Security

Cyber Awareness Training Data Breaches and their consequences General Security Issues Identity and Access Management Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security Security Tools

All about H2

Introduction

All the information below is contained within the website but we thought it might be useful to summarise it in one post to make it easier for people who want to understand what we are all about.

About myself and H2

I like to start any discussion by saying that I’ve been in the cyber security game almost since before it was a game!  I started in Information Security at the MOD at a time when IT and databases were in their infancy and got in on the ground floor.  I subsequently went to work for the NHS, HP/HPE, CSC and Symantec, during which time I led many major cyber security projects in the public and private sectors, designing and commissioning the Security Operations Centre for the FCO, carrying out several projects for the MOD, leading the security team for the new online passport application, as well as several high street banks.

In 2013 I was asked to go to the middle east to set up a Cyber Security team covering the UAE, Bahrain, Saudi Arabia, and Qatar, growing the team from 3 people to 24.

On return my business partner and I set up H2 to serve the SME community. Sadly, my business partner did not survive the pandemic, and I am now the sole management of the company.

So why SMEs?  Surely there’s more money in corporate security?

Well yes there is, but SMEs are at the heart of our ethos.  During our time working in the corporate sector, it became clear that there was little to no support given to SMEs, either at the S, or the M end of the scale, and the big security companies and system integrators were content to leave that to their resellers ie those local IT support companies that resold their products.

Here at H2 we understand that the only real difference between an SME and a corporate organisation, in terms of cyber security, is that of scale.  We have therefore scaled our services, the products that support them, and our pricing, to fit with an SMEs issues and

pocket.   We like to say that we offer a triple A service providing solutions that are Appropriate (to you), Affordable and Accreditable (to standards such as Cyber Essentials).

Take a look at our Blog and social media posts.  We try to inform and educate, placing a link between what we know, and what SMEs need to know but are rarely told.

Solutions Provided to SMEs

The first thing that we discovered is that SMEs have a very poor grasp of cyber security issues, although that is changing following the pandemic when many were forced to change their working practices almost overnight and have subsequently embraced a distributed working model.  There is no doubt that the propensity for working from home, or other remote locations, since COVID has introduced some very difficult, or at least challenging, security vulnerabilities into SME networks.  For instance, prior to the pandemic, when they were 100% office based (except perhaps some mobile salespeople), their local IT provider will have almost certainly set up what we called the bastion security model.  Ie, like a castle, a bastion, you had a wall around you, and for belt and braces, you also had a moat.  The gateway was robust, had a drawbridge and portcullis, or let’s call it a secure firewall and anti-malware system.  Everything was locked up inside and nice and secure (in fact it probably wasn’t but that’s for another day).

Whilst Microsoft didn’t invent the term the ‘new normal’, they were the first, I believe, to apply it to IT, following the enforced change in working practices brought about by the pandemic.  Many companies have embraced this new normal and have settled into some form of hybrid working.  Of course, this is nothing new, it’s been ‘a thing’ for years now, certainly in corporate organisations.  The real change came about in SMEs for whom it really was quite revolutionary.  Corporate bodies will have spent a lot of money on a variety of remote access systems to keep their data secure, whilst SMEs not only had to rush unprepared because of the pandemic, but they simply didn’t have the budget to employ more secure connections.

What the pandemic has done is change that, or perhaps arguably, accelerated the change to a more distributed way of working, already underway in corporate organisations but now common amongst SMEs. 

Our first challenge then was that of education.  Changing the mindset of SMEs, moving them away from being simply technology focused, onto a more business oriented cyber

security focus.  Cyber security is a business issue, not a technical issue and that is something that many SMEs fail to grasp.  Any true cyber security professional takes a

risk managed approach, identifying the risks posed to their client, and then applying the principles of People, Process and then Technology, in that order.  That risk managed

approach is equally applicable to all sizes of organisation in all sectors and has not changed since the advent of the internet.

Taking the services we provide as shown clearly on our website (where pricing is shown), www.hah2.co.uk, the first is that of Board Advisory, where we offer advice and guidance to our clients regarding their security.  We often end up providing this advice for free as we are putting forward solutions to solve their issues but there is of course a limit to that.  We also offer a Cyber Maturity Assessment (CMA), which is close to a full risk assessment but tries to keep the costs down to an order that an SME can afford.  The CMA is fully described on the website, and we won’t reprint that here.

Another service we provide is Penetration Testing and Vulnerability assessment.  Pen Testing is a point in time test ie the minute you finish it and have read the report, it’s out of date.  It is however useful to do once a year or when you add a new feature to your systems, or take a new system into use.  We use a fully qualified CREST team who can, if you wish, also carry out attack simulations.

Vulnerability assessments are carried out continuously via agents deployed on the network.  The main difference is that as a Pen Test will find real issues, a vulnerability assessment will find things that you may be vulnerable to, but which haven’t necessarily been exploited and in fact, may not be a real issue once investigated.  They are, however, continuous throughout the year and can be more effective.

We talked earlier about People, Process and then Technology.  Arguably your first line of defence is your people.  They can also be your weakest link.  Data leaks often occur inadvertently, due to a lack of awareness rather than malicious intent. We offer cyber awareness training designed to equip your team with the knowledge and skills to safeguard sensitive information.

This training can be delivered in one of 2 ways.  The first is classroom based, either on site or over a remote connection such as Zoom or Google Meet.  The second is online training provided via another of our solutions which will be described below and allows

staff to pick when they will take some time to undertake the training which is delivered in a modular fashion, taking up very limited time which won’t take staff away from their desks to too long.

Another very important service which we provide online, cloud based, using a SaaS solution, is aimed at Data Protection.  Clients with large amounts of sensitive data that they wish to protect, use this solution.  It is essentially a data loss prevention system

that is designed and priced for SMEs, using state of the art file level encryption.  This system comes with a 30-day free trial so that clients can see it for themselves.

Based on Actifile it is tailored to the unique needs of the modern business which often sees its staff work remotely as well as in the office.  It protects the valuable data you hold and reduces your risk, without breaking the bank.  It covers:

  • Insider Threat Detection: Protect your business from internal threats posed by employees
  • Ransomware Protection: Safeguard your data from ransomware attacks that can cripple your operations
  • Data Leakage Prevention (DLP): Prevent confidential information from falling into the wrong hands
  • Data Privacy and Compliance: Ensure you meet GDPR requirements and avoid costly fines
  • Automated Encryption: Protect sensitive data with encryption that’s easy to manage.

In the dynamic world of cybersecurity, staying ahead of evolving threats requires a comprehensive approach that adapts to the ever-changing landscape. At H2, we recognise that one-size-fits-all solutions often fall short, which is why we’ve developed a flexible and scalable cybersecurity solution powered by Guardz, to address the needs of our clients.

