NCSC New Guidance for SMEs

905 Views

The NCSC’s new guidance for small businesses to secure their cloud services is welcomed. When it comes to cybersecurity, unlike large enterprises, small businesses usually don’t have the budgets to devote to a dedicated in-house security team. And where a lot of the complexity is hidden from users of cloud services, simple guidance to ensure a minimum standard of cyber hygiene can lift any organisation out of the scope of many opportunistic, yet still impactful, threats.

Cloud services, with their new interfaces, APIs, and communication channels, expand the potential attack surface for attackers. And we know that these provide an ideal entry route for attackers to exploit. Furthermore, such use of off premises technologies erodes the traditional model of ‘perimeter-based’ defence and encourage threat actors to target users’ identity. This is something we see often at WithSecure.

One of the key things small businesses should be checking for is misconfigurations occurring in cloud services. Misconfigurations can lead to security vulnerabilities, data exposure, and operational issues. If a small business has an IT team, they should conduct regular security audits and implement automated continuous monitoring, which will take some of the burden away from the IT team.

Otherwise, we recommend outsourcing such tasks to Managed Service Providers. When looking for the right partner, small businesses should be asking service providers what proactive measures they take to monitor cloud services and how they conduct security audits – this will help them understand if they fit the business’ needs.