In discussions with our partners, I emphasise the " MissionPossibleCyber " Mission which - as I see it - has the backing of GCHQ,NCSC and IASME. The Mission is to get the UK's 5.8 Million SMB's Cyber Secure - FAST !! Anything else is a distraction.
You can argue that focusing on getting a Cyber Essentials certificate is missing the point. As with an M.O.T. certificate the main point is to have a safe vehicle not just to get the certificate - although you need the M.O.T. to tax and insure the vehicle.
We are focused on getting SMB's Cyber Secure FAST. A whole industry has grown up that helps you get through the Certification questionnaire itself easily and fast. Ok - but is this just a tick box exercise? Our partners agree with us - let's get the home or business cyber secure quickly and at low cost and then continuously monitor against the Cyber Essentials 5 controls standards. Then, if you want to get Cyber Essentials or Cyber Essentials Plus Certificates for whatever reason it is a simple matter to do that - perhaps using one of these automated tools.
Getting to Cyber Essentials Plus requires additional work and our sensor provides a convenient, on site, low cost platform for eg Vulnerability Scanning and Patch Management. Supply Chain primes really want their Supply Chains secured fast too. You might have noticed that globally the supply chain ( and the MSP ) are the hackers main point of entry into the enterprise. The supply chains are mainly SMB's.
Here our low cost, easy to install and manage, Risk Scoring solution has been designed to meet the needs of the primes that we have interviewed in detail. It happens that Risk Scoring also suits the Cyber Insurance Underwriters and Brokers. It helps them understand and quantify risk. Once risk is known ( reduced ) premiums can be calculated. Our partners tend to be very innovative and open-minded. They think about ways of disrupting the status quo in order to achieve the primary objective. They want to take their clients on a journey from unprotected environment through known, quantified environment to continuously monitored and then to certified and advanced secured.
Cyber Essentials is not always their objective in terms of certification - for example, they might be taking their clients towards the N.I.S.T. or C.A.F. standards. We will support most of the controls of any security standard anywhere in the world so it does no matter to us. We see Cyber Essentials Certification bodies working hard to achieve the new standards being put in place for April 2020 when they all have to re-certify under IASME. Probably not all CB's will re-certify. Some will work with a CB or directly with IASME and their client. Either way, the market is being shaken up considerably.
We say whatever happens let us remember the primary mission - #MissionPossibleCyber
This article is exclusive to The Business Transformation Network.
The Business Transformation Network has posted this webinar in partnership with LuJam and was written by Chris Windley.
If you missed it, you can read Part 1 here.