security

UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups – CSO Online


The UK National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA), part of security agency MI5, have launched a new awareness campaign to encourage the UK’s emerging tech sector to protect and secure their innovations. The campaign consists of a suite of guidance that offers best-practice advice on keeping ideas safe.

A free Quick Start Guide is available to help those without extensive security expertise take the first steps toward protecting their innovations. Beyond this, the Secure Innovation website hosts more detailed advisories for businesses and investors, suggesting ways to bolster their protections against threats.

Startups are notoriously prime targets for cybercriminals, yet few of them are fully prepared for an attack. Research from Cisco and the National Center for the Middle Market found that 62% of small and midsize businesses (SMBs) don’t have an up-to-date or active cybersecurity strategy. Meanwhile, the National Cyber Security Alliance has previously referenced that 60% of SMBs that are hacked go out of business within six months, although it has recently backpedalled on this in favour of more current and clearly sourced data.

Security guidance centres on three key steps

“Security is a necessary investment for a tech startup. It will evolve as your company grows, but laying strong foundations from the start will help to protect your business from the get-go,” read the NCSC/NPSA guidance. “Putting protections in place now will save you time and stress further down the line and will give you peace of mind that your valuable assets are secure.”

Readers Also Like:  Federal appeals court extends limits on Biden administration communications with social media companies to top US cybersecurity agency - CNN

The advice centres around three key steps for appointing a security lead, identifying and documenting key assets, and assessing a business for security risks.

Having a senior representative take ownership of security means it will be factored into all future business decisions, giving reassurance that it is always top of mind and won’t slip to the bottom of the priority list, the guidance stated. “Starting a conversation about security right from the start is a great step towards creating a positive security culture that will evolve as your business grows and will help your team to learn from any security incidents should they arise.”

Warnings about third-party access to key assets

Technology companies (particularly startups) will have assets that might be targeted by third parties such as competitors, criminals, and state actors. “Third parties with access to your key assets could use them to gain commercial advantage at the cost of your company’s profitability and chances of success,” the guidance added. Identifying critical assets early on will help to prioritise resources when it comes to security planning.

“Documenting and managing risks is essential to effective decision-making in your business,” it continued. Assessing these risks in relation to the likelihood of them occurring and how impactful these would be will ensure that prevention strategies are being implemented. “A detailed risk register will reduce the likelihood of a breach and inform your counter strategies, minimising the potential damage caused by a third party.”




READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.