Search

How SMEs and charities are managing to navigate growing cyber attacks when cashflow is tight


With a background in commercial growth and stakeholder engagement, Joanna Goddard is one of BRIM’s specialist team, advising law enforcement in the UK and overseas on establishing and growing Cyber Resilience Centres for business. With affordable services becoming more pertinent than ever to SMEs post-lockdown, we sat down with Joanna to talk in-depth about the role of these services to members across the CRC network.

Q: Why are the services so important?

A: There are three major areas where services from Cyber Resilience Centres make a big difference, these are provided by top talent from local universities and overseen by highly experienced Security and Policing personnel. This enables smaller business in particular to afford some baseline cyber resilience at a time when sadly due to COVID-19 and lockdown cybercrime targeting of smaller businesses is extremely high as criminals have figured out smaller businesses are less likely to engage cyber expertise so can be easy targets. There are three main facets to the Cyber Resilience Centres services;

1. SMEs

Smaller businesses are often limited in their budget and this will almost certainly be the case for some larger businesses post-lockdown as well. Cyber security can be expensive, naturally they’re therefore often nervous to go straight to a private provider for solutions if they are not clear on the return on investment or risk management this delivers; they want to know they’re spending their money in the best way. By using the affordable services from the Centres first, they can learn and buy with confidence in future. The Centres also have Trusted Partners where members can find IASME approved commercial providers too.

2. Supply chain

Cyber attackers can easily weaken the supply chain with strategic targeting of companies who might not normally consider themselves a target, for example, distilleries who have turned to manufacturing hand sanitiser during the pandemic. Big companies also want to help their smaller suppliers become more resilient to protect their own supply chain. This is why so many big companies are engaging at Board level of the Cyber Resilience Centres in the UK. By telling their suppliers about the Centres membership benefits and services, this helps protect the supply chain. When you think about our national critical infrastructure such as power or water networks you start to understand how important this is. Right now losing power or water anywhere would cause terrible disruption. All big companies reply of cyber resilient systems to operate and communicate. Once a smaller company is within their supply chain communications, including aspects like purchased orders and invoicing, creates increased risk if that company is not also cyber resilient.


Interestingly we are also seeing enquiries from highly profitable small and medium businesses, who simply want to learn with trust about improving cyber resilience. By working with Policing at the Centres, they develop a learning journey with trust and guidance, before creating a robust brief for investing in private sector support. The commercial companies themselves welcome this and many engage with the Centres to support this. Operating within an unregulated market the quality commercial companies are just as keen to help SME's learn what good looks like when engaging a cyber services provider.

Student services can provide you with findings from discreet and confidential testing to find out how easily hackable your organisation is, giving you concrete information to work with about how a cyber attack could affect your business.

3. The students themselves

Our services utilise and nurture top talent from local universities, using their knowledge to help clients and giving the students experience that they can use after graduation. Student services are a limited suite, but clients can be referred to appropriate commercial providers if other skills are required. SMEs especially find the services valuable, as it allows them to be informed and provide a clear brief when they are searching for or appointing a private sector supplier. The talent pipeline this creates supports rapid recruitment into some of the nationals most critical industries after graduation.

Q: What are the benefits for bigger businesses?

A: Working with the student services gives larger companies the opportunity to practice corporate responsibility by supporting the talent pipeline, plus, for those who have an in-house cyber team, it keeps their staff training and CPD up to date on the latest in cyber technology, threat and techniques.

In addition as outlined above, many engage to help protect their own supply chain and therefore reduce risk of service or operational disruption. Some of the most high profile media stories in recent months about ransomware attacks, were in fact trigged by a vulnerability in a smaller company within the supply chain.

Q: How do the students benefit?

Our students come from all backgrounds and experience levels, from first-time undergraduates to highly skilled professionals like ex-veterans who are reskilling for a new career. Whatever prior experience they have, the students are able to apply their knowledge to real-world cyber security problems, gaining soft skills working with commercial and highly pressured business clients and ultimately giving students an edge in a highly competitive job market.

Q: What’s a big misconception about cyber security and student services?

That it’s just for big businesses or those in particular fields like the financial sector. No matter how small your business, you are a target for cyber criminals, which means you can benefit from our student services. Cyber security is best considered a part of your business operation in the same way health and safety is. Even if your organisation isn’t particularly cash-rich, you could be at risk of contaminating the supply chain if you or your staff are hacked and this is especially the case with the rise in remote working. You can also be held to ransom which is currently one of the reported cybercrimes within the small business community.

Student services can provide you with findings from discreet and confidential testing to find out how easily hackable your organisation is, giving you concrete information to work with about how a cyber attack could affect your business. This not only allows you to take action to protect your organisation, it offers peace of mind to your staff and their families, which is something to take into consideration – cyber resilience is an amazing workplace benefit. When a business or charity looks after employee bank details, home addresses and health information, knowing your employer is cyber resilient is very appealing!

Some of the most high profile media stories in recent months about ransomware attacks, were in fact trigged by a vulnerability in a smaller company within the supply chain.

You can ask about services from your local Cyber resilience Centre, find your nearest one here. Services can be provide from a neighboring regional Centre if your area doesn't have one established yet.