Viewing entries tagged
cyber security

LIVE ON G-CLOUD 10

Comment

LIVE ON G-CLOUD 10


Securestorm go live on 'g-cloud 10' 


Securestorm has been officially been awarded G-Cloud 10 status following the success of the previous G-Cloud versions. You can find us on Digital Marketplace here.

In this iteration, Securestorm are committed to bring to market even more innovative as well as pragmatic solutions and services that are designed to help Government organisations be secured from cyber-threats, enhance their cloud capabilities as well as be UK Data Protection 2018 compliant. 

 

Securestorm Director, Tony Richards, added "It is once again great to be live on the new version of G-Cloud. Keeping in-line with the launch of previous G-cloud iterations and considering the Data Protection changes, Securestorm is further committed to delivering more, offering integrated services and exclusive solutions such as our Total Security Packages & Training, Risk & Vulnerability Management and Data Protection ServicesThis combined with our industry experience, delivery capabilities and subject matter expertise on Security & Data Protection domains will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:

CYBER SECURITY CONSULTANCY

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Cyber Security Professionials
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review security options chosen and those available against best practices
  • Security Architects

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs
 

Cloud Security Consultancy

Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilise all of the security options available. Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Consultancy Partner
  • Certified Cyber Security Professionials (NCSC CCP)
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Salesforce Security Partner
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Threat Modeling, Information Risk Assessment and Management conducted

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Conducts annual Security Assurance and Audit of AWS services
  • Conducts annual Security Assurance and Audit of Salesforce
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:

 

Total Organisation Cyber Security Package

The Securestorm Total Organisation Security Package is designed to help organisations get the best cyber security services and solutions bundled in a single, encompassing, annual package. 
The security package provides organisations with Information Risk Management, Vulnerability & Security Testing, Unified Cyber Security & GDPR Training and Cyber Essentials Certification.

Features

  • Intutive Continuous Information & Risk Management Dashboard
  • A Full-stack Security Testing & Vulnerability Management Solution
  • Unified Cyber Security and GDPR Training and Awareness Platform
  • Simplified Cyber Essentials Consultation & Certification
  • Dedicated Consultation, Support & Communication with client
  • Optional: Data Protection Officer as a Service package
  • Optional use of: Data Protection Impact Assessment Tool

Benefits

  • Expert consulting by NCSC accredited Cyber Security Consultants
  • Single, encompassing, annual service to simplify security budgeting
  • In-house security authority to mandate compliance, training & oversee governance
  • Improve organisational efficiency and external reputation
  • Boost security culture, maturity and endurance compliance
  • Expert resource support for organisation with knowledgable professionals
 

Privacy and Data Protection Services - DPOaaS

The Securestorm Data Protection Officer Service (DPOaaS) assists clients on all matters relating to privacy and data protection as mandated under the GDPR. The DPO will serve as an independent expert both internally as well as with regards to customers, staff or the Supervisory Authorities.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Information Privacy Professionals (CIPP/E)
  • Certified Cyber Security Professionials (NCSC CCP)
  • Range of DPOaaS service levels to match organisation need
  • Experienced Data Protection and Privacy Experts
  • Experienced in GDPR compliance Gap-Analysis and Audit
  • Experienced in GDPR compliance implementation and Data Mapping
  • Use of: Data Protection Impact Assessment Tool
  • (ISC)2 Certified Cloud Security Professionals (CCSP)

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Fullfill mandated DPO role without FTE
  • Understanding of security options for current or future deployments
  • Improved audit and incident response capability
  • Ensures compliant and secure cloud services for your organisational needs
 

Managed Security and Information Assurance Services

Securestorm, an NCSC Certified Cyber Security Consultancy, provides Managed Security Services, incorporating: multi-disciplinary teams of experts, qualified and experienced in: Risk Management, Operational Security, Security Testing, Security Architecture and Data Protection.

