The US could learn from the UK’s NCSC
The UK’s NCSC is their National Cyber Security Centre (you can tell it’s English because of the spelling of ‘Centre’). Each year (with COVID year exceptions) they put on a conference focused on real tactics for companies to be more cybersecure. As a cybersecurity professional, I have had the chance to attend a few CyberUK conferences and they are great! They are not BlackHat and don’t try to be. They are less interested in the cool new hacks and more interested in securing the nation.
The UK has a very real reason for investing in security awareness. In May of 2017, a worldwide attack of ransomware called WannaCry hit the National Health Service in England and Scotland. The ransomware infected up to 70,000 devices in 200 NHS hospitals and forced the health system to nearly shut down. For a time, only critical emergencies were being handled, everything else was postponed.
The US approach to business support is focused on large corporations and critical infrastructure. To be sure, both are important but it leaves the small-mid sized companies to fend for themselves. Leaving these companies to find their own solution is a mistake, in my opinion, because they represent 70-80% of the US economy and they usually don’t have the resources to bring cybersecurity talent in-house.
The UK approach to cybersecurity is about public education about how to protect yourself and your company. The message from the US government is about notifying the government if you see or experience anything. One is proactive and one is reactive. We should do better!
Those that know me understand that I have a passion for small business. I understand the challenges of running a small business and know that cybersecurity is really low on their priorities list. Making payroll is far more important. I get that! However, don’t use ‘I’m not big enough to be interesting’ or ‘I don’t have any information to protect’ as an excuse. You are and you do! You may not choose to deal with it but you should be aware that YOU ARE a target and your data is probably MORE VALUABLE then you realize.
- The Imperative for Cyber Talent on Corporate Boards - March 29, 2024
- Talking CMMC preparation - March 12, 2024
- Protecting Your Business: Strategies to Combat DNS Attacks - February 20, 2024