Mark Moore, co-founder of the South West Cyber Resilience Centre, spoke to SWTD about the cyber threat to businesses and charities, the ways to reduce risk and how his experience as a serving police officer shapes his vision for the business.
What gave you the idea to set up the company?
The South West Cyber Resilience Centre (CRC) is part of a national roll out, co-ordinated by the National Police Chiefs’ Council and supported with some Home Office funding. It’s a really innovative approach for policing because we don’t usually stretch out very far into the commercial world, but there are in my mind two key reasons for us to change that with the CRC. Firstly, we find that if we can’t tell people exactly what they need to do differently after a cyber attack – how to change their systems, what products to use – then they’re often left confused and vulnerable. But if we can get them technical support and reliable commercial experts, then they can help themselves far better. And secondly, we probably don’t know enough about the nature of cyber crime. A fraction of it is reported, and many companies don’t want to publicise their difficulties. So increasing our collaboration with the private sector operators who pick up the pieces, helps us to understand far better the extent and nature of this growing threat.
Where are you based?
I’m personally based near Exeter, having moved from an operational role running the local policing area. As yet, we don’t have a business premises in any meaningful way, and we’re pretty ambivalent about whether we’ll need one right now. The business model is very much about reaching out to the business community and co-ordinating services that they might require. So we’ve found ourselves at lots of virtual events hosted by others, and frankly it’s been a relief not to pound the M5, M4 and A30(3) to do so! But we’ll continue to cover the SW region which includes and extends outwards as far as Gloucestershire, Dorset and Wiltshire, in whatever way best suits our members.
Do you have any co-founders?
I do indeed: the CRC has two full-time directors, and Ross Brown is not just my partner in crime prevention, but also a serving detective with the Dorset force. You can find out a bit more about us on our website at www.swcrc.co.uk. The company will remain under the legal control of policing, but that said we also have in place a management board to include private sector partners. Leonardo cyber security is our first founding partner, and we look forward to expanding the commercial expertise available to guide us along our way.
How serious is the cyber threat to businesses and charities?
It’s huge: but the good news is that simple steps can really reduce it. Last year, government figures show that two in five businesses spotted an effort to attack them, and it’s a safe bet that a large number were targeted but remained unaware. For businesses which were successfully breached, the average annual cost was over £8k. We also know that, during the pandemic period, criminality has changed just as businesses did. Increasingly, criminals share expertise, contacts and tools, to help increase the chances of an attack being successful. Businesses and charities, whose IT has already been challenged by having to support people working from home and with their own devices, need to ensure that they are keeping pace.
A recent survey suggested that around one in four businesses could be sent under by a successful cyber attack. Now that I’m running a business myself, I understand how difficult it is to find time to focus on this stuff. So I’m acutely aware that whatever we do has to be practical, achievable, and useful. No-one’s entirely immune from attack, but if you can’t do everything, do something.
How can you help?
We are not-for-profit, and we aim to help businesses and charities, with everything from the simple to the complex. At the start of the journey, we provide free guidance which tells you about the simple things you can do to reduce risk. This includes – for example – free e-learning for your teams, guides about password security, and exercises to walk you through how you might respond to an attack. We make contact with everyone who registers with us, to check that everything is going ok, and once a month we provide them with an e-newsletter to warn them about the latest alerts, scams, and new guidance, by way of a free briefing to stay safe. Finally, we provide a comprehensive programme of webinars where members can ask questions and listen to presentations from local and national experts at first hand. All of this is free, and accessible via registration on our website at www.swcrc.co.uk/membership.
If members then want a more personalised service, we can provide this inexpensively but to a very high standard through our academic partnerships. Using local student talent and experienced cyber expertise, we offer a variety of bespoke offerings. We could look at your website or systems and see whether they’d be vulnerable to the top hacking approaches, let you know what information is out there about you or your business which might be used to attack you, or simply run you through a business continuity exercise to make sure your plans are sound. And at the most complex end of your cyber security requirements, we can signpost you to local firms who have nationally-recognised expertise and want to work with small companies. We think that a ‘trusted trader’ model is far better than a Google search if you ever need help. So we really do want to support SMEs and charities with whatever they need.
How has your experience in policing shaped your decision to start the company?
It’s an interesting question. Whilst the decision to start this venture was one taken collectively by forces across the region, I was led to the role for two reasons. The first was a genuine interest in cyber, and I was a digital lead in my own force of Devon and Cornwall. I don’t proclaim detailed technical expertise - and I’m very careful not to overstep the bounds of what I can advise people about - but it’s clear that business and policing alike are undergoing a huge shift towards the online world, and it’s great to be at the vanguard of those changes. The second aspect is a really simple one. I started out my policing career many years ago because I wanted to help people. That hasn’t changed, and it strikes me that cyber resilience is an area where people really do need some support. Building up a business or charity takes so much time, investment and emotional energy. It’s heart-breaking to see that destroyed or damaged by criminals, and if I can help one person to not fall victim, then it feels like a big win. That’s why I’m so keen to ensure that as many people as possible know about, and take advantage of, our free offer.
What are your plans for the future?
Other than world domination and a winning lottery ticket? In all seriousness, we are focused intensely on growing this business so that it provides as wide a layer of protection as possible across the South West region. I think that when people hear ‘cyber crime’ they often react in one of two ways. One is to assume that their IT provider has got that aspect covered. The other is to cross their fingers and hope that it doesn’t happen. But actually, in the same way that we all consider the security of our business premises, we need to think about the valuable assets that we have online. For me, getting that message across to the owners of local shops, farms, and tradespersons is equally important. Already, we are supporting well over two hundred businesses across the region. Our next target is to reach five hundred by the end of the year, and I’d like to think that an eventual number of ten thousand would be realistic. If we can be sending out regular updates and guidance to that many charities and businesses, then I think we’ll really be making a difference. And that’s what it’s all about.