The Cyber Resilience Centre for the South East of England (SECRC) is one of ten cyber resilience centres in the UK. They are part of the UK Home Office’s ambition to grow and strengthen the region's resilience to online crime and cyber-attacks. SANS is founding partner of the SECRC and sat down to have a chat with Chris White, Head of Cyber and Innovation at the SECRC about the Centre’s mission and how SANS and the Centre collaborate.
SECRC is a partnership between police, public, private industry, and academia. The ten regional centres all offer the same products and services, such as security awareness training, vulnerability assessments and cyber business continuity reviews. Talking about the SECRC’s mission, Chris explains that many small businesses do not have the finances to guard themselves against cyber-attacks, whilst today, even the most traditional businesses rely on digital processes. He points out that of all recorded crime in the UK, 48% is digital. “SME’s can be hit really hard when ransomware holds them hostage. We help prevent their problem from getting worse or from happening again. We do this through education, by pointing them to the right information. And by offering assessments and reviews.”
Rollout of the Cyber Resilience Centres in the UK started in 2020. White: “The government said cybersecurity needed to be more affordable. So, we started to take university students and train them through expert trainers from SANS and other organisations. What this does is create affordable cybersecurity support for small and medium businesses and it trains students to work in cybersecurity in the future.” White says it’s important to demystify cybersecurity. “It happens to everyone. And it is okay not to know if you can trust a message or not. As people, we can be too trusting. Did you know charities are often targeted because kind staff are quick to want to help? People can feel silly that they didn't catch something, but they shouldn’t. Criminal cyber groups use our own behaviour against us. Another tactic they tend to use a lot is striking on bank holidays because there are fewer people in the office and defences will be lowered.”
Why is it important that this cybersecurity facility is a partnership between police, public, private industry, and academia? “It’s a powerful combination,” says White. “Public organisations, in general, are a trustworthy brand. Local police forces have the latest information on emerging cyber threats and criminal trends. Partners such as SANS train our experts, and all together we invest in tomorrow's pipeline of student talent and cyber security practitioners.” Referring to the nature of the partnership with SANS, White says “they are friends of the centre and founding partners. They are a fantastic international organisation that joined us to make the UK a safer place digitally.”
Does he think there is enough sharing of knowledge and expertise across sectors, industries, and countries? It’s difficult, admits White. “There is too much information out there and trying to get what you need is difficult. What is a trustworthy source? But cyber threats and attacks are a worldwide problem, and no one can do it alone. If a company in Australia has a problem, it will have reached the London subsidiary in 4 minutes.” That is why SECRC’s services do not just help SME’s but also their supply chain to prepare and improve cyber resilience. “Take for example Domino’s. You may say it is a restaurant, but everything is digital, so it is also a digital firm. If this organisation doesn't get the cheese delivered or the tomato sauce, they have a problem. Likewise, hotels have a problem if their toiletries, food or bed linen aren’t delivered on time.”
What are the main three things’ organisations can do to become more resilient? White:
“One: be aware it’s not a matter of if you get attacked, but when. You may eventually be subject to some form of a cyber-attack. Someone may freeze your data for money and then expose it if you don’t pay. That’s a double threat.
Two: you have to have a contingency plan in place. What are you going to do when this is happens? If it is a short-term disruption, then that's better than long term or no solution.
Three: fire drills are held because fire is a real threat. So is cyber. Start organising cyber drills.”