2016 will be remembered as the year that cyber-attacks, hackers and data breaches dominated media headlines. From the massive fall out of TalkTalk’s 2015 loss of 157,000 customer records and subsequent £400,000 fine, to Mirai botnets taking down internet traffic company Dyn with sites like Amazon, Twitter, Spotify, Netflix and PayPal all experiencing issues and downtime, the size and scope of attacks has been massive.
As a result, almost all companies are talking about cyber security and almost all cyber security vendors are shouting about their services. For many organisations, particularly SMEs, the realisation has come that it’s not just global brands that are at risk – cyber-attacks affect everyone. There’s also the acceptance that something needs to be done, provision made in budgets and plans must be developed and implemented.
The key question that many small and mid-sized organisations are asking is simply, what can I do? This is where a base-line set of security controls comes into the picture. A few years ago, recognising that cyber criminals would continue to have an impact on UK businesses, the government launched the Cyber Essentials Scheme. It’s a basic security framework that, if implemented correctly, can help address up to 80% of the threats a company may experience in the industry. It evaluates controls around firewalls and internet gateways, secure configuration of systems, access control, malware protection and patch management.
Organisations are assessed, checking that they have the right controls and measures in place to ensure a security framework is in place, checking the right boxes. Once the assessment is completed, and the baseline controls verified, a company is then Cyber Essentials certified – something that demonstrates to insurers, suppliers, partners and customers that your organisation is taking the cyber threat seriously and has the means and methods in place to mitigate the risk.
So what about the other 20% of threats? Cyber Essentials, when implemented correctly, addresses the majority of cyber threats that apply to all types of businesses and industries, and builds the foundation from which organisations can address the remaining 20% that are specific to their business and/or industry.
If 2016 is anything to go by, we’ll continue to see high-profile hacks, attacks and breaches. Cyber Essentials is the perfect place for any business to start when they are thinking about security because it addresses the baseline fundamentals.
Pulsant is Cyber Essentials certified and a Cyber Essentials Certifying Body and can help your organisation through the evaluation service with our qualified assessors. For more information, visit our Cyber Essentials page, or get in touch with us.