The UK Government has launched its Cyber Essentials scheme as it seeks to ramp up awareness among organisations about the need for IT security.
The scheme is part of the government’s National Cyber Security Strategy and aims to provide independent assessments of essential security controls that organisations need to protect against the rising tide of malware and internet-based threats.
The project has come into sharp focus with the recent revelations that the National Crime Agency temporarily disrupted the ransomware virus Cryptolocker and GameOver Zeus, a Trojan designed to plunder banking details.
Universities and Science Minister David Willetts said: “...we absolutely cannot afford to be complacent... Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.”
Cyber Essentials awards organisations who successfully negotiate an assessment an award that demonstrates they have taken steps to address fundamental cyber security issues.
At a basic level this means assessing desktop PCs, laptops, tablets and smartphones, and other internet connected systems including email, web and application servers
CREST, a not-for-profit organisation that represents the technical information security industry, is one the scheme’s accredited practitioners. Ian Glover, president, CREST said: “Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security.”
Cyber Essentials has been given a cautious welcome by the industry. Mark Brown, director of information security, Ernst & Young, said: “Whilst this is a positive step, businesses should not view this scheme as a complete solution as it only addresses the basic controls...”.
Simon Hansford, chief technology officer, Skyscape Cloud Services, added: “Education is essential, as while larger organisations are more likely to have established frameworks in place... there are many smaller organisations that will find this process far more challenging. Schemes such as this are therefore crucial...”’