CS Risk Management have recently obtained the accreditation to provide the full suite of Cyber Essentials certification body services. Over and above Cyber Essentials Plus certification, this also now includes verification of Basic Cyber Essentials self-assessment submissions and issuing of Basic Cyber Essentials certificates to those customers who meet the requirements set out in the scheme. […]
The Defence Cyber Protection Partnership for companies in the Defence supply chain published new Cyber Risk Profiles a couple of days ago. They have generated a fairly detailed list of requirements for companies working at each risk profile in the Defence supply chain. Even the lowest risk profile (e.g. stationary suppliers) specifies Cyber Essentials as a requirement, all other profiles now require Cyber Essentials Plus. […]
(This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12-16 Feb 2015)
Cyber security starts with addressing what you can predict, and anticipating what you cannot
Cyber security risks are perceived to be unpredictable, a perception fed by media coverage of the latest major cyber attacks affecting large companies. However, if these attacks are examined more closely, more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company’s IT systems. Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems. That means some incidents could have been predicted and avoided, had the organisations in question taken steps to identify and address them. […]
Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.
Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]
Organisations are becoming much more aware of the threat of cyber crime, but many are still finding it difficult to translate this threat into real business terms. The potential impact of a successful cyber-attack on your business’s bottom line is not that easy to define, because attacks could range from a “drive-by” denial of service attack through to the targeted theft of intellectual property. […]
Whilst many companies, and in particular SMEs, have historically not recognised the requirement for investment in maintaining robust IT security measures, the following statistics make worrying reading:
- Earlier this year, the PwC Information Security Breaches Survey 2014 highlighted the fact that the cost of a breach to an organisation has almost doubled since the previous year. The average cost to a large organisation for the worst level of security breach is between £600k and £1.15m (up from £450 to £850k a year ago). The average cost to a small business for its worst security breach is between £65k and £115k (up from £35 to £65k a year ago)
- During the last year significant global brands have been impacted by Information security attacks. These include Ebay, Target, Sony, Evernote and WordPress; and
- According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States, China and the Netherlands.
In response to this growing threat, the UK Government, in consultation with industry, launched the Cyber Essentials IT security standard in June 2014. […]