Scolyer-Gray Consulting Services was created specifically to reduce Australian small businesses' exposure to cyber risks by taking a new approach to security consulting that is aligned to the unique needs of small businesses.
Cybersecurity is, fundamentally, a business problem underpinned by the logics of risk and probability. In practice, the vast majority of cyber threat actors are following a simple, and likely very familiar, equation to determine which businesses they attack:
Cyber threat actors decide who and what to attack based on whether or not the costs involved in attacking a business (i.e., time, resources, skills etc.) are lower than the benefits the threat actor can expect from their attack.
This means, quite simply, that small businesses can very reliably deter the majority of cyber risks by simply altering this equation: If your business is even just a little bit more difficult a target (i.e., more time, effort and money required to break your defences), then your risk of being attacked drops dramatically.
My vision is to implement small, simple, inexpensive and unobtrusive changes to as many Australian small businesses as possible so that they become targets that are just too difficult to justify attacking.
Australia has been one of the top 10 most-hacked nations in the world since about 2020, and in the fourth quarter of 2022, by some metrics, Australia earned the title of ‘most frequently hacked nation in the world’. At the time of writing, Australia is sitting somewhere between 5th and 6th place, which means the nation is a strong competitor for this dubious distinction against nations such as the United States, Russia, Spain, France and India; Countries with populations and economies many times the size of Australia's. So why is Australia, and therefore Australian small businesses, such a popular target?
In short, Australia is a service economy with underdeveloped cybersecurity standards, requirements and infrastructure that is widely-known among cyber threat actors as an easy target – Small businesses are usually the most vulnerable targets, partly because managed security services and technical defence capabilities are mostly designed for, and marketed to, larger enterprises. Australian small businesses operate in one of the riskiest environments in the world, face fierce competition, unpredictable market conditions and rising labour and commodity prices, but are still nonetheless expected to take full responsibility for implementing a suite of initiatives and technical controls to establish improved cyber resilience. Unsurprisingly, most small businesses do not have the time or the resources to go chasing after outcomes that might protect them.
Cyber and Information Security is a need to have, not a ‘nice to have’, and this applies in particular to Australian small businesses. However, there have not been any serious or effective initiatives aimed at improving Australian small business cyber resilience, and that which is available is typically some kind of online short course that fail to accommodate for the exceptionally broad range of contextual specifics across different businesses, and requires an investment in time, which is one of the most precious resources that small businesses can rarely afford to spare.
Throughout his time in academia and industry, Dr Patrick Scolyer-Gray has concentrated on integrating cybersecurity with behavioural science, eventually achieving such a hybridity in skills, knowledge and experience that he acquired a new title: ‘Cyber-Sociologist’.
Patrick specialises in the design and deployment of Human-Centric Cybersecurity (HCCS) solutions, consistently revealing previously obscured risks and new opportunities for improved security and resource efficiency.
Leveraging his background in behavioural science, Patrick synthesises novel solutions when tackling the underlying technical and behaviour-driven root causal factors of cybersecurity issues, challenges, and incidents. Patrick commands a unique mastery of the intersections between humans and computers, and has dedicated his career to the cultivation of unique, highly dynamic and effective cross-disciplinary initiatives.
Dr Scolyer-Gray has published and spoken on a wide range of cybersecurity topics, provided advisory services to Australia's Ministers and Government, undertaken cutting-edge research projects, and performed critical roles in securing systems and environments that have ranged in scale from small professional services businesses to some of Australia’s biggest critical infrastructure organisations.
Over the course of his career, Patrick has worked with clients from a myriad of business verticals, of which some, but not all, have included the Finance, Legal, Insurance, Finance, Gaming and Healthcare industries, as well as Academia and Defence.
With his exceptionally broad range of experiences and devotion to the delivery of solutions customised to meet the contextually-specific requirements and contexts of his clients, Patrick is proud to be applying his unique background, skills, knowledge and qualifications to the challenges and opportunities presented by Australian small businesses.
Scolyer-Gray Consulting Services solves the information and cybersecurity challenges faced by small businesses through the judicious application of a simple principle: ‘Do what you can with what you have’. The obstacles to cyber and information security for small businesses are scarcities of time, money and or resourcing (i.e., relevant skills, knowledge, experience etc.). The solution?
1. Respect time constraints and concentrate on achieving improvements to cyber resilience that require the least amount of time:
I specifically look for vulnerabilities, risks and threats that can be remediated, reduced and/or avoided that I can address quickly (albeit with a commitment to transparency – it’s your business and it is up to you how your security is managed). Perhaps most importantly, I absorb the time problem by undertaking the initiatives on your behalf and in a way that does not intrude on, or cause interruptions to, your business operations. Simply by starting with, and systematically dealing with ‘low hanging fruit’, I regularly achieve major improvements to the security postures of my clients.
2. Provide services and tooling at a fair but comparatively low price:
In short, I have eliminated the layers of margins and other nonsense that inflates the price of consulting services found in the business models of large conventional providers, I operate with very low overhead, and I use these advantages to make my services available to small businesses at significantly lower prices. Similarly, although I am a service provider first and foremost, if there is something you don’t have already that is absolutely crucial to achieving that change to the threat actor’s cost-benefit calculus, I take great pleasure in ensuring that any procurement, be it software or hardware, is always the absolute best value for money and the right fit for your business. Taken together, I work with you in a fair, efficient and transparent manner, and this makes is possible for me to make cyber resilience affordable.
3. Supply the resources and execute changes directly:
'Resources’ is just another way of referring to some kind of capital, be it economic or otherwise, and in this context, I am using it to refer to the value in performing security initiatives rather than simply describing or listing them. I get hands-on and make changes, negotiate and schedule with 3rd parties, write policies and generally execute the initiatives you need done on your behalf. This helps to ensure that my services deliver tangible value, but for small businesses, it’s how I bring my skills and knowledge into the equation so that you see the results you need without having to ‘double dip’ on resources by having to spend more time and money by doing it all yourself.
By combining these basic principles with the core logic of changing the cost-benefit calculus for threat actors, augmented further with the resources of my strategic partners and network of SMEs, Scolyer-Gray Consulting Services is proud to offer a real solution to the problem of cyber/information security for small businesses.
If you would like to learn more about how Scolyer-Gray Consulting Services delivers real and meaningful outcomes to clients, please don’t hesitate to contact me.
Copyright © 2024 Scolyer-Gray Consulting Services - All Rights Reserved.
ABN: 91 146 236 569
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.