Cyber Security seems to be the hot topic at the moment, and for good reason… the volume, scale and sophistication of cyber attacks is constantly reaching new levels, and the targets are changing too. Organisations that have long been considered low risk or ‘safe’ have now joined the list of more obvious targets – it seems that wherever there is information, no matter how apparently innocuous, someone else wants to get hold of it.
Along with the increasing volume of attacks also comes the inevitable growing list of how to protect your individual and organisational data. Everyone has a different solution, if you believe the hype – be it phishing, brute force attacks, social engineering or the plethora of other techniques, you’ll find someone who has the perfect solution. But the attacks keep getting through.
Luckily there are a number of very simple steps individuals and organisations alike can take to protect themselves – the first line of defence if you like. An experienced hacker with the right resources will of course be able to defeat any defences eventually, but adopting certain processes and techniques will ensure that you are no longer the ‘low hanging fruit’ offering juicy opportunities.
A great example of the UK Government taking positive action in this area is the development of Cyber Essentials – in effect a simple set of rules relating to an entity’s configuration and use of IT that if followed, will significantly reduce the chances of a successful attack against it. In the UK, the Government will only do business with organisations that can demonstrate they have implemented Cyber Essentials, and more and more private businesses are taking a similar approach. Guernsey will eventually follow this same path, making it a requirement that specific businesses, most likely those licensed by the GFSC initially but hopefully extending out to cover all local businesses, will have some kind of first line cyber defence in place. Whether it’s Cyber Essentials only time will tell.
But regardless of the format of the ‘Standard’ to be achieved we have the perfect tool to assist organisations implement, demonstrate and then maintain their compliance. The short (90 seconds) video below uses ISO 27001 as an example of how the system can be used – Cyber Essentials or its equivalent will be much simpler, but the same principles apply…