Current Filter: Security>>>>>Feature>

   

The number of cyber attacks now taking place is on the rise and, although the delayed implementation of this task force is clearly of value, many question whether the scope of the government's new Cyber Emergency Response Team - part of its £650m investment in cyber security - goes far enough.

Mike Ellis, CEO of ForgeRock, for example, believes that cyber breaches are one of the most pressing and potentially damaging issues that can happen to a company and that, while the creation of the UK'S Cyber Emergency Response Team (CERT-UK) is a step in the right direction, it is long overdue. With the continuing rise of cyber attacks and the increasing value of data, he believes this isn't enough.

LONG OVERDUE
"The creation of the UK'S Cyber Emergency Response Team (CERT-UK) is a step in the right direction, but, following delays, it [was] long overdue," says Ellis. "With a strong leadership team and some key partnerships, CERT is well positioned to develop the UK's cyber defences against state-sponsored and criminal attacks on critical systems, such as the energy grid and power stations. The major problem, however, is that there is a major glitch in the current IT landscape - an integral flaw that needs to be addressed.

Today's enterprise identity platforms and network security platforms inhabit disparate worlds, without any real connection or collaboration between the two, he argues. "With a rise of internet-enabled machine-to-machine (M2M) communication, more devices are dealing with and sharing user credentials without any direct action from the individuals involved. Each transaction between devices dealing with your private data increases the potential number of backdoors that hackers may use to gain access. It is imperative that governments and businesses address this issue before it is too late. They must use context to bridge the gap between identity and security."

The intelligence required to truly foil criminal attacks are lost between the two worlds of identity and security, yet neither segments collaborate, he adds. "At the moment, many companies are, metaphorically speaking, leaving their doors open and letting anyone who wants to come in and take what they like. Cyber security needs to be taken as seriously as every part of business protection. Cyber breaches are one of the most pressing and potentially damaging issues that can happen to a company. They cannot rely on the government or task forces to protect their interests; businesses must take security into their own hands."

CYBER ESSENTIALS SCHEME
Meanwhile, the government has unveiled another initiative aimed at protecting businesses from cyber threats, with the Minister of State for Universities and Science David Willetts launching its new Cyber Essentials Scheme at an event in London. Developed by the Department for Business, Innovation and Skills (BIS) and CESG (the Information Security arm of GCHQ), the scheme builds upon the '10 Steps to Cyber Security', published in 2012 to help organisations and senior executives understand and implement a corporate risk programme. The scheme identifies the security controls that organisations must have in place within their IT systems and also provides guidance for organisations regarding basic cyber hygiene.

CREST - the not-for-profit organisation that represents and certifies the technical information security industry - has worked alongside CESG to develop the assessment framework for the scheme. As part of this engagement, CREST defined the policy, procedures and requirements for companies that will provide certification services under the Cyber Essentials Scheme. CREST has also produced the syllabus areas and examination structures that underpin the scheme. In addition, through its members, CREST planned, conducted and reviewed the early Cyber Essentials pilot assessments.

"Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security," explains Ian Glover, president of CREST. "By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks."

Page   1  2  3