The phrase "The Perfect Storm" is typically used to describe a very bad situation but we are thinking about one that is good. We ideally need a number of positive things to align in order to achieve the objective and mission of getting as many SMB's as possible Cyber Secure fast.
I shall refer to a report I came across recently from a Cyber Security, Cloud Services and Datacentre company Bullet Proof. Whilst we are obviously (as alumni of the GCHQ/NCSC Cyber Accelerator) very aligned with the Cyber Essentials and related standards there are many Cyber Security companies - like Bullet Proof - that are - or at least appear to be - more aligned with other standards. eg in their case TigerScheme, Crest and ISO 27001. The Summary of the Report is as follows:
New industry insight and top trends for 2020
Companies failing to patch their environments and insider user activity still rank top of our pen testers’ offender list for 2019. Our latest report investigates why companies are still getting the basics wrong. It examines the changing threat landscape and reveals why CISOs need to rethink cyber security in 2020.
Key findings and analysis revealed in the report include:
- The top vulnerabilities every company needs to look out for
- Why companies are still failing on the basics
- Which industries are falling victim to the most critical flaws?
- What are the main GDPR failings for companies and why?
- Are your phishing campaigns really working?
- Are SMEs being priced out of the market by the cybersecurity supply chain?
It is really interesting that our separate tracks to cybersecurity focus on pretty well the same points. Our guidance is from GCHQ, NCSC, IASME and our MSP partners. Bullet Proofs experience comes from them, their sister companies and their partners by the looks. We both talk about "the basics" which in our case are the Cyber Essential's "5 Controls".
The 5 critical security controls of Cyber Essentials and CE PLUS (with people training being the 6th):
- Secure configuration.
- User access control.
- Malware protection.
- Patch management.
The first thing that Bullet Proof talks about is Patch Management.
Both because it is one of the 5 controls and because it has been demanded by our partners we have developed basic and advanced patch management functionality.
Understanding and finding and fixing vulnerabilities have been a key area of development for us and co-ordination with Patch Management is required ( Patch-Scan-Patch-Scan etc ).
Making sure that this functionality is low cost and simple to use goes to Bullet Proof's point that SMB's must not be priced out of the market by the cybersecurity supply chain. In fact, the supply chain must be empowered to improve the cybersecurity of their clients rapidly and cost-effectively.
The basic GDPR information must also be provided simply and at low cost.
We help stop phishing attacks - which are certainly ongoing (see Security Roundtable) and require People and Process training and updates.
As to that Perfect Storm... SMB's are notoriously reluctant to spend time and money on anything that is not seen as absolutely necessary... hence the provision of low cost, simple to use Cyber Security and GDPR solutions is required. Supply Chain owners are working closely with their co-operative partners to ensure that "back doors" are eliminated. Cyber Insurance brokers and underwriters are rewarding work done around Cyber Essentials and Cyber Essentials Plus and recognising the value of Continuous Monitoring. Local and Central Governments are providing supportive schemes including financial incentives ( happening in Scotland, Channel Islands, Hertfordshire, Isle of Man for example ).
This article is exclusive to The Business Transformation Network.
The Business Transformation Network has posted this webinar in partnership with LuJam and was written by Chris Windley.
This article was a featured article from Tuesday 14th January 2020 - Monday 27th January 2020.