42 | MAY 2019
Cyber Security
Proud sponsors of the
Cyber Security feature
CYBER SECURITY BREACHES: WHEN NOT IF
Cyber security has become a fundamental component of business operations. As cyber
criminals get more sophisticated and threats continue to evolve it is vital that companies
invest in security policies, procedures and products regardless of size, market or location.
Small and medi-
um-sized enterprises (SMEs)
are as much at risk from
data breaches as large
organisations. According to
the Cyber Security Breaches
Survey 2018, 42% of small
businesses identified at least
one breach or attack in the
last 12 months.
However, it is not an
insurmountable problem
and SMEs can protect them-
selves against common cy-
ber-attacks by undertaking a
certification process. Cyber
Essentials is a government
and industry backed scheme
to help all organisations
protect themselves against
common cyber-attacks. In
collaboration with Infor-
mation Assurance for Small
and Medium Enterprises
(IAMSE) they have set out
basic technical controls for
organisations to use which
is annually assessed.
Here are four reasons
to get certified:
Mitigate cyber risks
Whilst no security strate-
gy can stop 100% of attacks,
the aim is to mitigate the
risk as much as possible.
The majority of attacks
exploit basic weaknesses
in IT systems and software,
and these can be quite
straightforward to defend
against. The Cyber Essen-
tials scheme aims to provide
businesses with a strong
base from which to reduce
the risk from these preva-
lent cyber-attacks.
Identify weak security
links in your supply chain
As the saying goes, you
are only as strong as your
weakest link and this is
especially true when deal-
ing with third parties that
are outside of your domain
of control. The 2017 Data
Risk in the Third-Party
Ecosystem study found that
56% of respondent organ-
isations had been affected
by a third-party data breach,
up from 49% the previous
year. This should be a major
concern to any organisation
as GDPR makes it clear that
organisations are accounta-
ble for data breaches caused
by any third-party service
providers they appoint to
handle data.
By using a third party that
has achieved certification
via a scheme such as Cyber
Essentials or IASME govern-
ance standard, organisations
can show that they have
taken steps to conduct due
diligence within its supply
chain.
Show commitment
to cyber security
By displaying the Cy-
ber Essentials badge on
its website, an SME can
demonstrate to customers,
partners and investors
their commitment to cyber
security. This is particularly
beneficial for organisations
that are storing personal
information on customers
and employees, or hosting
commercially sensitive
data. Through certification,
SMEs can proactively pro-
vide sufficient guarantees
that regulatory require-
ments will be met and
the rights of data subjects
protected.
Competitive
advantage
Improving cyber security
within its supply chain is a
priority for UK Government.
It has decreed that suppliers
must be compliant with the
Cyber Essentials scheme in
order to bid for contracts
which involve the handling
of sensitive information
and the provision of certain
technical services. However,
Cyber Essentials presents
a competitive advantage to
certified SMEs when com-
peting for all business or
tendering for public sector
proposals as they will be
able to demonstrate their se-
curity credentials and their
diligence towards defending
the integrity of their custom-
ers’ data.
Certification has many
benefits; it ensures stand-
ardisation within the supply
chain and is a good dif-
ferentiator for SMEs who
provide services as it shows
a diligence to information
security. The UK National
Cyber Security Centre has
taken a leadership role in
providing the technical
expertise for the Cyber
Essentials scheme, which
ensures that it encompasses
the county’s best technical
insight and experience.
Cyber Essentials certifica-
tion can help SMEs imple-
ment strong, cyber secu-
rity hygiene practices and
benefit from the new digital
world.
About CySure
CySure is a cyber se-
curity company founded
by experts with extensive
experience in operational
and risk management. The
company has offices in
London (UK) and California
(USA) and CySure’s flagship
solution – Virtual Online
Security Officer (VOSO)
is an information security
management system (ISMS)
that incorporates GDPR,
US NIST and UK CE cyber
security standards to guide
organisations through
complex, emerging safety
procedures and protocols,
improve their online secu-
rity and reduce the risk of
cyber threats.
www.cysure.net