Cyber supply chain security is too hard for small business owners

  • Is your small business facing lengthy security audits and reviews by sensitive prospects and enterprise clients?

  • Can you quickly evidence that key controls in your digital supply chain are operating effectively?

  • How fast can you detect a cyber breach of your business or your key suppliers?

Take back control of your cyber supply chain monitoring with sb2

The Small Business Security Bot is a managed service that continuously monitors the health of your business' external key controls and analyses high grade cyber threat data for signs of trouble across your online supply chain.As soon as sb2 detects trouble, you receive an alert on your mobile.Each week you will receive an email summary showing the security state of your business' external digital footprint along with the operational health of your suppliers key cyber controls.No software agents, downloads or dashboards to constantly check.Be the first to know with sb^2

© Resilient Security. All rights reserved.

Headshot of Craig Balding

Hi, Craig Balding here - the "man behind the curtain" of sb2 - the Small Business Security Bot. Before starting my cyber consulting business I was Managing Director for cyber at a global bank after 17 years working at GE.

I am now on a mission to improve the state of security
for thousands of small business owners who...

  • Understand you can outsource responsibility, but not accountability

  • Recognise that cyber has become a material risk to their business

  • Want to monitor their business' digital footprint & supply chain

  • Don't have in-house cyber security expertise available

Why sb2?

sb2 was born after I got tired of manually checking 30+ cyber security websites,
tools, and open-source security lists just to get peace of mind that:

  • My business' online reputation wasn't getting trashed, i.e. my web domain appearing on spam blacklists (you don't need to send spam to end up on some of these!)

  • My service providers user facing security controls were not missing in action thereby letting anyone manage my online presence

  • Changes made to key elements of my business' online infrastructure were legitimate and not a sign of a potential breach

  • The credentials I use to login to online service to run my business were not showing up in dodgy places on the Internet.

Even with my 20+ years cyber security experience,
I found this time consuming, error prone and in practice I was inconsistent.

To make matters worse, online tools come and go and finding credible replacements takes time. Free tools often switch to paid, adding user account and payment friction to an already unwieldy, but necessary security process.But more than anything, who wants to spend valuable time pointing and clicking around a bunch of different websites just to get a basic picture of their business cyber health?

Your client should never be your
Breach Detection System

Losing the initiative in a breach response is never in the incident response plan.Imagine opening an email from an important client - or a journalist - asking for a comment on a reported cyber breach of your own company. It's one thing to get breached, it's another to learn of it from a security sensitive client!

This lack of control over events extends to breach timing. Do you power down your website and company email service when you go on holiday?I don't and I don't know anyone that does.Even as a self-confessed security geek, the last thing I want to deal with on holiday is running health checks to verify my online business is secure.And the absolute last thing I want is to suffer a breach (bad enough),
but to find out from a concerned client!

With sb2, I have started automating cyber security checks to monitor my business' digital footprint. The lightbulb moment came when I realised I could extend these checks to keep an eye on the digital services of my key suppliers. I recognise that our businesses are connected by a supply chain and if my important suppliers get breached, that will likely have a material impact on my cybersecurity, or my business bottom line if there is a payment relationship in place.

Trust, but Verify

Ronald Reagan is famously quoted as saying "Trust, but verify". As small business owners, we place our trust in 3rd party service providers to host our websites and other digital services. Whilst we can outsource responsibility, we remain accountable to our business stakeholders and clients should things go wrong. So, how do we move beyond blindly trusting assertions our service providers make about their service? With sb2, the answer is two fold:

  • Data-mine enterprise grade cyber intelligence sources that monitor vast portions of the Internet for breach indicators.

  • Pair this data with non-invasive checks of suppliers Internet facing key controls to develop a live risk score.

With this twin approach, sb2 is one of the first to spot
the telltale signs of a potential supplier breach.Imagine how much faster you can react
to contain the material impact on your business?

  • Disconnect payments

  • Change passwords

  • Communicate with stakeholders

  • Contact your account manager

Know before your Important Clients do

Your security sensitive clients expect more cyber threat readiness
from your small business than ever before.As the former Head of Cyber Risk for a global bank, I created cyber due diligence checks that placed specific demands on thousands of suppliers. I know full well that most small business owners end up depending on their suppliers to inform them of a breach, who in turn only find out through their customers informing them.

Even with the advent of breach disclosure laws, breach notifications from your key suppliers may come too late for you to limit the damage. This is especially true if organised crime is behind the breach - they move data and money fast (it's called organised for a reason!).

Bootstrap a Sustainable Service

I am making sb2 available to small business owners. You can benefit from the same cyber security monitoring checks I run for my own business.To make an enterprise grade cyber service affordable to small business owners requires a clear focus on what is important, supported by a business model that make this service sustainable for the long term.For now, I am limiting access to UK LTDs and accepting GBP payment by bank transfer only. I am standing up a simple and secure interface for account management, with all support handled by email.Alerts will be sent straight to your mobile.
Weekly reports will be communicated by secure email.

What you get

  • No BS security alerts: sb2 only issues alerts when there is credible information you need to review or react to. This is unlike other security tools that inundate you with unclear or spurious alerts. sb2 alerts are written in plain English and include links to helpful resources

  • A weekly email report summarising the security state of your business' external digital footprint along with the operational health of your suppliers key cyber controls. This provides both peace of mind and evidence you can share with interested parties to substantiate the trust they have placed in your small business.

What you don't get

When I say cyber supply chain I'm referring to your business' Internet presence - your websites, applications etc. If you are a software development company that builds software, you may be thinking I'm talking about security analysis of the source code and software components in your builds...but no, sb2 is not trying to solve that challenge. I do address this challenge through my consulting business. If this is of interest, drop me an email at hello@resilientsecurity.co.uk.For the avoidance of doubt, sb2 is a monitoring service - it does not operate in-line and so does not block attacks.Finally, sb2 cannot "see" what's going on inside your network so it won't detect insider attacks, unless there is external evidence that could reasonably signal a problem.

How much?

£39 per month £19 per month during the beta period payable via bank transfer.If you've got to this point, it's very likely you recognise you could be doing more to manage your cyber risk, but either lack the expertise, time or desire to do this yourself.Imagine how you would you feel knowing that sb2 is watching your small business, day in and day out.

© Resilient Security. All rights reserved.