UK, Netherlands & Belgium to pilot European cyber security services for SMEs

European Cyber Security Services for SMEs

The UK is to be one of the first countries to pilot a security industry-supported scheme to provide cyber security services for small and medium enterprises (SMEs) in Europe.

The co-ordinated cyber security task-force and response (Costar) scheme, which has been in development for two years, is to begin pilot deployments in 2015.

The UK, the Netherlands and Belgium are slated for the first trials, according to theEuropean association for e-identity and security (EEMA), one of about 10 security-related organisations backing the scheme.

“The UK will be one of the first countries to benefit from Costar in the proof-of-concept stage due to start in the coming months,” Jon Shamah, chairman of EEMA and Costar stalwart, told Computer Weekly.

The scheme will then be rolled out across EU member states country by country, starting in 2016.

The cost of data breaches for smaller businesses with fewer than 250 employees is between £65,000 and £115,000, according to the UK government’s latest Information Security Breaches Survey.

“A single cyber attack can have a severe impact on an SME as well as its customers and suppliers, which means often a whole supply chain can be affected,” said Shamah.

One-quarter of UK SMEs think cyber security is too expensive to implement and 22% admit they do not know where to start, according to research by the government’s Cyber Streetwise campaign.

Not-for-profit organisation

Costar is a not-for-profit organisation providing a managed security services programme for SMEs. It grew out of the first incubation project for developing new business to be initiated by the Trust in Digital Life Association (TDL).

TDL is also a not-for-profit organisation comprising security industry partners and knowledge institutes that believe trust and trustworthy services to be an essential ingredient of the digital economy.

“The traditional approach to security has been to create fear, uncertainty and doubt, but Costar seeks to build confidence, create opportunities and enable leadership,” Shamah told the Trust in the Digital World 2015 conference in Madrid.

“Costar is designed to provide pragmatic, practical, first-step help to SMEs by providing the resources available to most large organisations, but at a price SMEs can afford,” he said.

According to Shamah, Costar’s mission is to help make European SMEs more resilient to cyber attacks by providing affordable managed cyber security services in all EU member states.

The scheme is aimed at addressing the cost of cyber security and the lack of knowledge about cyber threats, which are the top reasons cited for SMEs not having adequate defences in place.

Costar’s activities include monitoring the health of SME infrastructure on subscriber devices and providing remedial action to assist subscribed SMEs that have been attacked.

While specialised support and help in getting operations back to normal will be available at additional cost, the cost of the basic service will be kept low through a high level of automation to deal with common attacks, said Shamah.

“The goal is to provide basic managed services at a cost of less than €5 per device per month,” he said.

Unauthorised network activity

The monitoring service will be aimed at detecting unauthorised network activity. It will complement traditional virus scans and will fully c

omply with EU privacy regulations.

The plan is to provide all EU member states with native-speaking online helpdesk staff to offer immediate support to reduce the risk and damage of a cyber attack.

This will include help to clean up devices with secure software patches, where possible.

Costar will also provide training and awareness programmes for SMEs, will register and co-ordinate incidents reported by SMEs, and will collate cross-border evidence of cyber attacks to assist prosecutions.

The organisation will work closely with national computer emergency response teams, police and other service providers and will exchange data in compliance with privacy regulations.

This element of Costar is aimed at addressing the fact that most cyber attacks on SMEs currently go unreported to the authorities.

Shamah said awareness training is an important aspect of the Costar package because most SMEs are not aware of the risks they face.

EU authorities are concerned about the vulnerability of SMEs because they make up 99% of European businesses and employ two-thirds of Europe’s workforce.

To read more, click here

Blog anglais, La cyber-sécurité, Mises à jour et nouvelles de l'industrie