Thursday 5 May 2016

The government’s guide to cyber protection: 10 Steps to Cyber Security

In early January the government relaunched its ’10 Steps to Cyber Security’ guide. Originally released in 2012 by Communications Electronic Security Group (CESG), the information arm of GCHQ, the guide offers practical guidance on the steps that organisations can take to improve the security of their networks and data.

In 2014 the government ran a survey, the 2014 Cyber Governance Health Check of FTSE 350 companies, which revealed that 58 percent of those surveyed had used the guide to assess their security. This clearly reveals that the need for robust IT security is getting through to board level directors up and down the country.

On the back of this relaunch GCHQ said it continues to see real threats to the UK on a daily basis, and the scale and rate of these attacks shows little sign of abating. Cyber-attacks have become so common that for many companies it’s not a question of ‘if’, rather ‘when.’

Only recently, an aerospace manufacturer that supplies parts to Boeing and Airbus, had its accounts department hacked. The cyber thieves extracted an estimated $55 million (£39 million) and the theft barely raised an eyebrow. The muted reaction arguably reveals just how familiar cyber-attacks are and how there is almost a level of acceptance that these types of attacks will happen.

Interestingly, FACC didn’t dwell on the financial loss, it was more concerned to get the message out there that intellectual property had not been stolen and operations had not been affected.

When a company is faced with a serious hack, while the losses must be dealt with, the fear is that reputational damage will be so serious and undermining that the company could sink. The government guidelines offer practical insight into key areas of information security ranging from implementing an information risk management regime to home and mobile working.

In series of blogs we’ll be looking at each area and spelling out what exactly it means, demystifying any jargon and explaining how you can successfully address the issues.

No comments:

Post a Comment