Features

  • NCSC Certified Cyber Security Consultancy
  • Full Managed Security Service team
  • Continuous Information Risk Management Dashboard - Nol-ij
  • Core Service includes: Chief Information Security Officer (CISO)
  • Core Service includes: Information Risk Manager (IRM)
  • Core Service includes: Operational Security Manager (OSM)
  • On demand security functions: Security Architecture
  • On demand security functions: IA Audit and Review
  • On demand security functions: Security Testing Services
  • Optional: Data Protection Officer as a Service package

Benefits

  • Fixed Cost service, invoiced in monthly increments
  • Sick leave and holidays are covered
  • Dedicated Service Manager
  • Experienced in Justice, Policing, Defence and Ceneral Government.
  • Clients include: MoJ, YJB, The Supreme Court, Civica, GDS
 

CybSafe - Cyber Security Awareness, Behaviour and Culture Analysis, Training and Risk Mitigation

CybSafe is a British cyber security technology company. The next-generation, award-winning, AI-driven security awareness training platform uses GCHQ accredited content, advanced analytics, psychology and behavioural science to measure, understand and report on cyber security culture, increase employee engagement and demonstrably reduce human-cyber and data protection risk.

Features

  • GCHQ & IISP accredited training developed by former Government specialists
  • Content and platform features grounded in psychology/behavioural science
  • Machine learning technology customises content, putting security into context
  • Advanced proprietary analytics measure user awareness, behaviour and culture
  • All content is updated and improved throughout license period
  • Ongoing adaptive user testing ensures retention of learned knowledge
  • Sharing and communication features encourage user interaction, adoption and engagement
  • Supply chain assurance tool allows oversight of supply chain risks
  • Fully customisable content to reflect organisational policy and procedure
  • Integrated simulated attack tools include phishing, smishing and USB drops

Benefits

  • Human-centric design empowers users to contribute and engage with security
  • Demonstrably reduces human-cyber risk including phishing click rates
  • Demonstrably increases user engagement, communication and improves attitude
  • Plug-and-play design requires no input from admins after initial setup
  • Allows complete oversight of organisational cyber awareness, behaviour and culture
  • Administrator dashboard allows comprehensive reporting for easy demonstration of compliance
  • See genuine change in organisational security culture
  • Learning content accessible remotely, at any time, reducing user downtime
  • Completion will comprehensively support compliance with GDPR and NISDirective
 

Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.

Features

  • Continuous security technical vulnerability testing
  • "Full-stack coverage" - Web applications/sites & hosting /cloud environments
  • False positive-free results, managed service with vulnerability analysis
  • Variable testing frequency: fortnightly, monthly, quarterly or on demand
  • Incredibliy detailed vulnerability reporting, including code injection & responce
  • Continuous system visibility via secure online portal
  • Super Rich API for painless integration with JIRA and ServiceNow
  • Customisable Alerting, via email, SMS or other channels
  • Highly Customisable reporting, in PDF, CSV and EXCEL formats
  • 24/7 Governance Risk and Compliance Metrics

Benefits

  • Provides continuous visibility on premise and cloud environments
  • Helps free up security staff to focus on other issues
  • Helps comply with auditing and compliance standards
  • Suitable for OFFICIAL (including OFFICIAL-Sensitive) classified services
  • Enables to react quickly to security threats, by identifying issues
  • Value for money over traditional security for start-ups to corporates
  • Helps manage critical assets freeing up resources & time
  • Expert analysts ensure risk reported accurately and rated appropriately
  • High flexibility with systems accessibility as and when required
  • Monitor security rating to help track performance and improvements
 

CLOUD SUPPORT

CLOUD SOFTWARE

Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.

 
 

CLOUD SOFTWARE

CLOUD SUPPORT

Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.

