In association with the Centre for the Protection of National Infrastructure (CPNI), the Cabinet Office and the Department for Business, Innovation and Skills (BIS), GCHQ has announced the re-issue of the highly successful ’10 Steps to Cyber Security’, offering updated guidance on the practical steps that organisations can take in order to improve the security of their networks and, importantly, the information carried on them.
Following its successful launch in 2012, the highly acclaimed guidance has made a tangible difference in helping organisations both large and small in scale understand the key activities they should evaluate for cyber security risk management purposes.
Indeed, the 2014 Cyber Governance Health Check of FTSE 350 Boards of Directors shows that 58% of companies have assessed themselves against the 10 Steps guidance since the document was first launched. That statistic is up from 40% in 2013.
The Cyber Governance Health Check is formed of two elements. The first stage is the ‘tracker’, an online tool configured to assess and report levels of cyber security awareness and preparedness across the FTSE 350 spectrum from a governance perspective. Completion of the tracker has resulted in this aggregated tracker report, as well as confidential individual benchmarking reports for each participating company.
The second stage is the ‘diagnostic’, an audit-based tool which builds on the results of the tracker. The diagnostic will assess and report areas of cyber security vulnerability and good practice and subsequently suggest what actions management can take to address vulnerabilities and build on good practice.
Ever-growing threat in cyber space
‘10 Steps to Cyber Security’ has been updated to ensure the guide’s continuing relevance in the climate of an ever-growing cyber threat. It now highlights the new cyber security schemes and services that have been set up more recently under the National Cyber Security Programme and, in addition, contains a foreword by the new director of GCHQ, Robert Hannigan.
“GCHQ continues to see real cyber threats to the UK on a daily basis, and the scale and rate of these attacks shows little sign of abating,” explained Hannigan. “However, despite the increase in the sophistication of attacks, it remains as true today as it did two years ago that there’s much security and IT professionals can do to protect their organisations by adopting the basic cyber security procedures outlined in this guidance.”
Alongside the Cyber Essentials Scheme, ‘10 Steps to Cyber Security’ is a critical resource for UK businesses aiming to protect themselves in cyber space.
Common Cyber Attacks: Reducing the Impact
In parallel with the re-issue of the ’10 Steps to Cyber Security’, GCHQ has also published a paper entitled: ‘Common Cyber Attacks: Reducing the Impact’.
Drawing on real Case Studies, the paper covers threats, vulnerabilities and attack types. It also addresses prevention and incident response.
The paper is intended to help organisations understand that they need to be prepared to respond to threats from a range of attackers and have a framework of security controls in place to reduce the extent and impact of an attack.
Aimed at all organisations vulnerable to attack by way of the Internet, the GCHQ paper supports the comprehensive guidance provided in the ‘10 Steps to Cyber Security’, in turn helping organisations to understand the key activities they should evaluate for the purposes of holistic risk management.
It also adds to the guidance provided in the ‘Cyber Essentials’ scheme, which provides a set of controls that organisations can put in place to show that they have met a recognised baseline of cyber security.
*The Business Continuity Institute’s Horizon Scan report has consistently shown that cyber attacks and data breaches are two of the biggest concerns for business continuity professionals, with the latest report highlighting that 73% of respondents to a survey expressed either ‘Concern’ or ‘Extreme concern’ at the prospect of one of these threats materialising at some point in the future