What are The Cyber Resilience Centres?
They are here to grow and strengthen the UK’s resilience to online crime.
The 10 Cyber Resilience Centres were set up to support and help protect businesses and charities across the UK against cyber crime. Working in conjunction with local universities and the local police forces, we possess the latest information on emerging cyber threats, criminal trends, and best safeguarding practice. This enables us to provide you with timely guidance to prepare and protect your business, staff, and customers from cyber criminals.
The CRC network is modelled on a successful structured collaboration acclaimed by the National Police Chiefs’ Council (NPCC) with each centre’s team being led by two senior police officers.
Why do we exist?
Cyber crime is a growing problem. Last year, it was reported up to 39 per cent of UK companies suffered a cyber attack the previous 12 months. Indeed, one small business in the UK is successfully hacked every 19 seconds, according to the insurance sector.
Ransomware groups do not target companies but do target software vulnerabilities. So, if there are 10,000 companies using a piece of software and the hackers know of a vulnerability in that software, they go for all 10,000.
These cyber attacks are potentially ruinous events for business owners. The latest Cyber Security Breach Survey revealed that the average cost of a cyber security breach in the UK is £8,460 across all businesses. However, this figure becomes greater as the size of a business increases.
The cost of a cyber attack is not only financial, with the average time large businesses spend on managing the impact amounting to 3.4 days, according to statista.com.
The CRCs provide guidance and toolkits that help businesses improve their cyber resilience and mitigate the threat posed by cyber criminals. We also help to explain and remove those three common myths concerning cyber security:
Cyber is complex - I do not understand it.
Cyber attacks are sophisticated - I cannot do anything to stop them.
Cyber attacks are targeted - I am not at risk.
How do we help businesses?
The first step to cyber resilience is knowledge. That is why we produce blogs and newsletters that keep you updated on the latest news, views, guidance, and events relevant to the business community.
We provide a range of services delivered by top talent from local universities, including staff training. We also have a network of Trusted Partners who can help you complete the government-backed Cyber Essentials programme – designed to protect businesses from the most common cyber attacks.
Cyber security does not always have to be expensive. Some of the basic improvements that can protect you from the majority of cyber crime can be implemented for free. We will help you and your business navigate the internet to find these and improve your cyber security at an affordable rate. We always talk about keeping your software updated being so important, why?
For every 1,000 lines of computer code, there are between 10-15 errors. Each error can become a vulnerability/weakness for your organisation, which could be exploited by someone. For example, Windows has an estimated 10-50 million lines of code, and Office 365 has an estimated 75 million. Install those updates when the device warns you, it is likely to save your bacon, even better, turn on auto-update and if you do not need the software - uninstall it.
What membership options are available?
We offer all businesses free membership in addition to our paid membership opportunities. Businesses can choose from four membership options as well as selecting any of the services we deliver.
Who are our Trusted Partners?
Our Trusted Partners are official providers of Cyber Essentials and Cyber Essentials Plus Certification. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security which can often become a requirement when tendering for work in both public and private sectors.
Cyber Essentials is a simple but effective, government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Who else do we work with?
Each centre has established an Advisory Group featuring a range of industry professions from all backgrounds to help support growth. The Advisory Group provides guidance that influences the direction of the centre. We also work in partnership with the UK’s Police Protect Network, which works proactively and reactively on significant cybercrime investigations. By working alongside the National Cyber Security Centre (NCSC), we can keep our members up to date with the latest cyber threats and guidance.
What services do we provide?
We provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK’s top university cyber talent. Our services help SMEs and therefore prepare and improve cyber resilience of the UK’s supply chain. The services we offer are listed here https://www.secrc.co.uk/services on our website. For example;
Are your staff in need of some cyber training?
• We can help them to recognise a phishing email whether it is a new starter or as part of an organisation’s training program.
• We can improve their response to a cyber event like they have practised in a fire drill or medical incident?
• The Information Commissioners Office recommends that new staff complete training within one month of joining the organisation and that the workforce has annual refresher training.
When did you last visit your cyber security policies?
• We can assist in changing a workplace culture as sometimes it is the data handling process that creates the vulnerabilities.
• Highlighting good / bad practices e.g., clean desk policy to comply with GDPR; not plugging devices into USB to charge.
• Recognising and rewarding staff’s proactive behaviour e.g., reporting phishing emails to ICT. How do you reward your staff for following best practices to assist in changing the culture? Send them a chocolate bar for every phishing email that is reported for example.
• Do you have an information security policy, cyber security policy, business continuity plan or disaster recovery plan?
• Are those policies readable for staff and not realms of just words?
Do you want to find out whether there are presently any weaknesses in your organisation’s cyber security?
• We can carry out a specific assessment of your infrastructure and assess it for vulnerabilities.
• Alternatively, if you think or know the infrastructure has weaknesses already, we can offer solutions on how these can be fixed.
Some freely available tools:
• Police Cyber Alarm helps organisations monitor and report malicious activity they face from the Internet - https://cyberalarm.police.uk/
• Have I been pwned is a worthwhile service that notifies you know about comprises featuring your organisation’s emails in data breaches. These usually are a precursor for phishing email campaigns and business email compromises - https://haveibeenpwned.com/DomainSearch.
• The cyber readiness assessment provides your organisation with an indication of cyber security maturity with regards to Cyber Essentials, upon which the option of free cyber insurance. This also provides you with the ability to request your contractors adhere to the scheme therefore strengthening your supply chain to a cyber attack - https://getreadyforcyberessentials.iasme.co.uk/.
There’s a network of cyber resilience centres across the country that are here to help. For more information and to gain access to affordable cyber services, training, and guidance in your area, find out your where your nearest cyber resilience centre by visiting: https://www.secrc.co.uk/uknetwork.
Written by Chris White, Detective Inspector and head of Cyber & Innovation, The Cyber Resilience Centre for the South East.
digital issue