 

Getting in touch: 

To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory Informd.Online to view assurance reports of Cloud Services

Comment

Malicious software used to illegally mine cryptocurrency

Comment

Malicious software used to illegally mine cryptocurrency


compromise of the third-party JavaScript library ‘Browsealoud’


*Image for illustration only

During the compromise, anyone who visited a website with the Browsealoud library embedded inadvertently ran mining code on their computer, helping to generate money for the attackers. No money was taken from users themselves, but the mining code performed computationally intensive operations that were used to earn the cryptocurrency. These operations may have affected the performance and battery life of the devices visiting the site.

Browsealoud was taken offline shortly after the compromise, mitigating the issue. However, website administrators, and other JavaScript library developers may wish to take further steps to prevent future compromise by following the guidance by National Cyber Security Centre (NCSC) below:

 
Advice for members of the public
  • The cryptojacking harnessed people’s computers to help ‘mine’ for cryptocurrency. This involves using your device to perform computations and does not take any money from you or your accounts.
  • The only impact on affected users’ computers was that they temporarily had minor performance loss and reduced battery power.
  • If you have experienced unusually slow performance from your computer, reduced battery life, or visited the affected websites we recommend:
    • Closing the browser you visited the webpage on is likely enough to stop the mining;
    • Clearing the browser cache will remove all traces of the code. Guidance on how to do this is available here: http://www.refreshyourcache.com/en/home/
Advice for website administrators
  • Make a risk-based decision on including third-party JavaScript in your site. This will vary depending on the size of the website you manage and who is supplying the code. Consider whether the code you are including could compromise your users, and balance this against the risk of this happening for your site.
  • If practical to do, consider hosting the JavaScript locally on your own server rather than linking to code hosted elsewhere. This means changes to the libraries require access to your server, although this will mean you will need to install security patches yourself.
In certain cases, some technical measures can also help prevent inclusion of compromised third-party resources:
  • SRI (Sub-Resource Integrity) allows the browser to check a cryptographic hash of the script to ensure that your users are running the unaltered version. However, SRI will only work if the script is relatively static. If it changes regularly, the signature will no longer be valid and the script will not be loaded by users. Also, browser support for SRI is not universal.
  • CSP (Content Security Policy) allows you to whitelist locations where scripts can be loaded from. Several independent researchers have written that having a well-defined CSP in place would have blocked this attack.
We recommend putting the above mitigating measures in place where practical, and while we recognise these will not necessarily protect end users in all cases they will reduce the chances of your website being compromised.
Advice for third-party JavaScript developers
  • Implement robust change control for your code, including monitoring your codebase for unauthorised modifications, reviewing code contributions, and having a rapid takedown process in place for if a compromise is detected.
  • Where you offer hosted versions of your library, ensure that you have robust access control and logging in place for making changes to the library.
  • Consider supporting customers who wish to use Subresource Integrity (SRI). For example, providing numbered versions of libraries which remain static, and so have a static cryptographic hashes will enable customers to validate their integrity.
 
 

we can help...


SecureStorm_Logo_MSW-02.jpg
Certified Service - 56902444 Risk Management Mini Mark copy.png

Securestorm Director & Advisor to Public Sector, Tony Richards said "This is likely a result of improper security controls put in the place. That is why we insist the organisations that we work with to know exactly what is running on their systems, especially using when procuring third-party services or features. In addition to NCSC guidance on the matter, organisations need to consider the overall security maturity of the third-party service provider at that initial phase which helps to assess the level of risk that they may be exposed to at the outset".

If your organisation needs help risk assessing third-party services, give Securestorm a call. As NCSC Certified Cyber Security Consultants, we focus on advising our clients with a pragmatic lists of actionable solutions that allow organisations to make big changes, fast and most importantly remain Cyber Secure.

 

 

Comment

UK industries:"Boost Security or Face Fines!"

Comment

UK industries:"Boost Security or Face Fines!"


new Government ANNOUNCEMENT to protect essential services from cyber attack


The UK Government issued a press release that warned British industries to boost cyber security or face hefty fines for leaving themselves vulnerable to attack. Here are the key-points from the press article.

