Skip to content
The UK’s National Cyber Security Centre (NCSC) has revealed proposals to establish a new Cyber Advisor service for small & medium-sized enterprises (SMEs) & is now asking for the security community’s input to help to make it successful.
The proposed scheme will build a network of people assessed by the NCSC as having a “good understanding” of baseline security best practice, & the ability to provide practical help to those that require it.
Cyber Essentials
At 1st, these Cyber Advisors will help their customers work towards implementing the NCSC’s own Cyber Essentials technical controls – firewalls, secure settings, access controls, malware & software updates – by identifying & helping to implement appropriate improvements for the customer’s needs.
If the scheme comes about, only organisations with a qualified Cyber Advisor on their staff will be able to become an NCSC Assured Service Provider, & only organisations accredited will be able to offer Cyber Advisor services.
100 Assessments
The GCHQ-linked organisation explained that it would fund the 1st 100 Cyber Advisor assessments & is inviting both individuals & organisations to register their interest. The experiences of the 1st 100 trainees going through the process will influence the future development of this scheme.
The NCSC explained that it was introducing the programme because its existing consultancy assurance only covers specialisms for more complex cyber security issues & is mainly used by large organisations. The Cyber Advisor scheme will assure advice for any size business that is looking to protect itself against cyber-attacks.
Guidance & Standards
Many smaller organisations often find it difficult to choose the right help to meet its guidance & standards, & it was stated that the scheme would also aim to ensure the “understanding & application” of trusted security advice.
The proposals have drawn a warm welcome from the security community. Joseph Carson, Chief Security Scientist & Advisory Chief Information Security Officer at privileged access management specialist Delinea (ex Thycotic), has been advocating for this type of programme for a while, & will be examining the subject in an upcoming podcast.
He described the scheme as ‘great news’ for the industry.
Cyber Mentors
“Cyber mentors, also known as cyber ambassadors, have been growing within organisations around the world, & it is great to see the NCSC taking the same initiative to help more businesses meet the 5 Cyber Essentials security controls,” he outlined.
“If businesses implement Cyber Essentials, it will make it much more difficult for cyber-criminals to attack. The cyber advisor scheme by the NCSC is a great step forward, & I hope this is the start of a broader plan to strengthen security awareness & business resiliency against the ever- increasing cyber-threats.”
Least Resistance
Darren Williams, CEO & Founder of Blackfog, an expert in anti-data exfiltration & ransomware protection, also added:
“Our research tells us that cyber-criminal gangs often take the path of least resistance, targeting those organisations who have left themselves vulnerable to bad actors by being under-protected & under-resourced when it comes to cyber defence; some smaller organisations even make the assumption they won’t be targeted as they ‘have no data of value’.
Positive Move
“The new Cyber Advisor Scheme proposed by the NCSC is a positive move in the right direction to help fight cyber-crime,” he advised.
“Our hope is that the experts will look beyond 1st & 2nd-generation cyber security technologies like antivirus & EDR, & focus on newer technologies that prevent data exfiltration to wholly protect organisations from extortion & secure their most valuable asset, data.”
