Cyber services help SMEs with compliance and mitigation measures for cybersecurity
SMEs are often unaware of upcoming cyber legislation and the tools that can help them improve their cyber resilience. A community of experts is working to change that.
Today’s businesses are exposed to increasingly sophisticated attacks from cybercriminals. “However, in my experience, SMEs recognise this danger and know just how vital it is to protect themselves,” says Dr Seamus Dowling. “What they often don’t understand, though, is the first step they should take to improve their cyber resilience.”
That’s where Dowling’s expertise comes in. As a Programme Chair and Lecturer in Cybersecurity at Atlantic and Technological University (ATU), he is also Cybersecurity Resilience Lead at Data2Sustain, a consortium of universities, research centres and dedicated digital resources from industry that form a government-funded European Digital Innovation Hub (EDIH) network. In all, there are four EDIHs in Ireland and 288 across Europe.
Free cyber services for digitalisation
As part of the national and wider European network, Data2Sustain provides free cyber services (subject to state aid) to businesses and public bodies to advance digitalisation and data innovation.
“European Digital Innovation Hubs build skills and human capacity in digital technology, support sectoral Test-before-Invest innovation projects and actively work to bring together an ecosystem of expertise with a regional or sectoral focus,” explains Mike Conroy, Director. “By working in an ongoing consultancy, workshop or project basis, we assess an SME’s needs and help create a roadmap towards cyber resilience.”
Identifying where vulnerabilities exist
Clients can include everyone from manufacturing, data services and cloud services companies to healthcare and application development businesses. The first step is always the same.
“We begin by assessing their current assets in order to identify where vulnerabilities exist,” says Dowling.
“For instance, if SMEs store and control data in the cloud, they might think it’s compliant and secure — but the cloud infrastructure might be located in a region with conflicting data residency legislation. By understanding where breaches could occur, mitigation measures can then be put in place.”
Helping achieve regulatory compliance
Data2Sustain actively engages with SMEs to raise legislation awareness and create the frameworks that can help them achieve compliance. For example, the Network and Information Security Directive (NIS2) comes into force in October and identifies ‘minimum measures’ an SME must implement. These include risk assessment, multifactor authentication, cybersecurity training and security procedures.
“The SMEs that come to us are very cognizant of their responsibilities,” says Dowling. “But they can be surprised by legislation that is fast coming down the tracks. Nevertheless, once we identify what they need to do to achieve compliance, they are very willing to go on that journey.”