  • Organisations risk fines of up to £17 million if they do not have effective cyber security measures
  • Sector-specific regulators will be appointed so essential services are protected
  • National Cyber Security Centre publishes new guidance for industry

Link to the full article here.

GETTING STARTED

1. GET YOUR GUIDANCE FROM THE NCSC:

The National Cyber Security Centre (NCSC), the UK’s centre of cyber excellence established in 2017, has published detailed guidance on the security measures to help organisations comply. These are based around 14 key principles set out in the NCSC consultation and government response, and are aligned with existing cyber security standards.

2. FOLLOW A CYBER-SECURITY LED APPROACH

Cybersecurity is everyone's problem, not just the responsibility of IT departments.
Companies have to accept the fact that security has to be planned and implemented in to all business processes. Most organisations that deal with numerous consumer data may need to appoint, outsource or train key responsible personnel like CISOs, Information Security Officers and Data Protection Officers (DPOs).

3. TALK TO AN EXPERT!

By now most companies have build up a 'cyber-awareness', that they must protect and invest in information security and IT assets to reduce the risk of breach, loss or exposure of data, theft of resources, and overall brand reputation with addition to the hefty penalties that they might incur. The recent breach reports and news articles like the popular TALK-TALK incident are examples of why.  However, the challenge is how, particularly when most businesses lack the key skills to do so.

Looking for the right security partner can be a daunting task especially in a crowded marketplace. But there are some key factors to consider while looking for consultants that fit your purpose:

  • Trust: Find out if they have relevant industry accreditations. For example, being an NCSC certified Cyber Consultancy would be good start. It is not always about certifications over experience, but your selected security partner should hold relevant qualifications that suit your industry type.
     
  • Pragmatic:  It is essential that your security partner provides practical advice and solutions that are carefully analyzed and chosen to reflect the right balance of benefit and costs. That is why going for a 'one-size-fits-all' solution does not work. Depending on your organisation, a degree of flexibility is required due to factors such as firm’s size & strength, matrix, cyber-security culture and maturity.
     
  • Experience: It is important to know that you are getting the skill-set you paid for. Many large and reputed IT security vendors most often have the best online-presence but when it comes to experienced talents to actually fulfil clients responsibilities, they fall short. Our advice would be to get to know the team and look into their experience and client-delivery records.
     
  • Industry Exposure: Each industry has its own information security protocol to follow. Furthermore, there are also different security group of guidelines such as NIST, ISO:27001, etc that apply to different organisations. This is why choosing a partner with relevant industry exposure makes a difference in your security goals.
    - Are you a Government Body or SME/Large Private organisation ?
    - Or are you a regulated industry like Banking, Finance or Telecommunications ? 

why securestorm ?


SecureStorm_Logo_MSW-02.jpg

Securestorm® are leading security experts who deliver pragmatic advice, practical solutions and solve security challenges across the Digital, Cloud, Cyber and Data Protection (GDPR) domains. With a combination of experience, expertise and strategic awareness, Securestorm offers technical and strategic consultancy, managed security services and solutions to clients across both Public and Private sectors.

Securestorm are a NCSC Certified Cyber Security Consultancy with demonstrable experience and proven delivery capabilities. Advanced security solutions and services include: Nol-ij® - Continuous Risk Management, Edgescan® - Full Stack Vulnerability Management, CybSafe® - Unified Cyber Awareness Platform, and Falanx MidGARD™ - Advanced Monitoring Platform.

 
bar.png

Comment

On Cloud 9

Comment

On Cloud 9


No. 9 brings a single iteration of 'G-Cloud'


G9 has officially replaced G-Cloud 7 (G7) and G-Cloud 8 (G8) to bring about consistent information about all services to bring more of the G-Cloud buying journey online.

Buyers and suppliers will be able to use one set of contracts for all their G-Cloud services.


securestorm on g-cloud 9


Securestorm has been officially been awarded G-Cloud 9 status following the success of the previous G-Cloud versions. Securestorm are committed to bring innovative as well as cost effective solutions and services that are practical to help Government organisations be secure from cyber-threats as well as manage resources effectively.  

