NCSC cyber guidance targets cloud and home working

The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware

The UK’s National Cyber Security Centre (NCSC) has published refreshed cyber security guidance to take account of how quickly the threat landscape has changed in the past year to place more emphasis on securing cloud services, protecting remote workers and safeguarding against ransomware.

Issued on day one of the organisation’s virtual CyberUK 2021 conference, the 10 Steps to Cyber Security package is pitched at medium-sized and larger organisations and is specifically designed to support CISOs and other security professionals by breaking down their key functions into 10 components. First published nine years ago, the action plan is already in use at a majority of FTSE350 organisations. 

“The cyber threat landscape is constantly evolving, and that’s why it’s really important that all businesses understand their cyber risk,” said NCSC deputy director for economy and society, Sarah Lyons.

“Our 10 Steps to Cyber Security has been – and continues to be – a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.

“Following our advice will reduce the likelihood of incidents occurring, but also minimise impact when they do get through,” she said.

The 10 components of the guidance package – all of which account for the fact that some form of home and mobile, or hybrid working is currently the default for all large organisations – cover risk management, engagement and training, asset management, architecture and configuration, identity and access management, vulnerability management, data security, logging and monitoring, incident management and supply chain security.

The guidance, which can also be used by third and public sector bodies, is recommended to be used alongside the NCSC’s existing Cyber Security Board Toolkit. This is designed to enable security leaders and professionals better frame conversations with the board to ensure they get the budget they need, and to help make online resilience a high priority for the organisation.

The wider CyberUK 2021 event, which takes place on 11 and 12 May, also reflects the changes wrought on organisational security posture by the Covid-19 pandemic – not least because it is taking place virtually.

Introducing the event, NCSC CEO Lindy Cameron said: “For the NCSC, and the wider cyber security community, the pandemic hasn’t just been about changing our own ways of working.

“That sudden, extraordinary shift to living and working from home more than a year ago has changed the cyber security threats we face, and shown the increasingly vital role that technology plays in all of our lives, both professionally and socially.

“This makes the NCSC’s mission to make the UK the safest place to live and work online more important, more challenging and more central to our security and prosperity than ever,” she said.

“So CyberUK 2021 will focus on building a resilient and prosperous UK as we emerge from the pandemic, conscious that we are lucky to be able to look forward as others are still gripped by Covid,” said Cameron.

The event has included discussions on cyber education and skills, protecting consumer accounts and updates on the NCSC’s Active Cyber Defence programme and its Cyber Essentials scheme, as well as keynotes and panel discussions. All the content is available to stream globally via YouTube.

Read more news from CyberUK 2021

  • Ahead of CyberUK 2021, the NCSC revealed how it responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic.
  • Home secretary Priti Patel tells CyberUK 2021 she will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world.
  • SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states.

Read more on Hackers and cybercrime prevention

Data Center
Data Management