Our approach is grounded in sound risk management principles, ensuring that our solutions are aligned with your specific cybersecurity requirements. Whether you need one or more of our products woven into a solution, we can tailor that solution to meet your exact needs and budget.

This complements the data protection solution whilst remaining capable of standing alone. Especially devised and priced for SMEs, it maintains our commitment to affordability and accessibility which is reflected in our incredibly competitive price of

£12 per seat, which includes no hidden charges, add-ons, or expensive infrastructure costs. The solution comes with a 14-day trial to give you hands-on experience with our solutions and assess their impact on your business.

This solution comes with a fully loaded Cyber Security Awareness training course, and a Phishing simulation capability.

You should note that we have bundled the 2 managed services together and offer them at a price reduced by £3 per seat per month.

Finally, we offer certification in Cyber Essentials and Cyber Essentials Plus which provide robust defences, endorsed by UK government to guard against common cyber-attacks. They are required certifications to work with public sector entities, and achieving certification signals a commitment to securing client data.

We now offer different pricing options to our clients.  For Cyber Essentials we offer:

Our Supported Package whereby we guide you during yourself assessment ensuring that you achieve certification first time, can be purchased at a one-off price which we are happy to quote for or a monthly subscription from £61 per month.  

If you are short on time or not too sure what to do, try our Turnkey Package whereby we carry out the assessment for you in total, once again ensuring that you achieve certification first time.  This can also be purchased as a one off at a price which we are happy to quote for or there is a subscription price which starts at £120 per month.

We can offer consultancy around ISO 2700X if it is considered desirable or appropriate.  We can advise on that.

General Security Issues Risk Analysis and Security Strategy Security

360º Protection in a perimeter-less world – A White Paper

Cyber Security – Some Facts

  • In the last year, 39% of all businesses in the UK were the victim of a cyber-attack
  • 20% of these lost money or data as a direct consequence
  • 31% of these estimated they were attacked at least once a week
  • The average financial loss to a business is £19,400
  • Phishing emails continue to be a major threat to businesses
  • Hacking of social media and email accounts to extort victims or to enable cases of fraud is increasing – over 8,000 cases in 2021/22, an increase of 23.5% on the previous year
  • Ransomware attacks are one of the most serious threats to businesses and organisations – they can prevent users accessing their devices, network, and data, and confidential information can be deliberately leaked unless a ransom is paid
  • There is a rise in Ransomware as a Service (RaaS) transactions where sophisticated ransomware programmes are leased to less technical cyber criminals so they can launch their own attacks
  • Most ransomware criminal gangs that target the UK are based in and around Russia
  • The NCSC (the National Cyber Security Centre) dealt with more than two million malicious cyber campaigns over the last 12 months
  • 63 cyber-attacks needed a national level response
  • Only 33% of businesses conduct a cyber risk assessment
  • The percentages of business which have Cyber Essentials certification is climbing but is still far too low.
  • 45% of businesses have staff using personally owned devices to carry out work related activities (BYOD – Bring Your Own Device policy)
  • Only 14% of businesses invested in threat intelligence and only 17% carried out a cyber security vulnerability audit
  • Only 23% of businesses have a formal cyber security strategy and only 38% have any kind of cyber security insurance (with only 5% having a dedicated cyber security insurance policy)
  • Only 17% of businesses have had training or awareness raising sessions on cyber security in the last 12 months

Glossary

Phishing

Fraudulent attempts to extract important information, such as passwords, from staff.

Ransomware

A type of malicious software designed to block access to a computer system until a sum of money is paid.

Malware
Malware (short for “malicious software”) is a type of computer program designed to infiltrate and damage computers without the user’s consent (e.g. viruses, worms, Trojan horses etc).

Threat Intelligence

Threat intelligence is where an organisation may employ a staff member or contractor or purchase a product to collate information and advice around all the cyber security risks the organisation faces.

Sources

  1. The National Cyber Security Centre (NCSC), part of GCHQ
  2. UK Government Official Statistics – Cyber Security Breaches Survey

Hybrid Working

Welcome to the changing world of work

Whether you’re an employer or an employee, you’ll know the world of work has changed.

The global Covid-19 pandemic and national lockdowns around the world meant factories shut their gates, shops closed their doors, and offices were forced to quickly transition to remote working. And this has fundamentally changed how many businesses operate today.

According to the Office of National Statistics (ONS), despite lockdown being over, a significant percentage of all UK staff now work remotely some or all of the time.

But these hybrid staff are not just working from home when they’re not in the workplace. They are also working from coffee shops, in shared working spaces, in airports and motorway service stations, and from other locations outside of most SME’s security boundaries.

What’s more, they are connecting to your network, downloading and uploading files, and sharing business sensitive information in more ways than ever before. And they’re using Cloud services and messaging apps (such as WhatsApp), and other communication systems and sharing tools, to ‘do business’ because they’re fast and easy.

But this hybrid way of working, and the speed and convenience of these systems and tools, comes at a cost. Your business information and data is now distributed like never before outside of your network and stored in locations that you may never know about.

For today’s cybercriminal, this presents a huge opportunity. They no longer need to target a company through their workplace network; instead, they can target businesses and their employees – and most importantly, their sensitive and confidential data – on the sites and in the places outside of your protected security network.

That’s why hacking of social media and email accounts to extort victims or to enable cases of fraud has increased by more than 23% over the last year.

And why the NCSC (the National Cyber Security Centre) had to deal with more than two million malicious cyber campaigns.

But with 39% of all businesses in the UK becoming the victim of a cyber-attack, the threats to SMEs in today’s hybrid world are increasing.

The Challenge for SMEs

In the UK and Europe, a business is classified as a SME (a Small to Medium-sized Enterprise) if it has fewer than 250 staff and a turnover of less than €50 million or a balance sheet of less than €43 million (although this definition has changed over the years).

And according to the DTI, 90% of UK GDP comes from SMEs including micro businesses with fewer than 10 staff.

But worryingly – but perhaps not surprisingly – the NCSC (the UK’s cyber security authority) and ENISA (the EU equivalent) are predicting a spike in cyber-attacks on SMEs, following a rise in attacks on smaller businesses in the US and Australia.

Why are SMEs the main target of cybercriminals?

There are two main reasons why cybercriminals are increasingly targeting smaller businesses, as follows:

1. Resources

Cybercriminals know that most SMEs don’t have the resources of enterprise level companies and therefore haven’t invested in the cyber protection that larger companies often do.

Many enterprise level companies use Managed Security Service Providers (MSSP’s) to provide the cyber protection they need, sometimes working alongside their own internal dedicated cyber security staff.

Most SMEs simply don’t have the ‘deep pockets’ to do this, making them an easy target for cyber attackers. 

