Jan 2020 – World Economic Forum

We didn’t find the time to go to Davos this year…but the World Economic Forum have included cyber security in their Global Risks Report 2020 https://www.weforum.org/agenda/2020/01/top-global-risks-report-climate-change-cyberattacks-economic-political/

Cyber security risks feature in both their Long-Term and Short-Term Risk Outlooks.

The unfortunate fact is that many cyber-attacks do not discriminate between huge global corporations and the type of small to medium size businesses that Consult MB Ltd supports in places like Bridgwater, Bristol, Cardiff, Clevedon, Dursley, Davos…no, not Davos, but you get the idea.

If you need any help or advice with your cyber security please contact us.

Dec 2019 – Small Business Awareness

In amongst the Black Friday/Black Monday/every day of the week/year sales…was ‘Small Business Saturday’ on December 7th. The NCSC supported the day by releasing a series of ‘bite sized’ videos that outline their response and recovery guidance for small businesses. You can find the videos here: https://www.ncsc.gov.uk/collection/small-business-guidance–response-and-recovery/video-collection

The NCSC have more essential guidance for small business here: https://www.ncsc.gov.uk/collection/small-business-guide

At Consult MB Ltd we love an informative cyber security video. You probably won’t find the NCSC releasing it, but check out this seasonal clip from Christmas 2014 by the Security Awareness Company https://www.youtube.com/watch?v=4z5TpZvTcg4

If you’re a small to medium sized business in Bristol, Somerset, or nearby, then please contact us if you have any needs for cyber security awareness training, for implementing robust policies and technical controls, or if you want to gain Cyber Essentials / Cyber Essentials Plus certification.  

Nov 2019 – NCSC Annual Report

On October 23rd the National Cyber Security Centre (NCSC) published their Annual Review for the period 1 September 2018 to 31 August 2019. It’s a good read, if only to understand the breadth of the threats facing organisations in the UK. The Cyber Essentials scheme got a few mentions, with some 14,234 Cyber Essentials Certificates being issued in the last year.

You can download the report from here: https://www.ncsc.gov.uk/annual-review/2019/ncsc/docs/ncsc_2019-annual-review.pdf

Consult MB Ltd is a licensed certification body for the Cyber Essentials and Cyber Essentials Plus schemes. We support clients in Somerset, Bristol, and the surrounding areas in their efforts to establish and verify their cyber-security baseline. Please contact us if you wish to learn more about Cyber Essentials and how your organisation could achieve it.

Oct 2019 – Cyber Essentials Future

In June the NCSC announced that they were going to create a new partnership model with just one Accreditation Body, and minimum criteria for the skills, knowledge and experience of Certification Bodies and their assessors.

We’re pleased to announce that from 1-April-2020 the IASME Consortium will be the sole Accreditation Body. Consult MB Ltd based in North Somerset is already licensed by the IASME Consortium to conduct Cyber Essentials and Cyber Essentials Plus audits, and we look forward to continuing to provide that service to small-medium sized organisations who seek to improve their cyber security in a cost effective manner.

Aug 2019 – Phishing in Somerset

Mike Brett of Consult MB Ltd was asked to write an article for the Somerset Chamber of Commerce’s magazine, Somerset Voice. The article is reproduced below. Phishing is a relatively old topic but it remains very relevant, and should feature at, or near, the top of any list of topics for staff awareness training.

The Article

I sometimes come across customers who have a security policy for absolutely everything. They spend significant sums of money on advanced technical controls and are supported by dedicated IT professionals. Yet, somehow, these organisations still get hacked, and invariably it starts with an indiscriminate, untargeted phishing attack.

Phishing used to be defined as an attempt to trick someone into giving information away over the Internet or by email. That still holds true, but these days phishing emails frequently contain attachments or website links that are intended to lure the recipient into inadvertently installing malware onto their computer. Typically, that initial malware is just a foot in the door, and more advanced malware will follow.

The lure of phishing emails deliberately exploits both the best and worst features of human nature. People can be trusting, willing to help others and inquisitive. They can also be greedy, lazy, intimidated or coerced into making rash decisions. Phishing may exploit any of those characteristics to achieve the desired aim, to get your employee to open the attachment or click on the link.

Indiscriminate phishing may, for example, send an email to 100,000 random recipients demanding immediate payment of the invoice attached. If only 1 in 100,000 recipients is pressurised into opening the attachment, the phisher may have succeeded. If that recipient works in your company, let’s hope your technical controls are good enough to counter what happens next.

Often the greatest illegal gains are achieved via targeted phishing, known as ‘spear-phishing’. This is when a mail is cleverly crafted to bamboozle a specific individual. If that person is very senior in the organisation, this is known as ‘whale-phishing’.

You can buy software to analyse incoming email, but it may not provide perfect phishing detection. Instead, I suggest the focus should be on the potential victims, i.e. your staff. As such, I recommend that you conduct frequent and interesting staff awareness training. In April 2019 the National Cyber Security Centre introduced ‘Exercise in a Box’ a free online awareness training tool that includes a phishing attack exercise. Please check it out…but not if it arrives as a link in an email from a stranger.

