Helping SMEs in their cyber security journey

UK SMEs are becoming the primary targets for cyber attacks according to a new report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).

Smaller businesses are being hit with seven million cyber attacks a year, which is costing the UK economy an astonishing £5.3 billion annually.
Furthermore, they are more at risk of successful cyber attacks than larger companies as they often lack the budget and expertise to implement effective cybersecurity strategies.

However, there are many opportunities that can dramatically reduce the potential impact of an attack by adopting the guidance and advice offered within existing initiatives.

Reporting Incidents
A cyber attack can have a significant impact to a company’s reputation, finances and systems; however, Action Fraud, the UK national fraud & cyber crime reporting centre, only received 1,073 cyber dependent crime reports from businesses year ending October 2016.
Reporting is vital to the combatting the threat. It allows law enforcement to investigate crime and improves understanding that can inform future response. A more complete understanding of the scale of cyber crime can also help law enforcement respond, resource and fund prevention and protection efforts more effectively.

Managing cyber security
Cyber security is most effective when integrated well with risk management that encompasses people, process, technology, policy and intelligence.
Doing regular risk assessments and identifying vulnerabilities can definitely help SMEs to achieve cyber security fundamentals, however, many SMEs don't have financial resources, time and dedicated skills to dedicate to these activities.
CyberWISER Light can help overcome this gap by improving SMEs cyber risk management and detect vulnerabilities in their IT system without having to invest lots of time and resources. The assessment evaluates the risks and overall strength of an organisation’s IT security. Most cyber criminals use existing critical flaws in infrastructure when they attack, so it is crucial to know where the vulnerabilities are.

Developing cyber skills and awareness
External cyber attacks are often viewed as the most pressing threats that SMEs need to protect themselves against, but an increasing number of fraudulent cyber activities are originating from within an organisation itself.
Without any kind of drive to ensure employees possess a basic level of cyber security knowledge, any measure or policy implemented will be undermined.

Download the full report "The cyber threat to uk business"

Source: wwww.ncsc.gov.uk