Viewing entries tagged
security awareness

UK industries:"Boost Security or Face Fines!"

Comment

UK industries:"Boost Security or Face Fines!"


new Government ANNOUNCEMENT to protect essential services from cyber attack


The UK Government issued a press release that warned British industries to boost cyber security or face hefty fines for leaving themselves vulnerable to attack. Here are the key-points from the press article.

  • Organisations risk fines of up to £17 million if they do not have effective cyber security measures
  • Sector-specific regulators will be appointed so essential services are protected
  • National Cyber Security Centre publishes new guidance for industry

Link to the full article here.

GETTING STARTED

1. GET YOUR GUIDANCE FROM THE NCSC:

The National Cyber Security Centre (NCSC), the UK’s centre of cyber excellence established in 2017, has published detailed guidance on the security measures to help organisations comply. These are based around 14 key principles set out in the NCSC consultation and government response, and are aligned with existing cyber security standards.

2. FOLLOW A CYBER-SECURITY LED APPROACH

Cybersecurity is everyone's problem, not just the responsibility of IT departments.
Companies have to accept the fact that security has to be planned and implemented in to all business processes. Most organisations that deal with numerous consumer data may need to appoint, outsource or train key responsible personnel like CISOs, Information Security Officers and Data Protection Officers (DPOs).

3. TALK TO AN EXPERT!

By now most companies have build up a 'cyber-awareness', that they must protect and invest in information security and IT assets to reduce the risk of breach, loss or exposure of data, theft of resources, and overall brand reputation with addition to the hefty penalties that they might incur. The recent breach reports and news articles like the popular TALK-TALK incident are examples of why.  However, the challenge is how, particularly when most businesses lack the key skills to do so.

Looking for the right security partner can be a daunting task especially in a crowded marketplace. But there are some key factors to consider while looking for consultants that fit your purpose:

  • Trust: Find out if they have relevant industry accreditations. For example, being an NCSC certified Cyber Consultancy would be good start. It is not always about certifications over experience, but your selected security partner should hold relevant qualifications that suit your industry type.
     
  • Pragmatic:  It is essential that your security partner provides practical advice and solutions that are carefully analyzed and chosen to reflect the right balance of benefit and costs. That is why going for a 'one-size-fits-all' solution does not work. Depending on your organisation, a degree of flexibility is required due to factors such as firm’s size & strength, matrix, cyber-security culture and maturity.
     
  • Experience: It is important to know that you are getting the skill-set you paid for. Many large and reputed IT security vendors most often have the best online-presence but when it comes to experienced talents to actually fulfil clients responsibilities, they fall short. Our advice would be to get to know the team and look into their experience and client-delivery records.
     
  • Industry Exposure: Each industry has its own information security protocol to follow. Furthermore, there are also different security group of guidelines such as NIST, ISO:27001, etc that apply to different organisations. This is why choosing a partner with relevant industry exposure makes a difference in your security goals.
    - Are you a Government Body or SME/Large Private organisation ?
    - Or are you a regulated industry like Banking, Finance or Telecommunications ? 

why securestorm ?


SecureStorm_Logo_MSW-02.jpg

Securestorm® are leading security experts who deliver pragmatic advice, practical solutions and solve security challenges across the Digital, Cloud, Cyber and Data Protection (GDPR) domains. With a combination of experience, expertise and strategic awareness, Securestorm offers technical and strategic consultancy, managed security services and solutions to clients across both Public and Private sectors.

Securestorm are a NCSC Certified Cyber Security Consultancy with demonstrable experience and proven delivery capabilities. Advanced security solutions and services include: Nol-ij® - Continuous Risk Management, Edgescan® - Full Stack Vulnerability Management, CybSafe® - Unified Cyber Awareness Platform, and Falanx MidGARD™ - Advanced Monitoring Platform.

 
bar.png

Comment

Beyond Tick-Box Training...

Comment

Beyond Tick-Box Training...

Securestorm, the NCSC Certified Cyber Security Consultants are proud to have officially partnered with CybSafe, the GCHQ-accredited cyber security awareness training solution to deliver an intelligent and constantly-evolving training software platform that gives organisations a level of expertise, insight, research and understanding that goes above and beyond traditional tick box training.

CYBSAFE-social media announcement-Twitter.png

Tony Richards, CTO, Securestorm said, "We are delighted to tie-up with CybSafe. As cyber security advisors working alongside multiple organisations across Government to Private sectors, we have always expressed how security awareness and training is not a 'tick-box' activity. With our partnership we are able to provide innovative and engaging security training helping organizations to really embed and sustain better behaviours when it comes cyber security. The goal here is to embed a resilient security culture throughout organisations."

HUMANIZE YOUR TRAINING

Most businesses know that the human aspect of cyber security is important. They also know that they aren’t doing enough to address it and worry that they carry too much unnecessary cyber security and data protection risk as a result.

The issues preventing good cyber security behaviour from the everyday-technology-users within their organisations aren’t actually just knowledge and understanding. Many people are also Apathetic, Disengaged, Fearful or Confused.

These businesses want a cyber security awareness solution that demonstrably addresses the human aspect by changing behaviour, shows a demonstrable return on investment and marks them out as an organisation that can be trusted to take data protection seriously.

What is CybSafe?

CybSafe is Unified Cyber Awareness Platform. It is a data-driven, cloud-based software that addresses the human aspect of cyber security. In doing so it helps businesses to improve cyber security behaviour, visualise human factor vulnerability, and reduce cyber risk.

A Unified Cyber Awareness Platform

CybSafe is a Unified Cyber Awareness Platform that helps organisations intelligently address the human aspect of cyber security by focusing on ABC – Awareness, Behaviour & Culture.

It is advanced software that:

  • delivers GCHQ-accredited awareness training,
  • uses simulated multi-vector attacks and other methods to measure changes in behaviour, and
  • enables businesses to engage their people by keeping them informed and encouraging them to contribute their insight.

CybSafe helps organisations:

  • reduce their cyber risk,
  • build a positive cyber security culture,
  • meet their GDPR and other compliance requirements and
  • see a return on their investment.

It brings together (many of the aspects) a business needs address the human aspect of cyber security effectively.

  • Train & Educate
  • Change behaviour
  • Inform
  • Engage
  • Measure & Analyse
  • Visualise & Report

CybSafe is a platform that can either be delivered on its own (for businesses without the capacity to do more), or as a mainstay feature that is complemented by additional security awareness activity. It is the only GCHQ-certified training tool of its kind that delivers this.

An awareness programme should be an intelligently woven together series of activities that engage, educate, assess and inform Users. If done properly Users feel empowered rather than undermined. They also increasingly see the value in their understanding of cyber security and feel part of the collective solution. It’s a journey that takes many from ambivalence, disinterest and a feeling of inconvenience to interest, appreciation and sensible caution.

Most businesses don’t have the time, expertise or resource capacity to focus on the human aspect of cyber security as much as they should/would like.  CybSafe’s Unified Cyber Awareness Platform automates the provision of this activity making its delivery effortless on the part of busy professional people.

Who is CybSafe for?
  • For businesses that realise that they need no longer pay lip service to the ‘people component’.
  • For those that understand that they don’t have the staff, time or expertise to address this component effectively on their own.
  • Any organisation that would like to directly address the human factor in cyber security to reduce their chances of having a breach – and benefit from the insights and experiences of others whilst saving money in the process.

Like to know more ?

If you would like more information or advice on our range of Security Training and Awareness Programmes, get in touch here.

bar.png

Comment