The UK’s National Cyber Security Centre (NCSC) has released a set of updated and new cybersecurity resources aimed at helping organisations of varying sizes to better understand and mitigate cyberthreats. All were announced at the UK government’s flagship cybersecurity event CYBERUK 2021, which took place May 11 and 12.
10 Steps to Cyber Security
The first is a refresh of the NCSC’s 10 Steps to Cyber Security guidance for large and medium sized organisations. First released in 2012 and now used by a majority of the FTSE350, the renewed guidance puts greater emphasis on the growth of cloud services, shift to home working, and rise of ransomware. It aims to support CISOs and security professionals in keeping their company safe by breaking down the task of protecting a modern organisation into 10 components, consisting of:
- Risk management
- Engagement and training
- Asset management
- Architecture and configuration
- Identity and access management
- Vulnerability management
- Data security
- Logging and monitoring
- Incident management
- Supply chain security
Discussing the announcement, Sarah Lyons, NCSC deputy director for economy and society, said: “The cyberthreat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk. Our 10 Steps to Cyber Security has been – and continues to be – a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy. Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”
Security guidance for tech startups
Next is the launch of new guidance aimed at founders or chief executives of fledgling UK tech startups, encouraging them to invest in cybersecurity at an early stage to protect innovations from state threats, competitors and criminals. “UK companies working in emerging technologies are likely to be a particularly attractive target to a wide range of actors, including those backed by foreign states seeking technological advancement,” wrote the NCSC in a blog posting on its website.
The Secure Innovation guidance, delivered in partnership with the Centre for the Protection of National Infrastructure (CPNI), outlines how cybersecurity can be integrated into an organisation’s culture and advocates for security-focused risk management around supply chains, IT networks, information, people and physical security, cloud computing and more.
Commenting, the director of CPNI explained that UK startups and scaleups raised record investment in 2020 despite the obvious challenges of the COVID-19 pandemic. “As new markets continue to emerge, so will the potential threats to companies’ intellectual property and ideas at the hands of hostile states, criminals, and competitors. Secure Innovation provides a holistic approach to all aspects of security, ensuring that good cyber principles are not undermined by physical and people risks which could threaten the success of a startup if not managed well from the outset.”
Cyber Essentials certification prep tool
Lastly, the NCSC has released a new tool that provides tailored advice for organisations in preparation for Cyber Essentials certification. Now in its seventh year, the government-backed Cyber Essentials scheme has helped over 60,000 UK businesses gauge their cybersecurity posture, defend against common cyberthreats, attract new business and apply for government contracts which require Cyber Essentials certification.
With the new Cyber Essentials Readiness Tool, businesses can complete a survey regarding their use of hardware, software, and boundary devices such as firewalls, as well as passwords and protections against malware. Upon completion of the survey, organisations are presented with a bespoke action plan that outlines the steps needed to prepare them for the Cyber Essentials certification process.
“The Cyber Essentials Readiness Tool is a fantastic starting point for organisations who are unsure about where to start their preparation for Cyber Essentials certification,” added Lyons. “Not only does the tool highlight areas where more cybersecurity controls need to be put in place, it also provides guidance on how to implement them.”
Original article source was posted here