New research from Quocirca and Trend Micro into “the preparedness of European organisations to deal with the aftermath of targeted attacks” has found that UK businesses suffer 40% more targeted cyber attacks than their continental counterparts.
Attitudes to targeted cyber attacks, however, are improving. According to the research, “the number of respondents who believe the problem of targeted attacks has been exaggerated dropped from 26% to just 7% last year” – indicating that the message about the modern cyber threat landscape is getting through and that business leaders are finally coming to terms with the cyber security risks they face.
Although the modern business faces targeted and untargeted threats alike, there is a lot that UK organisations concerned about the security of their – and their clients’ – information can do. 80% of cyber attacks can be addressed by implementing minimum cyber security controls, as set out in the government’s Cyber Essentials scheme.
The Cyber Essentials scheme
Launched in 2014, the scheme provides a set of five security controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials.
Follow the links below for more information on the five controls:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access control and administrative privilege management
- Patch management
- Malware protection
There are two levels to the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.
- Cyber Essentials requires a company to complete a self-assessment questionnaire, which must be signed off by a senior company representative and then verified by an external certification body. An external vulnerability scan is also required if the company chooses to be certified by a CREST-accredited certification body such as IT Governance.
- Cyber Essentials Plus requires a more advanced level of assurance. In addition to meeting the requirements of Cyber Essentials, organisations must undergo an internal assessment and internal scan conducted on-site by the certification body.
Certification to the scheme will demonstrate to your customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.
Cyber Essentials certification has been a requirement for organisations bidding for certain government contracts involving the handling of sensitive and personal information, and the provision of certain technical products and services, since October 2014.
For a no-nonsense introduction to the Cyber Essentials scheme, order your copy of Cyber Essentials – A Pocket Guide for only £3.49 now.
IT Governance is a CREST-accredited Cyber Essentials certification body.