2. Level of concern

For many smaller businesses, cyber security is simply not something they believe is a priority compared to the numerous other things they have to worry about.

And in most cases, they believe that they are already effectively protected because they use an outsourced IT partner (for things like managing their network or supplying hardware) or because they use Cloud based systems.

But cybercriminals know that things have changed since the onset of Covid and that more and more employees are now working remotely and using many different systems and online tools, outside of their traditional IT security boundary.

What’s more, many companies have adopted a Bring Your Own Device (BYOD) policy that means staff can use their own personal devices – such as laptops and phones – for work purposes.

All of this means cybercriminals have more points of entry then ever before to launch an attack.

Zero Trust Architecture and Shadow IT

When companies have files located in different places and spread across various systems and Cloud based solutions, they need what is known as a zero trust architecture. This model assumes that security breaches will happen, particularly as important data is held on third party systems such as communication apps and third party portals, which are collectively known as shadow IT.

SMEs typically do not understand the principles of zero trust architecture and use (or fail to monitor) shadow IT, meaning they rarely truly know all the locations where their data is held and whether it is protected.

Cyber Security Principles

Despite not having the resources of enterprise level companies, the basic principles of cyber security are the same for small businesses as they are for much larger ones.

Principle 1 – Understand the value of your data

Whether you’re a multibillion pound conglomerate or a sole trader working from home, the first thing you need to know is the value of your information assets and data. This could include your customer records, financial information, your passwords and system login details, intellectual property, and much more. All data has a monetary value.

One way to calculate the value of this is to estimate what the cost would be to your business if this data and information was compromised or stolen. Would the situation be recoverable, or would it mean the end of your business, both financially and reputationally? And even if you’re one of the 5% of UK companies that has a dedicated cyber security insurance policy, would this cover you for all the losses you would experience?

Principle 2 – Understand the threats

Do you really know what cyber-attacks could threaten your business? Could cyber criminals send you or your colleagues phishing emails in an attempt to extract important information or passwords? Or could they attempt to install ransomware software on your network that could lock you and your team out of your systems until a ransom is paid? Or could a virus, worm, or a Trojan horse be installed on your network due to a malware attack aimed at damaging your systems?

It’s important you know the threats facing your business in order to understand your vulnerability to those threats.

Principle 3 – Understand your vulnerability

How exposed is your business to the possibility of a cyber-attack? To understand your vulnerability, think about any security measures you have in place, as well as gaps in your protection that may be easily exploited by a cybercriminal. 

But keep in mind that like many other companies nowadays, your staff are most likely working outside of the traditional workplace environment some (if not most) of the time, and the locations they are now working from – and the methods they use to communicate, share, and work – are likely to be outside of your traditional network boundary. This greatly increases your vulnerability to a cyber-attack.

Principle 4 – Know your risk and mitigate

Once you know the value of your information, the threats that exist, and your vulnerability to a cyber-attack, you’ll know the risk that faces your business. But rather than believing you need to eliminate all risk – which even enterprise level companies and national organisations and governments struggle to do – you need to mitigate it to a level that is acceptable for your business.

This may involve implementing new security procedures or installing new software or changing how staff work or providing cyber security training, so all staff know what to watch out for. Or it could mean you have a cyber security audit carried out on your business or hire a (on-premises or remote) Cyber Security Officer who actively monitors your systems and protects you from existing and new cyber threats.

Perimeter-less 360o Protection for SMEs

In today’s hybrid world, what’s needed is a new approach to cyber security. A solution that provides advanced shield technology (proactive protection against all known and unknown security threats) and has the following features specifically designed for SMEs:

  • Works inside and outside of traditional IT security boundaries across all devices, systems, and platforms
  • Is built for a ‘perimeter-less’ ecosystem
  • Is designed for zero trust architecture and the use of shadow IT
  • Is low cost and flexible
  • Doesn’t impose unwieldy security barriers or restrictions but rather has been created to provide protection however and wherever staff are working
  • Protects against all external threats including ransomware (which most data loss prevention solutions don’t)
  • Has the ability to block ‘zero-day’ threats (an attack that exploits a security vulnerability which a developer has zero days to fix) before a business has even identified that such a threat exists
  • Stops all attempts to write known and unknown malware onto the permanent storage of any device
  • Doesn’t require a big (and often expensive) effort setting up blocking rules or ongoing costly maintenance
  • Doesn’t cause any performance issues and has no impact on a device’s RAM or CPU
  • Is a real-time low maintenance ‘fit and forget’ solution that blocks 100% of unauthorised attempts to modify a business’s IT systems

An Innovative Solution

H2 Cyber Risk Advisory Services has developed a low cost managed cyber security solution for SMEs that is designed specifically for hybrid working and 360o perimeter-less protection.

360o Real Time Work Anywhere Cyber Protection fuses industry leading cross platform data discovery functionality with robust and innovative data flow monitoring capabilities so that you’ll know where every one of your files and all of your data is and how to protect it.

It provides both valuable insight and protection to stop you becoming the next victim of cybercrime.

Insight

  • The system analyses your cyber-attack vulnerabilities and risks factoring in every device connected on your network.
  • It quantifies the threats against your organisation’s particular appetite or tolerance for risk.
  • It prioritises responses based on factors important to your business and monitors the effects of your actions.
  • It provides clear actionable insight including security recommendations such as security patches, updates, or workarounds.

Protection

  • Advanced shield technology that provides a ‘one time’ fit security solution that prevents against malware, ransomware, zero-day attacks, and all other cyber threats, known and unknown.
  • Shield technology does not use signatures so there is no need for constant updates to add newly discovered threats and no risk of becoming a zero-day victim.
  • The system proactively scans workstations, laptops, and other devices for sensitive data using smart patterning, and assigns a financial value to the risks you’re exposed to.
  • It tracks and audits data risk in real time by continually monitoring incoming and outgoing sensitive data flows to and from your perimeter-less organisation.
  • It uses a patented encryption process to automatically secure sensitive data across all endpoints, Cloud apps, third party portals, and shadow IT.  The entire process from initial deployment through to data risk analysis and remediation by automatic encryption takes as little as 72 hours.

Benefits

H2’s 360o Real Time Work Anywhere Cyber Protection provides the following benefits:

  • Perimeter-less cyber protection for wherever you or your staff are working – at home, in a coffee shop, at an airport, or anywhere else
  • Ideal for remote and hybrid workers
  • Real time 24-hour protection inside and outside of the Cloud
  • Protects your network, your devices, and your information
  • Enterprise grade shield technology specifically developed for the growing number of SMEs being targeted by hackers and cyber criminals
  • 360o protection against data breaches and cyber-attacks and scams
  • Simple subscription-based per month pricing – pay for just what you need and cancel anytime with 30 days notice

Ask yourself, do you know with absolute certainty where your data is?  Are you sure that an employee hasn’t downloaded a piece of sensitive data onto their laptop or desktop at home to work on, before uploading it again?  Have they forgotten to remove the copy they have on their machine, resulting in there now being two copies of the sensitive data, one sitting outside of your security boundary or outside of your Cloud systems? Or have they used a shadow IT tool, such as WhatsApp or some other communication system, to share the data outside of your network?