Securestorm CTO, Tony Richards, added "It is great to be live on G9. Keeping in-line with the launch of previous G-cloud iterations, Securestorm is further committed to delivering more, offering streamlined services and exclusive solutions such as the award-winning EdgescanThis combined with our industry experience, delivery capabilities and subject matter expertise on trending threats will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:


CONSULTANCY SERVICE


CLOUD SECURITY

EXPERTS

Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilize all of the security options available.

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Partner
  • Certified (CCP) Cyber Security Professionials
  • Cloud Security Alliance STAR Lead Auditors
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Cyber Essentials certified company
  • AWS secure for OFFICAL Architectal Design and Cloud Formation Templates
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Assessment and review of AWS instances and configurations

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Deep dive Security Assurance and Audit previously conducted of AWS
  • Ensures compliant and secure cloud services for your organisational needs
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Deep dive Security Assurance and Audit previously conducted of Salesforce

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:


EXCLUSIVE ON G-CLOUD


 
 

Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.


OTHER G-CLOUD SERVICES


 
 

CLOUD SUPPORT

CLOUD SOFTWARE

Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.

 
 

CLOUD SOFTWARE

CLOUD SUPPORT

Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.

 


QUESTIONS ?


To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory www.Informd.Online to view assurance reports services.

Comment

UK faces dramatic cyber-security skills 'cliff edge' and is chronically under prepared for hacker attacks, study finds

Comment

UK faces dramatic cyber-security skills 'cliff edge' and is chronically under prepared for hacker attacks, study finds

"The study finds that only 12 per cent of the UK workforce is under the age of 35 and 53 per cent is over the age of 45"

Tuesday’s survey follows a string of similar warnings and a slew of high-profile cyber-attacks that have cost companies both in terms of money and reputation Reuters

A global survey of almost 20,000 security professionals across banks, governments and multinationals concludes that Britain is facing a cyber-security skills “cliff edge” and that companies are “chronically” under-prepared for attacks. 

The survey, conducted by (ISC)² – a non-profit organisation that aims to educate people about the risks of being online – shows that the UK workforce is getting older which is exacerbating an already gaping cyber-security skills rift. 

Only 12 per cent of the workforce is under the age of 35 and 53 per cent is over the age of 45, the study finds. 

A mere 6 per cent of UK companies are recruiting graduates who would have the potential to plug the gap, and 66 per cent already face a cyber-security skills squeeze due to being unable to find qualified personnel. 

The data also suggest that employers are largely refusing to hire and train inexperienced recruits. A whopping 93 per cent of UK companies that responded to the survey said that previous cyber-security experience is an important factor in their hiring decisions.

The findings indicate that the skills deficit is already having an effect on British businesses.  

Close to half of the UK companies questioned said that the shortfall of cyber-security personnel is having a significant impact on their customers. A similar proportion said that it is already causing security breaches. 

 “Industry is experiencing a talent shortfall because employers are too focused on recruiting people with existing cyber-security experience,” said Lucy Chaplin, a manager within KPMG’s financial services technology risk consulting group, commenting on the survey. 

“[It] is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot.” 

Rob Partridge, head of BT’s Security Academy, said that “the findings confirm that graduates are being overlooked for cyber-security roles and it is now an economic and security imperative that we change this trend”.

Tuesday’s survey follows a string of similar warnings and a slew of high-profile cyber-attacks that have cost companies both in terms of money and reputation. 

Last month, a survey by job site Indeed showed that the chasm between supply and demand for cyber-security expertise is widening at an alarming rate. 


JOIN THE MOST PROGRESSIVE CYBER SECURITY ORGANISATION IN THE MARKET ...

