a campaign to improve understanding and cyber-strategy among small business leaders with a financial incentive scheme for adopting the right controls and solutions will give both small businesses and, through their supply-chain, big businesses, a better chance at avoiding the headlines.
InfoSecurity:  http://bit.ly/1Ke01Ew

« Interpol is Training Police to Fight DarkNet Crime
Will Robots Eliminate Many Humans From the Workplace? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

CASES.lu

CASES.lu

CASES.lu is a government-driven initiative offering awareness-raising, a web resource and other tools to assist SMEs concerning information security.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.

Spera Security

Spera Security

Spera helps identity security professionals effectively and confidently measure, prioritize and reduce identity risk to better protect the organization from identity-based attacks.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.