Ask about our free no-obligation trial to see how H2’s 360o Real Time Work Anywhere Cyber Protection can protect your business however and wherever your staff are working.

The Experts in Cyber Protection

H2 Cyber Risk Advisory Services was founded by industry leading experts in cyber protection who previously worked for a number of Fortune 500 companies, national governments, and leading technology companies including Symantec, Hewlett-Packard (HP), and BAE Systems.

Their experience in the security sector goes back to the late 1980s and includes designing the first security operations centre for the Foreign and Commonwealth Office (FCO), as well as leading security projects for the Ministry of Defence (MOD) and the Passport Office.

H2 was established in 2016 to provide the same quality of cyber and data protection to mid-market businesses and SMEs in the UK.

What else can H2 do for you?

As well as providing 360o Real Time Work Anywhere Cyber Protection, H2 provides the following services, each of which can be bundled into a comprehensive managed service:

  • Managed Cyber Security Officer – dedicated remote cyber security expert who proactively monitors your systems and cyber threats to your business, offered on a number of hours a month basis to suit the client
  • Innovative anti-malware solutions – these protect against malware threats and ransomware attacks
  • Patch management across your entire network
  • Cyber maturity assessments – examines and analyses all aspects of your cyber security stance, including policies and processes
  • Cyber Awareness Training for your staff – aimed at IT users and non-technical staff, and offered on-line as well as face to face
  • Cyber Essentials and Cyber Essentials + certification

Contact

H2 Cyber Risk Advisory Services

T: 0800 4947478

E: hello@hah2.co.uk

W: www.hah2.co.uk

H2 Cyber Risk Advisory Services Ltd
57 High Street Somersham Huntingdon PE28 3JB  		H2 Cyber Risk Advisory Services Ltd
Unit C17 Kestrel Business Centre 2 Colwick Industrial Estate Nottingham NG4 2JR

Cyber Awareness Training Data Breaches and their consequences General Security Issues Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security

What Do SME Owners and Directors Want From Cyber Security?

I wrote a post earlier this week exploring what SME owners and directors really care about when it comes to cyber security! Do they really care about the how the latest technological solutions work? Do they really care about the scare stories, or at least, do they really think that they apply to them. Oh, they might have a sneaky suspicion that it could be a problem but is it on their mind enough for them to do something about it.

The argument was made that this is especially true in an economic downturn when they are focused on costs, even more than they normally are. They want robust cyber security solutions that don’t cost an arm and a leg.  And what they don’t want is jargon and tech speak that they feel is aimed at bamboozling them with science in order to convince them they should buy something that they don’t actually need. 

We are believers that what is needed is simplicity. SMEs are looking for user-friendly security measures that don’t require a PhD in Cyber Science. They don’t want jargon or even industry metrics. Remember the KISS principle – Keep It Simple Stupid.

Of course they are going to have a focus, and you need to understand what is important to them and what isn’t. That will depend on the nature of their business to a great extent. Whilst there are commonalities regardless of the vertical they work in, there will always be differences, some big, some more subtle, that will impact any cyber security solutioning.

Nowadays many SMEs are increasingly aware of cybersecurity risks, but a significant number still underestimate the importance of cybersecurity risk management. SMEs often face unique challenges in this area due to limited resources, competing priorities, and often a lack of expertise not just in their organisation but also in the IT support company’s they use. Here are some insights into the current landscape:

  • Growing Awareness: SMEs have started to recognise that they are just as likely to be targeted by cyber threats as larger companies, partly due to high-profile ransomware attacks and data breaches affecting businesses of all sizes. As a result, awareness is rising, especially as more businesses transition to digital platforms and remote work, which increases exposure to cyber risks.
  • Resource Constraints: For many SMEs, the cost of robust cybersecurity measures can be prohibitive. They often lack dedicated IT and cybersecurity teams, which makes it challenging to implement and maintain comprehensive security protocols. Cybersecurity solutions can be expensive, so SMEs may prioritise short-term operational needs over what they might perceive as longer-term security investments.
  • Risk Perception and Underestimation: Some SMEs mistakenly believe they are too small to be targeted by cybercriminals, assuming that attackers primarily focus on large corporations. However, this “security by obscurity” mindset has been proven false, as attackers often view SMEs as easier targets due to their weaker defences.
  • Impact of a Breach on SMEs: Unlike larger companies, SMEs are less likely to recover from a significant cyber incident. A data breach or ransomware attack can be devastating, leading to financial losses, reputational damage, and even closure. Despite this, many SMEs may not fully understand the potential scale of these consequences.
  • Compliance and Regulatory Pressure: With increasing data protection regulations (e.g., GDPR, PCI), SMEs are under more pressure to adopt better cybersecurity practices to remain compliant. This has led to greater awareness among some SMEs, especially those handling sensitive data like healthcare, finance, or customer and payment information.
  • Cybersecurity Awareness Training and Culture: Even when SMEs implement some cybersecurity measures, they may lack the necessary employee training and risk management practices that foster a security-focused culture. Human error remains a leading cause of data breaches, so SMEs need to prioritize employee awareness and training.

In summary, while awareness of cybersecurity risk management is growing among SMEs, gaps remain, particularly around adequate investment, robust risk perception, and ongoing management of cybersecurity threats. Cybersecurity can seem overwhelming for small businesses, but as the digital landscape continues to evolve, understanding and addressing these risks is becoming essential for SME survival and growth.

General Security Issues Risk Analysis and Security Strategy Security Security Tools

Is Protective Monitoring Necessary for an SME?

I’ve talked about protective monitoring in the past but there is still some misperceptions about it, particularly amongst SMEs.  Probably first and foremost is that it is way too expensive, which leads to thinking that it’s not for them and is much more of a nice to have than a necessity.  I thought I’d take a bit of a deeper dive into this.

So, what is it? 

