An interesting article by the cyber security consultancy Savanti, was brought to my attention yesterday. It was focused on UK companies and their struggle to address the growing cyber security threats. This is especially pertinent to SMEs. In 2022, global cyberattacks saw a 38 per cent increase compared to the previous year. The rise in cybercrime is not sparing UK businesses, with a total of 2.4 million instances of cybercrime reported within the last 12 months across various industries. The financial impact of cybercrime is also significant. According to Cybersecurity Ventures, the cost of cybercrime to businesses could reach £8.4trillion annually by 2025, positioning it as the third-largest global economy after the US and China. Many boards appear to be struggling to understand the intricacies of cyber risks. Fifty-nine per cent of directors admitted that their boards are not effective in comprehending the drivers and impacts of cyber risks on their organisations.

Savanti have highlighted a compelling correlation between effective cybersecurity measures and business success. Companies with digitally-savvy, cyber-engaged executive teams experienced higher revenue growth, increased valuations, and improved net margins.

Furthermore, effective cybersecurity practices led to higher success rates when competing for new clients, enhanced data insights, increased investor confidence, and preserved shareholder value during mergers and acquisitions.

There are several measures all companies can take but the issue with SMEs remains a lack of resources and expertise in the field of cyber security.  They are very reliant on outside support and often attempt to get that support from the local IT company that provides their hardware and software, often managing their network. Managed Security Service Providers (MSSP) have long ignored this sector primarily because of cost.  The services they provide traditionally have simply been too expensive.

A good cyber security strategy has always been founded upon strength in depth.  Sound security architecture, good cyber awareness training, solid access control and identity management, and the ability to protectively monitor your estate for threats, vulnerabilities, and risks.  And this latter is what we’re looking at today.

What is Protective Monitoring, and how would be it benefit you?  After all you’re an SME and this all sounds just a bit over the top.

Well, it’s central to the identification and detection of threats to your IT systems. It acts as your eyes and ears when detecting and recovering from security incidents and it enables you to ensure that devices are used in accordance with your organisational policies.

Effective monitoring relies on proportionate, reliable logging and device management practices. This guidance is designed to give system and network admins advice on the logging and monitoring options available on modern platforms.

What use is it to me, I hear you ask?  Well, many incidents have been shown to target individual hosts, from which attackers will attempt to further strengthen their access through lateral movement techniques such as credential theft, account impersonation, use of legitimate network tools or known exploits in outdated versions of network protocols to propagate and compromise additional devices to access additional data and services.

In a cloud environment some of these techniques may be less effective or not apply, however your users still have to access these cloud services and monitoring device activity, health and configuration are still important, perhaps more so, when deciding whether or not to permit access to organisational services and data.

The key to making this affordable and appropriate for SMEs, is automation, which is becoming more and more possible using AI enhancements.  I’ve highlighted before that here at H2 we are constantly on the lookout for innovative solutions that allow us to provide appropriate and effective services to our clients, at a price that is affordable.  And we think we’ve found another gem.

This is yet another SaaS service, so no expensive infrastructure costs and no additional software required to run it.  The agents required to scan the data can be installed remotely and within minutes, without your users knowing it’s happening.

We leverage:

• Generative AI, phishing simulation emails are crafted on the fly based on custom inputs, targeting groups of employees, and reporting on pass/fail status.
• Automatically receive real-time alerts when a threat is verified, or action is required.
• Respond swiftly to cyber events with one-click remediation and powerful integrations.
• Generate a report summarizing your risk across their digital footprint, with just a single click.
• Demonstrate ROI by reflecting the value of this services using language that resonates at a business level.
• Provides continuous vulnerability assessments.

The following services are provided as standard:

• External Risk Assessment
• Phishing simulation
• Identity theft protection
• Secure browsing
• Cloud apps security
• Email security
• Device protection
• Cyber Awareness programme
• Automated remediation
• Continuous threat detection

And as bonus, if you wish, a cyber insurance policy starting at around £400 annually, which is priced according to the risks identified within the product, i.e., the more the risk is reduced, the more the premium is reduced.

This whole package is offered as a managed service so that the risk, risk reduction, reporting and monitoring is all carried out by us, within the incredibly low price shown above.

In the coming days we will be offering a demonstration of the product, followed by an introductory offer of a 7 day free trial and a service priced at a fixed price of £10 per month per user, plus VAT.  No fixed term contract, terminate on 30 days’ notice.