Cyber security - perception and reality

A recent Government survey (Cyber Essentials Scheme: process evaluation and communications testing. DCMS 2016) has established that most businesses in the UK still ‘do not necessarily perceive cyber crime to be a relevant or pressing threat’. This is in marked contradiction of the facts: a third of all small businesses and 65% of large businesses have reported a cyber breach or cyber attack in the past 12 months (source: HM Government). And, In general terms, 1 in 4 businesses have experienced a cyber attack or breach in the past year, a figure that translates into some huge financial costs and disruption to everyday operations – to say nothing of reputational costs. 

A practical way to deal with cyber security

The Cyber Essentials Scheme has been developed by the UK Government in partnership with industry to deal with cyber security in two ways. Firstly, it outlines all the basic ‘controls’ or actions that organisations need to address to mitigate the risks from common internet threats. Secondly, it provides an Accreditation Framework that allows organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions. This is important now, and it is going to be even more important in the future as clients, including public sector organisations, seek reassurance from suppliers that they have robust systems in place to safeguard valuable and highly confidential business data.

Becoming ever more ‘cyber secure’

The Cyber Essentials Scheme is a great way for businesses to address the very real threats out there, and is intended as something that organisations and businesses can build on as they go on to tackle more sophisticated and targeted attacks as part of their security strategy. 

Designed to be low-cost, Cyber Essentials and the more advanced Cyber Essentials Plus certificates are achieved through working with practitioners such as Lithium Systems and accreditation organisations. Certified and accredited practitioners for the Cyber Essentials Scheme are recognised as companies that are positioned to help businesses identify vulnerabilities and implement solutions to protect themselves against the very real risks from cyber attacks

What Cyber Essentials covers

The scheme looks in depth at issues such as: firewall security; secure configuration; user access control; malware protection and ‘patch management’. Firewall rules are concerned with inbound and outbound network traffic to authorised connections. Secure configuration is focused on reducing ‘vulnerabilities’ across a network. User access control is all about who can access a network, and how deeply they can access it. Malware protection is dedicated to dealing with ‘worms’, viruses and spyware, all of which offer hackers ways into any business that fails to install and maintain malware protection software. Lastly, ‘patch management’ is all about making sure that the latest security upgrades or ‘patches’ from software suppliers are up-to-date: failing to download and install updates issued to deal with known vulnerabilities is yet another way in which cyber criminals are attacking businesses across the UK.

What it all means

Taking cyber security seriously and adopting processes and procedures that promote and uphold it can be the difference between commercial success and failure. Make no mistake – there are people out there who are dedicated to seeking out and exploiting your vulnerabilities; these are people who, once they have secured your data, can quite literally hold your business to ransom. 

As an IT company and a Cyber Essentials practitioner, we see and deal with these threats all the time for our clients. Quite simply, every business should be focused on devising strategies to protect itself from those who would seek to harm it. Cyber Essentials really should be at the core of developing your strategy to protect your business or organisation.