Protective monitoring in cyber defence is a systematic approach to continuously observing and analysing an organisation’s digital environment to detect, prevent, and respond to security threats. It involves gathering and analysing data about network traffic, system activity, and user behaviours to identify potential vulnerabilities or malicious activities. Here’s a breakdown of its key components and purposes:

For a small or medium-sized enterprise (SME), implementing cyber protective monitoring is crucial for a variety of reasons. This proactive approach can be the difference between quickly identifying and mitigating threats or facing significant damage from a cyber-attack. Here are key reasons why SMEs should consider cyber protective monitoring:

1. Protection Against Data Breaches

SMEs often hold sensitive data like customer information, financial records, and intellectual property.  Companies like law firms, financial advisors and estate agents, will hold years worth of personal identifiable information as defined by the Data Protection Act, or UK GDPR if you prefer.  Protective monitoring helps identify unusual activity within their network, such as unauthorised access or data exfiltration attempts, allowing for swift action to prevent breaches.

This is especially important as SMEs can be perceived as easier targets by cybercriminals compared to larger enterprises with more robust defences.

2. Regulatory Compliance

Many industries have strict regulations around data privacy and cybersecurity, such as GDPR and PCI-DSS. Protective monitoring helps SMEs stay compliant by providing visibility into how data is accessed, used, and secured.

It allows them to maintain audit trails of activity, which are often required to prove compliance during an audit or investigation.

3. Early Threat Detection

Cyber threats are constantly evolving, and attackers are often inside a network for days or weeks before launching an attack (such as ransomware). Protective monitoring enables the detection of anomalous behaviour that could indicate a security threat before it becomes critical.

This helps minimise damage by enabling a faster response to potential threats like malware infections, unauthorized access, or network vulnerabilities.

4. Cost-Effectiveness in the Long Run

While some SMEs may view cyber protective monitoring as an additional cost, it is often more cost-effective than dealing with the fallout of a cyber-attack. The financial impact of a breach includes legal fees, loss of business, damage to reputation, and potential fines from regulatory bodies.

By investing in monitoring, SMEs can save significantly on these potential costs, making it a smart investment, especially now that there are systems specifically designed and costed for SMEs.

5. Building Trust with Clients and Partners

Customers and business partners expect their data to be handled securely. An SME with strong cybersecurity practices, including protective monitoring, can build trust and demonstrate its commitment to data security.

This can serve as a competitive advantage, especially when dealing with larger enterprises or industries that prioritise security.

6. Rapid Incident Response

When a security incident occurs, the speed of the response is critical. Cyber protective monitoring provides real-time alerts when suspicious activities are detected, enabling SMEs to quickly isolate affected systems and take necessary actions.

A rapid response can help contain potential damage, maintain business continuity, and limit operational disruptions.

7. Mitigating Insider Threats

Not all cybersecurity risks come from outside the organisation. Insider threats, whether malicious or accidental, can cause significant damage. Protective monitoring can help detect unusual behaviour from employees or contractors, such as unauthorised access to sensitive data or suspicious data transfers.

This allows SMEs to address these issues before they lead to data leaks or other security incidents.

8. Scalability and Adaptability

As SMEs grow, their digital footprint and potential vulnerabilities expand as well. Cyber protective monitoring solutions can scale alongside the business, ensuring that security measures remain effective even as new systems, networks, and applications are added.

This adaptability makes it easier for SMEs to adjust their cybersecurity strategy as their needs change, without a complete overhaul of their security infrastructure.

9. Insights for Better Decision-Making

Beyond just identifying threats, protective monitoring can provide valuable insights into network usage and performance. SMEs can leverage this data to make better strategic decisions regarding their IT infrastructure, such as identifying redundant systems or optimising network resources.

It can also highlight areas that require further security investments, helping prioritise spending on cybersecurity.

10. Improving Overall Cybersecurity Posture

Cyber protective monitoring is a key part of a broader cybersecurity strategy. By continuously monitoring and analysing network activities, SMEs can better understand their vulnerabilities and areas for improvement.

This helps create a culture of security within the organisation, where cybersecurity is not just an afterthought but an ongoing priority.

Overall, cyber protective monitoring provides visibility, control, and peace of mind for SMEs, helping them navigate the complex and ever-changing landscape of cyber threats. By taking a proactive stance, they can protect their assets, maintain customer trust, and ensure long-term resilience against cyber-attacks.

Protective monitoring is not just for corporate organisations, but is for everyone, especially now that there are systems and services designed especially for SMEs and priced accordingly.  Don’t leave it until it’s too late. Playing catch up and fixing problems after the event, is always much more expensive that taking a pro-active stance.

To learn more about the protective monitoring managed solutions we provide please click here https://www.hah2.co.uk/

Cyber Awareness Training Data Breaches and their consequences General Security Issues Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security Security Tools

How Can We See a Return on Investment from our Cyber Security Spend?

How are businesses improved through good cyber security?  It’s a question just about every customer, or prospective customer, of ours asks themselves.  They need to see a return on investment, after all, if you don’t see anything tangible for your money, you’re unlikely to keep going down that road.

When my business partner and I set up H2 after we returned from the Middle East where we’d been working for the HP division that was busy merging itself with CSC (been there done that, didn’t fancy returning to it), the whole question of how we could offer something that gave that return on investment, occupied much of our thinking.  What services could we offer at a price that businesses were prepared to pay, and what tangible benefits could we offer?

At first, we were purely a services company, proudly product agnostic, recommending the right products for the right solutions for the right customer.  Not at all altruistic, but rather we felt that was the right thing to do be doing.  Like many people we didn’t see COVID coming around the corner like a freight train.  The pandemic didn’t just change how we would be delivering our services, it changed the whole market, it changed working practices, which are still evolving.  That meant that we had to change or die.  A stark choice but not one that could be avoided or put off.  Like many businesses we had to reengineer the business from the ground up whilst still providing services that customers wanted and could see a need for.

An interesting google search is finding out what businesses are researching online.  I was quite surprised to find that the question ‘what is a cyber-attack?’, is the most searched phrase, by a long shot.  This suggests that many are still confused as to what a cyber-attack actually is.  Breaking that down, its probably not all that surprising because of all the various types of cyber-attack that are constantly being rammed down peoples’ throats and I think the cyber security industry needs to take responsibility for that.  There’s a big difference between education and propaganda.  FUD (fear, uncertainty and doubt) is a common method used by many to sell security.  Personally, I’m not in favour of doing that.  I like to educate, not scare.

Other subjects being searched for are ransomware, phishing, spoofing, cyber threats, insider threats and cyber awareness (there are more but they’re a long way down the list).

What people want to know hasn’t changed all that much, neither has the types of threats.  What has changed is how those threats present themselves, how the methodologies have changed in order to match new technologies and working practices, particularly the move to remote or home working and the additional threats that this poses.  AI is making a big impact already and that impact is going to get bigger as time goes on.  Email spoofing for example, that is faking an email purporting to come someone legitimate in order to get someone to take some action that is in some way fraudulent, is now being done over the phone with AI being used to fake someones voice.  It’s a scary development and there are now several well reported instances of this happening in the US.  If it’s happening there, it’s only a matter of time for it to happen in the UK and across Europe.

