The government is set to launch a cyber security guidance and certification scheme next month to help UK businesses build resilience and secure businesses from security breaches and cyber attacks.
The Cyber Essentials Scheme
The Cyber Essentials Scheme identifies the security controls that organisations must have in place within their IT system in order to have confidence that they are beginning to mitigate the risk from internet-based threats.
“The Cyber Essentials Scheme (CES), aimed at raising the bar, which we assess to be pretty low,” says Giles Smith, deputy director, cyber security at the Department for Business Innovation and Skills (BIS).
“The role of BIS within the national cyber security strategy is to enable growth by helping UK businesses to operate safely in cyberspace.”
The certification costs will be kept “affordable” and will depend on the size of an organisation and the level of rigour they would need to demonstrate.
Will it help SMEs and businesses in the UK? The government thinks so. The policy document associated with the scheme maintains:
“Implementing the basic controls stipulated in Cyber Essentials can never prevent a determined attack on your systems. It is intended to reduce the risk of opportunist attacks. An analogy can be drawn with locking the doors and windows of a house and setting the alarm: a determined criminal may still be able to gain entry, but an opportunist looking for an easy target will move on.”
The policy comes as Minister David Willetts announced last month that the UK could earn £2bn a year from cyber security by 2016, with potential for it becoming a key export market.
Security in the Public Sector is Paramount
A new ICO report this month has highlighted that it is not just independent businesses and industry who are struggling to meet the basics of getting cyber security right.
With poor IT security practices a key contributor of data breaches, the ICO maintains that the “breaches could have been avoided” with the adoption of standard industry practices.
The breaches of most concern to the ICO include a £200,000 penalty issued to the British Pregnancy Advice Service after its service user data was compromised.
Among the main vulnerabilities identified in the latest ICO report are failures to run security updates, insecure password storage, poor networking infrastructure and design as well as lack of encryption.
The ICO’s report underscores the need for organisations to identify industry standards for the data they hold, methods for encryption particularly as organisations transition towards the cloud. Identity and Access Management is also identified as a critical component to securing entry points and data assets.
Join Whitehall Media at our GOVSEC conference on 24 September 2014 at the Hotel Russell in central London where we will discuss how the government is working to secure its back-office ICT infrastructure and information across the public sector. For your place to register as a delegate, visit: www.whitehallmedia.co.uk/govsec