Securestorm agrees with the Cyber Security shortage and deeply supports Cyber as part of educational curriculum and enhanced training and support networks to boost professionals levels as well as tackle skills shortage. This ethos is carried over in our approach of 'investing heavily in people'. We are on the lookout for bright and motivated talents to be join our progressive organisation and be inspired and grow within the Cyber Security Market. To visit our latest vacancies, visit: https://www.securestorm.com/careers/ or write to careers@securestorm.com for more information.

Comment

   SECURESTORM on-board the ‘DIGITAL OUTCOMES & SPECIALIST 2’ framework

SECURESTORM on-board the ‘DIGITAL OUTCOMES & SPECIALIST 2’ framework

Securestorm, London based Cloud and Cyber security experts, Crown Commercial SuppliersCESG Certified and NCSC approved providers are to bring their expertise and experience to the new framework from the Cabinet Office and Government Digital Services - Digital Outcomes & Specialist framework from February 2017.

Is defining your 'Risk Appetite' important?

Comment

Is defining your 'Risk Appetite' important?

Yes. But is it a simple decision whether to put your head inside a lion's mouth or not? Cyber security risk decisions aren't that straightforward.

Ultimately, managing your cyber security risk is a trade-off between cost versus benefit. But it is a world away from being as simple as whether to put your head down a lion's mouth. Making a decision about cyber security risk is based on whether your organisation can manage the risk and therefore reduce it, or can afford to accept the risk and leave it alone for a while. The challenge is that not many organisations have the risk information, decision making process or risk management capabilities to do this on the fly without defining their risk appetite.  Do you know what your acceptable risk is?

Many organisations work to reduce the risks then end up accepting the risks that are too difficult to reduce or they cannot see the value in reducing. The trouble is that if you don’t know what level of risk your organisation can tolerate, how can you decide on whether to accept them? You absolutely need a clear understanding on what is OK to accept and what is not? Everyone hopes to avoid them in the first place, then attempts to transfer them to be someone else’s problem. However, what is important is to the have the capability to reduce them to a level that you are willing to accept as an organisation.

Many organisations are keen to understand how they will handle a cyber security attack and/or breach and are engaging cyber security organisations to review their business and technical environments. However, you get a better experience and answer to the question, “Do we really to spend this money on fixing this risk”, if you understand and know your organisation’s risk appetite. I’m not saying it’s a must, but in my opinion it’s a sign of real responsibility and maturity towards understanding your cyber security risks and threats. 

Our Approach

The process is pretty straight forward and it doesn’t have to be complex (complex = expensive). We believe in keeping things simple. You can spend lots of money trying to get a perfect answer only to change it 2 months later or you can get the fundamentals working properly and tweak to optimise it. There are 4 keys steps to follow:

Benefits

  • Better decisions. Being able to make decisions easier and more accurately around risk treatment is important to be able to balance cost versus benefit when it comes to cyber risk.
  • Better risk management. Being able to manage risk more effectively by fully understanding your tolerances, thresholds and impact to assets.
  • Better financial management. Cost effective spending on cyber security controls and solutions is definitely important as many organisations are blindly spending money on cyber security without understand whether there is a benefit or they are reducing their risks. 

If you would like to know more about this process of defining your Risk Appetite, or like us to run a free half day workshop on Risk Appetite Definition, please get in touch (details below)


Footnotes:

About Securestorm: We are a lean, agile and responsive cyber security consultancy that provides practical advice and intelligence with the aim to simplify the world of Cloud and Cyber Security. With a combination of innovation, expertise and strategy, Securestorm brings synergy to the industry.

About the Writer: As the CEO, Mandeep is the chief planner behind Securestorm’s wheels responsible for steering and implementing all aspects of the sales, marketing and business development to ensure the company’s ongoing success and growth. As a veteran security advisor and business leader, Mandeep has managed multinational clients and is a well-known security expert in the industry who has built his career and reputation on solving clients’ information security, risk and compliance challenges. Mandeep is able to draw from his 20+ years of business and security experience across industry and regularly contributes industry insights, workshops and seminars in the IT security space. 



Talk to us about this article:

Comment