One of the first services we offered was the Cyber Maturity Assessment and our very first client took that service.  Our brief was to examine their Cyber Security and Data Protection posture, including policies, processes and technical configuration and controls. They were pleased that our assessment was very comprehensive in discovering the threats and vulnerabilities to their systems and that we described them in terms of business risk.  We developed comprehensive policies and processes that were all encompassing and designed to fit in with the style and presentation of their employee handbook.  All good but it required us to attend their site for a couple of days which was, at one time, normal and acceptable but in terms of the ‘new normal’, not so much.

Whilst we still offer that service, remote services are much more popular and much more in keeping with how businesses are now operating.  It doesn’t much matter where their staff are working, home, office or on the move.  What matters is that their protections are maintained regardless.

As we developed our new offerings we researched and came up with solutions that do just that.  We adopted Software as a Service (SaaS) and found some very innovative solutions that we can use to provide a managed security service to our clients at a very affordable price. 

Returning to our first paragraph, how do we show a return on investment?  Using our SaaS platform, we offer a 14 day free trial during which we can show a client where they currently stand and then carry out some quick remediations to show how that can be improved, so that the client can see the value of what they are going to get, using their own data.  It works and I commend it to you.

Check it out – https://hah2.co.uk/

General Security Issues Risk Analysis and Security Strategy Security

RELATIONSHIP MANAGEMENT

Some introspection is good for the soul they say, and I can’t help but try and apply that to how we, ie so called cyber security professionals, approach prospective clients, or indeed, converse with existing clients.  Is there a certain smugness involved where we believe we know best and whether we do or not, try and push what we think a client should have, rather than what a client needs.  Does this attitude, no matter how hard we try to suppress it, make prospective clients wary of what we have to say?

Of course we have our methodologies, particularly regarding risk management, and I am a great exponent of getting that right, but how many of us take the time and make the effort, to understand the clients situation.  It’s what we used to call situational awareness.  It didn’t just refer to a client understanding their own situation, but us appreciating that situation as well.  After all, not all clients, even those in the same vertical and the same size of business, has exactly the same problems.

A lot depends on who you are and who you work for.  The larger IT system integrators and consultancies do take the time to try and understand their clients.  In fact, going back to the early 2000s, working for a multinational IT product and services giant, we never actually outright tried to sell anything.  Our salespeople at the enterprise level, were very much relationship managers, they built relationships with their clients, got to know their businesses and made suggestions that the client might be interested in.  The mantra was that people buy from people, not from brands.  Brands are great in the marketing context, building awareness and a market presence, but they never seal the deal. 

Of course, at the start of a sales year some bright young thing sporting an MBA and a burning ambition would move the salespeople around, ruining years of relationship building and vertical knowledge, because ‘it needs shaking up’.  The end result is hacked off employees who look elsewhere and hacked off clients who think, well, if I have to start with someone else, I’d might as well see what else is out there.  But that’s a whole other story.

Research your client, understand their business, make sure you’re building a relationship with the right person.  Understand the industry, their pain points and needs.  Only then can you really start to craft a value proposition and call to action that the client can relate to.  Foster that relationship, make sure that not every call you make is about your products and/or services, make it more personal.  Above all, be genuine, it pays off in the end.

I guess what I’m getting at is that it really is all about building relationships with people.  You can have a deep understanding of your subject, fantastic product knowledge and a sparkling personality, but if you talk down to a prospective client, come across as in anyway condescending or patronising, you’ve lost the game.  You have to listen, ask intelligent questions, show that you are really interested in understanding the issues that face this prospective client, and make suggestions that might be suitable to solve the pain points being put in front of you.

We decided a couple of years ago, to offer a service which we entitle Board Advisor (https://hah2.co.uk/why-use-an-independent-board-advisor).  The point was not to try and sell solutions, not to try and sell any particular product, but to work with our clients to identify the issues they really do face and work through those issues to identify potential solutions that will help them in their business by protecting those critical assets that would cripple the business if they were not available or were corrupted in some way.  It’s all about putting appropriate measures in place before disaster strikes and preventing the vastly higher costs of recovery post-breach, from immediate financial impacts to lasting reputational damage.

The security threat landscape is becoming both more sophisticated and easier to exploit by the less sophisticated.  This seems to be at odds but such things as artificial intelligence (AI) is transforming nearly every industry, including cybersecurity. Whilst AI enables enhanced threat detection and response, this powerful technology can also be weaponised by cyber criminals. As AI-driven cyber-attacks grow more advanced, organisations must act quickly to implement robust defences.  Trying to keep abreast of this whilst running a business and focusing on your core requirements, is daunting and frankly, you’re not going to succeed.

If you’d like to discuss the art of the possible, give us call.

Data Breaches and their consequences News Security

Data Breaches – How bad could it be?

“Fujitsu Hacked – Attackers Stolen Personal Information”

Fujitsu confirmed a cyberattack that led hackers to steal personal data and customer information.

Now there’s a headline to put fear into their customers, both current and potential.  Not a great look for one of our premier IT system integrators and manufacturers.

But what’s that got to do with me you say?  I don’t have any Fujitsu kit and I’m way too small to feature on the radar of a hacker or team of hackers, that would target someone like this.  OK, maybe true, maybe not so true.

Did you know that since 2005 the Information Commissioners Office (ICO) has ruled on 13,500 freedom of information and environmental information cases. Many of these would be classed as SMEs and small government departments, particularly local government.  Last year alone, 86 enforcement actions were taken which included 37 reprimands, 24 enforcement notices, 23 monetary penalties and 2 prosecutions.  Fines of around 80K are not uncommon, and a fine of that size would be a severe blow to an SME.  The ICO has issued fines totalling £590,000 to five companies for collectively making 1.9 million unwanted marketing calls which targeted the elderly and people with vulnerabilities.

Fines and enforcement notices cannot be hidden, they are published on the ICO website for all to see, which can have an impact on the reputations of companies, adding to the pain of any fine caused by a unwanted marketing calls or data breaches.

In practice though, the ICO is not there to put you out of business and the chances of a fine of anywhere near the maximum, being applied to an SME, is low but not impossible.

It is, for most SMEs, about doing what is reasonable to prevent a data breach.  That will include having the right policies and procedures, known to all staff, and rolled out.  Don’t play lip service to this, you will be found out.  It is important to be aware of the threat and take the necessary actions to prevent breaches.

Lack of adequate data security is an important basis for imposing fines.  Are you one of the SMEs who has swallowed the line that a firewall and some anti-virus, plus cloud storage, is all you need? 

In addition to inadequate security, one of the frequent reasons for imposing a penalty is failure to report a violation despite the obligation under the law.  Have you got that covered with an adequate policy and process in place and understood?

