A social media, podcasts, radio and business network advertising campaign by UK Government is encouraging businesses to engage with the official Cyber Essentials scheme. For an overview of the scheme, visit the the National Cyber Security Centre (NCSC) website. The UK official NCSC developed the scheme with the Department for Science, Innovation and Technology (DSIT).
Visit https://www.ncsc.gov.uk/cyberessentials/overview.
Dr Ric Derbyshire, Principal Security Researcher, Orange Cyberdefense, welcomed it as an encouraging show of support for small-to-mid-sized organisations. He said: “This is especially crucial at a time where cybercriminals are increasingly targeting SMEs, who are often more vulnerable than their enterprise counterparts due to smaller budgets. And the beauty of extending support and education towards this group of organisations is that it benefits all. This is because modern supply chains are no longer linear, but rather a dense web of interdependence, and any small weakness can be the catalyst for a large-scale attack. And so this emphasis on securing the UK’s SMEs is also a motion towards securing the cross-national, and international, supply chains.”
And Niall McConachie, regional director (UK and Ireland) at the passkey product company Yubico, said: “Small businesses are currently operating under a dangerous misconception: believing they’re too small a target for attackers. In the age of AI-driven cyber crime, automated tools target all employees and businesses the same. Every unsecured entry point is a target, and our data confirms that SMEs are leaving the front door wide open by neglecting basic training and not implementing multi-factor authentication (MFA).
“For small businesses – which represent the backbone of our economy – the key to ensuring resilience against cyber threats is the widespread adoption of enterprise-grade security. We need to abandon the idea that robust authentication is ‘too expensive’ or ‘too complex’ for smaller teams. In reality, it’s too expensive not to protect systems and data. Implementing phishing-resistant MFA, such as device-bound passkeys like hardware security keys, is the only scalable way to level the playing field and immunise small businesses against the commercialised threat landscape they now face.”