Mike Brett CISSP, works as a Cyber Security Consultant for Consult MB Ltd.

Jun 2019 – Repeat custom gone mad!

Consult MB Ltd is pleased to announce that we have secured a new contract to provide enterprise architecture services to our oldest customer. Since our company formation in 2003 we have enjoyed a sixteen year relationship with this government department. Repeat custom gone mad, we love it!

May 2019 – Awareness Training

Consult MB Ltd, in association with the Somerset Chamber of Commerce, held a half day ‘Cyber Security Workshop’ at the Somerset Chamber Office in Taunton. The workshop provided an opportunity for small to medium size businesses to understand common cyber security threats. It provided insights into the current threats which are targeting businesses and examined cost effective and achievable methods to counter those threats. No previous cyber security knowledge was assumed. As ever, the workshop delegates were delightful to meet, and represented some local businesses with interesting IT solutions and challenges.

A good discussion around WiFi security, Man-in-the-Middle attacks, and VPNs followed a refreshment break look at a clever cyber security video from the Security Awareness Company.

If you’re interested in cyber security awareness training, please contact Consult MB Ltd and we can discuss a bespoke programme that will meet your specific needs.

Apr 2019 – Cyber Security Breaches Survey 2019

The Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2019 is an interesting read…not only if you’re into Cyber Security 🙂

A key message is that fewer companies have identified breaches or attacks than before, perhaps because the introduction of GDPR has had a positive impact on their cyber security posture. The report does say that where organisations have lost data or assets through security breaches, the resulting costs have consistently risen since 2017. The survey continues to disappoint in the sense that most organisations, particularly smaller ones, are not aware of Government initiatives such as Cyber Aware, 10 Steps to Cyber Security, and Cyber Essentials.

Help is at hand, Consult MB Ltd in Weston-super-Mare, North Somerset conducts much of its cyber security work based on ’10 Steps’ and Cyber Essentials. Check out our services options for more details.

Mar 2019 – Charities to benefit from Cyber-Security campaign

UK charities play a make a major contribution in supporting their chosen groups throughout the UK. For many people, the support from charities is literally a lifeline. Their work, however, also necessitates that they hold personal, commercial and financial information which has a clear value to cyber-criminals. Coupled with a reliance on IT, this sadly means charities are as vulnerable to cyber-attacks as any other business

Addressing resilience within charitable organisations can be a challenge. Many do not perceive themselves as open to the cyber-threat; a threat which, in reality, is unbiased as to an organisation’s size or sector. Whilst targeted attacks are still commonplace, so too are attacks which target a vulnerability rather than a specific person or organisation. Be it targeted or not, the consequences of a cyber-breach can be devastating.

The IASME Consortium, a leading Accreditation Body for the government backed Cyber Essentials certification scheme, is launching a week-long campaign aimed at encouraging registered charities to improve their resilience to on-line threats. Together with participating certification bodies, IASME is offering discounted certifications on schemes which demonstrate charities have recognised best practice protections in place. IASME’s support for the third sector will take place between 29 April and 3 May 2019.

The IASME Consortium package includes the widely recognised Cyber Essentials scheme. This scheme assesses against 5 core technical controls which, had they been in place, would have prevented the majority of successful attacks in recent years. The 5 technical controls are anti-malware, access control, patching, secure configuration and firewalls.

IASME will also be offering its own award-winning governance standard as part of the promotion. IASME Governance, which includes a Cyber Essentials assessment and a GDPR check, is an information security management standard which is more practical for SMEs than the traditional ISO27001. Taken simultaneously with Cyber Essentials, IASME governance covers additional protections such as physical security, data back-ups and staff awareness.

Dr Emma Philpott, Chief Executive of The IASME Consortium stated, “Charities work tirelessly to secure donations for fantastic causes. Having the right safeguards against unscrupulous cyber activity can help protect the donations and also any sensitive information that a charity might hold.”

The IASME Consortium licenses a network of certification bodies including Consult MB Ltd, based in North Somerset. Consult MB Ltd owner, Mike Brett , stated, “We had no hesitation in participating in this campaign. Charities do so much to help society and we want to help ensure that every available penny goes to where it can make a real difference.”

Interested charities can find further information and apply via Consult MB Ltd.

Campaign discounts. Cyber Essentials usual price £300, campaign price £225. IASME Governance usual price £400, campaign price £250. All prices are quoted exc. VAT.

Dec 2018 – Meet the Fraudstars!

Attended an interesting seminar, arranged by Lloyds Bank hosted at Weston College, on Fraud and Cyber threats. Lots of useful tips and advice for small businesses. Also, lots of alarming statistics around fraud and cyber-crime.

Lloyds say a financial fraud is committed once every 17s (yes seconds!).

The ‘Meet the Fraudstars’ video by Get Safe Online and Lloyds looks at impersonation fraud.