The UK’s National Cyber Security Centre (NCSC) has revealed that the first iteration of a new SME advisory scheme will focus on driving take-up of the best practice Cyber Essentials program.
The GCHQ agency said there are more than 20 accredited providers ready to offer a Cyber Advisor service to smaller businesses that need help enhancing baseline security posture.
The first group of advisors will focus on helping clients implement the five Cyber Essentials Technical Controls – best practices such as using a firewall, keeping software and devices up to date, choosing secure settings, and controlling access to data and services.
Read more on Cyber Advisor: NCSC Tests Cyber Advisor Program.
“We believe the Cyber Essentials Technical Controls mitigate the majority of high volume, low-skill attacks perpetrated through the internet,” explained the NCSC’s head of assured professional schemes, Catherine H.
“Therefore, one of the easiest ways to make the UK more secure is to help organizations to implement the Technical Controls at scale across the UK.”
However, in the future, the NCSC expects to launch separate Cyber Advisor iterations focusing on other best practices.
“Small organizations often lack in-house expertise or easy access to qualified people who can help them to secure their networks. Because they often have limited time and funds to invest in security, it can be hard for a small organization, whether it’s a business, a school or a charity, to know where to focus what resources they do have,” Catherine H continued.
“This is where Cyber Advisors can help.”
The NCSC is hoping many hundreds more companies will join the accreditation scheme to provide their own Cyber Advisor consulting services. Those serving geographically remote or under-represented areas will be particularly welcomed by the agency.
Also this week, the NCSC provided an update on a long-running project designed to provide IT buyers with greater information and assurance about products on the market.
Its Principles Based Assurance framework will help individuals and organizations make more accurate risk-based assessments based on independent testing of products at scale.