The UK Government is Offering £5000 Cyber Secure Vouchers to SMEs

solent-cyber-security-cluster-2-bis-presentation-8-638.jpg?cb=1421748751Under the UK The UK Government’s new £1m cybersecurity innovation vouchers scheme, micro-, small- and medium-sized businesses will be offered up to £5000 worth of vouchers for advice on how to boost their cybersecurity and protect their valuable intellectual property from prying eyes.

Given the major headlines over the past year, whether it is Sony or JP Morgan, it would be easy to assume that cyber-criminals only prioritize big multinational organizations over the likes of smaller businesses. Whilst these larger corporations are undeniably under constant threat from attack, headlines tend to distract from the threats facing the growing businesses who characteristically have more vulnerable systems and highly prized intellectual property.
This is reflected in the level of confidence many small businesses have assumed when it comes to cybersecurity. According to a survey by Zurich Insurance Group, this constant threat is seen as less of a danger than a natural disaster or fire damage, with only 6.9% of small- to medium-sized businesses in Europe citing cybercrime as the biggest risk to their company. 

A 2014 survey by the Federation of Small Businesses proved that over half of SMBs in the UK have been victimized by cyber-attack. It is these businesses the government is looking to aid with the free provision of cybersecurity advice.
A lack of visibility constitutes a large part of what makes SMBs such prime targets. Attempting to hack large businesses quickly grabs the attention of law enforcement and government agencies and is often well documented by the media. Attacking smaller businesses, on the other hand, allows hackers to operate largely under the radar whilst still wreaking enormous damage.

But it’s not just the assets held by SMBs that are attracting malicious actors. These new vouchers must also address a growing supply-chain risk. For the ambitious hacker, successfully breaching the defenses of a high street shop isn’t necessarily an end goal; it could simply provide a route to much bigger rewards. By infiltrating the network of a smaller supply-chain partner, experienced cyber-criminals can gain back-door access to the larger company’s systems, bypassing the robust defenses they have elsewhere in the network. 
 
Despite hacks like the Target breach demonstrating the effectiveness of this strategy, small firms actually cut their security spending by 20% in 2014, compared to a 5% increase in security investments by larger companies. It’s clear then that the news stories alone aren’t enough to adjust the course many small businesses are firmly set on when it comes to cybersecurity.

Offering financial incentives to promote security amongst small businesses is certainly the right strategy for the government to have adopted. The smaller budget of SMBs greatly limits their security spending when compared to larger enterprises, resulting in more vulnerabilities. In addition to this, internal security expertise is quite expensive, meaning these susceptible companies often aren’t able to seek the guidance needed to safeguard themselves from enterprise-scale attacks.
In this way, the £5000 grant for consultation will offer SMBs the opportunity to hire an external security consultant, which goes some way towards addressing ongoing problems in their security system. However, the grant will not cover the cost of implementing all the security controls and changes that consultant recommends.

Looking more towards the future of this scheme and others with similar goals of improving the resilience of corporate networks, it will be important for public bodies to realize funding also needs to deliver on a more direct level. Offering advice on the Cyber Kill Chain is all well and good but it still cannot offer the defense-in-depth that will ultimately give them the chance to defend their network right until the very last stage of an attack.

Pairing a campaign to improve understanding and cyber-strategy among small business leaders with a financial incentive scheme for adopting the right controls and solutions will give both small businesses and, through their supply-chain, big businesses, a better chance at avoiding the headlines.
InfoSecurity:  http://bit.ly/1Ke01Ew

« Interpol is Training Police to Fight DarkNet Crime
Will Robots Eliminate Many Humans From the Workplace? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.