At the National Archives today, CISOs and other information security professionals gathered as part of a Directors' Masterclass organised by The Sasig to give directors the chance to ask questions that they normally wouldn't be able to when it comes to protecting their company's security.
The owner of an SME that is in the business of app development asked a panel of CISOs during the event what he could do in order to get ahead of all the security issues discussed during the event eg training staff to watch out for phishing attacks, clamping down on tailgating, and the human aspects of cyber-security.
Even though he was given good advice by the panel on getting certain basic steps to security done, Richard Starnes, CISO of Kentucky Health Coopreative said in response that he thought that the security industry in the UK is failing SME's.
Starnes said: “The UK has been the leader in most things when it comes to cyber-security. But only as recently as November 19th did the Home Office think to add cyber-security to the list of Tier 2 Shortage Occupation List. This list only applies to companies that have between 25 to 250 employees. That size company would never be able to afford the kind of salary you would need to give someone to attract them to move countries.”
At ISSE in Berlin last month Emma Philpott, chief executive of the IASME Consortium was also encouraging the information security industry to engage with SMEs to encourage SMEs become cyber-security aware.
She said, “The approach has to be simple, there must be no cyber-speak, SMEs should not be made to feel bad and the cost must always be as low as possible when engaging with SMEs.”
Back in Septemeber 2013, SCMagazineUK.com reported on how the UK's £650 million National Cyber Security Programme seemed to be 'failing SMEs'.
This was also echoed by Starnes, who said that another delegate at the event, who cannot be named, said to him that: “Different parts of the UK government aren't the best at communicating with each other”.
Speaking with SCMagazineUK.com, Emma Philpott commented: “With any new emerging professions, it takes a while for the government the catch up. And the same goes for getting some of the larger security companies, it takes a while for the word to get around while companies adjust their ‘sales pitch' for smaller companies.”
She went on to explain that: “We need to find the balance. What might be good for a huge enterprise might not working for a smaller SME and that is what the infosec industry needs to work on.”