This can all be a real nightmare for many SMEs, particularly those with a large amount of personal data, much of which they can’t ditch.  For example, financial data which under other legislation, they must keep for 7 years.  I’m thinking about Estate Agents and financial advisors, even solicitors who I find are very good at telling others what they need to do to comply with the Act but aren’t so hot on how to do it.

One of the biggest issues I find with SMEs, is that they often think they know where all their data is but get quite a surprise when they discover multiple instances of the same data set.  This has become a real issue since COVID, in that remote working is becoming normal and it’s a real temptation for an employee, working from home with possibly less than robust broadband, to copy data from cloud storage to their PC or laptop to ensure they can keep working on it.  Then they upload it again when they’ve finished but forget to delete their copy.  That’s just one instance but it is vital to understand where all this data is.  What if for instance, you get what is known as a subject access request, where a client or other member of the public wants to know exactly what personal data you have on them, and why.  I spoke to a financial advisor recently who told me that it took one of their partners off the road for 3 weeks, to discover where all the data was kept on just one person.  But under the law, they had no choice but to bite the bullet.

We’ve been pondering these problems for some time, and they boil down to processing and storing the data securely and being able to quickly lay your hands on it.  There are several systems on the market which will capture where your data is, and who has access to it, generally under the banner of Data Loss Prevention, or DLP.  These systems are based on an event-driven approach and require extensive ongoing rules management built for LAN/WAN perimeters and are becoming much less effective working in an increasingly perimeter less environment. 

Local and Wide area networks and the notion of a security perimeter are no longer valid with the transition to hybrid cloud, work-from-home, and zero-trust architecture. In such a setup, sensitive files are spread across on-premises repositories (File Server, NAS) and different cloud-based repositories. These cloud-based repositories are divided between the ones that you manage (managed cloud, such as organisational OneDrive), shadow IT (such as communication apps like slack or WhatsApp), and 3rd party portals. We needed an answer to this new data landscape with a cross-platform discovery functionality, coupled with the data flow monitoring capabilities.

We came across Actifile, which works very differently to a standard DLP, which in any case, often requires other tools to provide the security functionality needed.  Actifile is based on analysing data risks and applying pre-emptive encryption that handles both external threats and insider carelessness, all in the world of no security perimeters. Moreover, Actifile’s set and forget method, requires little to no maintenance, and can be up and running securing data, in less than 3 working days providing a detailed breakdown of the data risk and leverages the data risk for data flow monitoring, auditing and remediation. This approach greatly simplifies the process.

Actifile is a cloud-based management platform coupled with a lean agent for workstations (both Windows and Mac), File Servers, NAS and Terminal Servers, and a sidecar docker instance for cloud-based file shares (. i.e., OneDrive).

Step 1: Data Risk Discovery and Quantification

Based on predefined privacy regulations and PII definitions, Actifile immediately starts scans for sensitive data using smart patterns. Actifile then quantifies data risk per PII type in local currencies.

Step 2: Data Risk Monitoring and Auditing

Tracks and audits data risk in real-time by continually monitoring incoming and outgoing sensitive data flows from and to the perimeter-less organization.

Step 3: Data Risk Remediation by Encryption

Our patented transparent encryption process automatically secures sensitive data across all endpoints, cloud apps, 3rd party portals, and shadow IT. The entire process, from initial deployment through data risk analysis to remediation by automatic encryption takes as little as 72 hours.

Finally, and importantly, it is very light on administration, quick to set up and we are offering a 30 day trial at no cost.  If you don’t like it, we take it away.

General Security Issues Risk Analysis and Security Strategy Security

More about Risk Management

I’ve decided I haven’t bored you all enough about risk management yet, as it pertains to cyber security.  Try not to stretch your jaw too much as you yawn and stay with me because it is extremely important and will become more so as cyber-attacks get more sophisticated and more importantly, ever more common as AI makes them much easier to implement and enables hitherto less skilled criminals, to become more capable. 

We are still, in the SME market, suffering from a misunderstanding about what cyber security is all about.  I know I bang on about this, but it can’t be overstressed.  Without fully understanding the risks you are exposed to, how can you be sure that you are spending your limited budget in the most effective way, and in a way that is doing some good.  I threw that last bit in because I come across situations all too often, where an SME is wasting money and resources because they don’t have a handle on their security risks.

Now I know that many will say that this is a technical matter and that we have a company under contract that looks after our IT infrastructure and therefore we can safely leave it to them.  Wrong.  Ask them some simple questions: 

·      Have they fully identified your security assets?  Security assets are not just   hardware and software, in fact those are often the least of your worries.  It’s the data, where it is and how it’s protected that is important.

·      Have they done a risk assessment on those assets.

·      Have they recommended or implemented controls to manage the risk down to your acceptable residual risk level.  That is assuming they have spoken to you about what that acceptable risk is. 

It’s very important that business owners grasp the difference between the technical requirements of their networks, and the business requirement. 

·      Tech 

Describes the protection of networks, computers, programs, and data. It is a branch of cyber security which is focused on preventing intrusion and therefore theft or manipulation of your systems, from both internal and external sources. Technical security consists of tools such as firewalls, anti-virus software, intrusion detection systems and more to prevent and defend against attackers. 

Technical security needs to work within a defined and business focused security strategy.

·      Business 

Encompasses all aspects of protecting digital assets, including computer systems and networks, from unintended or unauthorised access, change or destruction. Cybersecurity focuses on a devising a security strategy and identifies controls, processes, and technologies to ensure the protection of data, programs, networks and associated software from unauthorized access or attack. It is focused on People, Process and then Technology.

Cybersecurity has a larger role in protecting organizations from malicious cyber-attacks and data breaches. A comprehensive cybersecurity strategy should include preventive measures such as strong authentication protocols, encryption, and threat intelligence analysis; detection mechanisms to rapidly identify attacks; response plans to quickly mitigate the damage; and recovery procedures to help recover after an attack. All these operational capabilities can help ensure organizations are better prepared to defend themselves against potential threats. 

Bottom line folks – you can outsource your IT, but you can’t outsource your responsibility. 

Risk management is all about helping us to create plans for our future in a deliberate and responsible way. This requires us to explore what could go wrong in an organisation, on a day-to-day basis. 

We need to manage risk to enable us to make the best possible decisions, based on our analysis of future events and outcomes. Whilst the future can be anticipated to an extent, there are limits to how much it can be anticipated. 

There is no business without risk and an acceptable residual risk in one company, will not be acceptable in another.  That’s a business decision.  Risk must be recognised and then managed in some way or other, classified in some way. And whilst we would all like to abolish risk, that won’t happen.  

Whilst working for major providers servicing the big company’s, banks and major government departments, we would recommend that at least 15% of their annual IT budget should be allocated to cyber security.  That means not just tech but also reviewing cyber security policies and processes, cyber awareness training for staff and managers, reviewing the threats and vulnerabilities and then revisiting the risk to their assets.  It’s interesting to note that the figure of approx. 15% has crept up over the years.  About 20 years ago we were saying 5% then 10 and now it’s a minimum of 15% and some company’s are allocating even higher percentages as threats increase year on year.  That figure could easily sky rocket once AI becomes prevalent amongst the criminal fraternity. 

Just keep in mind that cyber security is a business issue and not an IT issue and that cyber risk must be evaluated and dealt with in the same way that you would any other risk to your livelihood.

Cyber Awareness Training General Security Issues Identity and Access Management Ransomware, Phishing and other Malware Security

Artificial Intelligence – It’s here to stay

Artificial Intelligence is coming more and more to the front in the news, in just about all spheres of IT, no matter the vertical it serves. 

What exactly is AI?

Artificial intelligence (AI) describes computer systems which can perform tasks usually requiring human intelligence. This could include visual perception, speech recognition or translation between languages.

Of course, that’s not the only description you’ll find if you use your best research tool, Google, but it’s one used by the National Cyber Security Centre, so it’ll do for me.

I’m willing to bet that many of you, most of you, have some form of AI app downloaded on your devices.  ChatGPT is arguably the most popular amongst the general populace but it’s not the only game in town.  These apps are becoming more and more available and popular. ChatGPT is an artificial intelligence chatbot developed by OpenAI, a US tech startup. It’s based on GPT-3, a language model released in 2020 that uses deep learning to produce human-like text.  It has an underlying technology that has been around much longer, but this blog isn’t about the technicalities of AI, but more about how it affects SMEs as they go about their business.

I’ve been arguing that perhaps the biggest potential threat in terms of proliferation, ie the number of attacks waged at a relatively low level, aimed at quick wins in terms of scamming money, is the re-emergence of the script kiddie.  I wrote, some time ago, about how code could be written to be inserted into a Ransomware attack, quite easily, using AI. 

Script Kiddie

A script kiddie was what we called someone of relatively low skill levels who would go online to the dark web, and purchase scripts written by more advanced criminals that they had put up for sale.   The script kiddie would then use these scripts to mount an attack on a company or organisation.  These often failed because the script kiddie wasn’t all that bright, but just occasionally, they were harmful and even devastating.

Another scam, reported in The Washington Post, was an update on the very well reported CEO Scam, whereby someone impersonates the CEO of a company using spoofed email, but this time it’s using AI spoofing the CEOs voice, attempting to scam money from the company.  This one worked, and the company lost a lot of money.

So why am I bringing this up again so soon?  Well AI continues to be reported in the news, sometimes with a good result and sometimes not so good.  So, I thought I’d ask Chat GPT what it thought about AI and Cyber Security.  I asked 2 questions, the first was, ‘Is AI a danger in terms of Cybersecurity?’.  The answer came back:

Double Edged Sword

AI can be both a boon and a potential danger in terms of cybersecurity.  On one hand, AI can enhance cybersecurity by detecting and mitigating threats more efficiently, analysing vast amounts of data for anomalies, and automating certain security tasks.  On the other hand, AI can also pose risks if it falls into the wrong hands or is used maliciously.  Sophisticated AI powered attacks could exploit vulnerabilities, evade detection, or launch targeted attacks at an unprecedented scale.  It is crucial to develop robust safeguards ethical guidelines, and responsible AI practices to ensure AI remains a force for good in cybersecurity.

So even ChatGPT thinks this is a double edged sword.  The real problem for my target clientele, the SME space, is that affording AI powered tools to detect and mitigate threats and analyse large amount of data, will seemingly be too costly for them.  But as many defences use AI themselves now, it’s actually quite affordable.  So, when we are talking about developing robust safeguards, understanding the risks becomes even more vital, if that’s possible, than it ever has been before.  It also brings Zero Trust solutions sharply into focus and finding such solutions that are affordable, is going to become crucial.

The next question I asked was, ‘How do we ensure that AI isn’t a cybersecurity threat?’.  The answer came back:

Key Considerations

Ensuring that AI is not a cybersecurity threat requires a multi-faceted approach. Here are some key considerations:

1. Robust Security Measures: Implement strong security protocols, encryption, and access controls to safeguard AI systems and their underlying data from unauthorized access or manipulation.

2. Rigorous Testing and Validation: Thoroughly test and validate AI algorithms and models to identify and fix vulnerabilities, including potential avenues for cyberattacks, before deployment.

3. Adversarial Testing: Conduct adversarial testing to simulate potential attacks and evaluate the resilience of AI systems against different cybersecurity threats.

4. Data Privacy and Governance: Establish clear policies and practices for data privacy, ensuring that sensitive information is properly handled, stored, and shared in compliance with relevant regulations.

5. Ongoing Monitoring and Updates: Continuously monitor AI systems for potential security risks, promptly address vulnerabilities, and keep software and hardware up to date with the latest security patches.

6. Ethical AI Development: Integrate ethical considerations into the design and deployment of AI systems, emphasizing transparency, fairness, and accountability to mitigate potential biases or unintended consequences.

7. Collaboration and Information Sharing: Foster collaboration among industry, academia, and government entities to share knowledge, best practices, and emerging threats, enabling a collective effort to combat AI-related cybersecurity challenges.

8. Education and Awareness: Promote cybersecurity awareness and provide training to AI developers, users, and stakeholders, emphasizing responsible AI usage and the identification of potential threats.

By following these guidelines and continuously adapting to emerging risks, we can enhance the security of AI systems and minimize the potential for them to be exploited as cybersecurity threats.

Next Steps & Relevance

Again, looking at this from an SME perspective, some of it isn’t relevant i.e., No6 for example, SMEs aren’t going to be developing their own AI solutions.  And much of it I would have come up with on my own, without the aid of a machine.  It would appear that AI uses some common sense, which is nice.  No8 for example.  I bang on and on about this.  It is low cost and easy to implement.  It’s staggering how many companies don’t do this. This list also shows the value of Zero Trust solutions and encryption, which on its own, vastly reduces the risk to data, particularly PII (personal identifiable information – UK GDPR).

The argument then is that AI might encourage a proliferation of low level attacks, largely aimed at SMEs who generally have the lowest defences.  Quite low level criminals can utilise AI to carry out attacks that heretofore would have been beyond their skill level.  Common Cyber sense can go a long way to mitigating these attacks.  Technology evolves, attacks evolve, but the basic understanding of threat + vulnerability = risk, has never gone away.  Understand that and you stand a good chance of staying safe.

Scroll to top